Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Coehoorn, Joel]

In the recent past, I've defined good (at least: acceptable) wifi as when a
single device can maintain sustained throughput of 25Mbps downstream under
typical conditions with no undue additional latency: enough for a Netflix
to serve 4K Ultra HDR video. Less than that and other services like game
downloads and FaceTime can start to suffer as well, and more than that
isn't really useful... even a person watching the video and doing something
else on the same device is either no longer paying enough attention to the
movie to notice when Netflix downgrades the video quality or doesn't mind
that whatever they downloaded in the background took a little longer,
because they were watching a movie. A device can multitask effectively, but
a person's attention is finite.

I like thinking this way rather than in terms of things like signal
strength because it helps keep me focused on results. Obviously signal
strength has a lot to do meeting that goal everywhere, as does radio
placement and configuration, etc. But this also gives me permission to miss
a goal at the end of a hallway, if I can see connections are still good
enough for functional use. Obviously we can meet this goal without
provisioning 25Mbps of bandwidth for every device, and in most places
meeting this objective everywhere means the vast majority of locations you
can do **MUCH** better most of the time.

One challenge here is the "typical conditions" part of the definition,
because that changes every year. Going forward, I also need to think more
about this in terms of upstream bandwidth, too, as covid has taken the
already-common two-way video chat services and kicked it up a notch or
three.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Sep 23, 2021 at 6:17 PM Oliver, Jeff  wrote:

> Hey Dave,
>
>
>
> And a follow up question would be ‘what makes it bad?’
>
>
>
> We have had wifi blues during semester startup a number of times over the
> years. Some have been coverage related, some have been throughput related,
> some have been router/DHCP related, and we have even had some that were
> protocol related. Really depends on what your complaints are and what
> they point to…
>
>
>
> Having the right tools to validate or invalidate concerns are important
> whether they be vendor supplied or 3rd party.
>
>
>
>
>
> Cheers,
>
> Jeff
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Kushner, Jeff
> *Sent:* September 23, 2021 3:13 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> Caution: This email was sent from someone *outside of the University of
> Lethbridge*. Do not click on links or open attachments unless you know
> they are safe. Suspicious emails should be forwarded to phish...@uleth.ca.
>
>
>
> It is interesting, when I started doing wireless almost 20 years ago,
> before lightweight really existed, wireless was always positioned as a best
> effort and wired was definitely the way to go if a reliable connection was
> required. Today, wireless has become a replacement for wired in many
> locations, but our success is almost our downfall, the proliferation of
> wireless devices and interferers makes the delivery of quality wireless
> connections a constant battle. Not to mention the wide variety of client
> devices. And lets not even mention the manufacturers and issues with the
> firmware and software. I guess we can call all the aggravation a form of
> job security.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Thursday, September 23, 2021 5:02 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> *Message sent from a system outside of UConn.*
>
>
>
> The jury is still out on whether there is such a thing as good WI-Fi..
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *LaPorte, David
> *Sent:* Thursday, September 23, 2021 4:33 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Wi-Fi expectations/service levels and validation
>
>
>
> Hi All,
>
>
>
> Coming out of a very rough fall semester start that left many of our users
> suffering with “bad” Wi-Fi, we’ve since (understandably) been asked what
> constitutes “good” Wi-Fi.  We have not previously published information to
> our community on what they should expect or on how they can validate those
> expectations.  Does anyone have any knowledge articles or links they could
> share?
>
>
>
> Thanks!
> Dave
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward t

Re: [WIRELESS-LAN] [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Coehoorn, Joel]

I remember a lot of us had to do this when Disney+ first launched, as well.
If you're using NAT to put many students behind the same IP (as I suspect
most of us are on the IPv4 range, at least), they'll see too many accounts
coming from the same IP and assume some form of foul play.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 17, 2021 at 10:41 AM Muraca, Peppino P. 
wrote:

> Hi Jon, thank you for this info I will be sending them an email!
>
>
>
> Again Thank you very much !
>
>
>
> Pino
>
>
>
> Peppino Muraca
>
> Manager of Network Services
>
> Stonehill College
>
> W:508-565-1193
>
> C:508-243-5910
>
> pmur...@stonehill.edu
>
>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jon Young
> *Sent:* Friday, September 17, 2021 10:37 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your
> device is connected to the internet using a VPN or proxy service)
>
>
>
> There have been several threads over this on the NANOG list with a sudden
> uptick in this issue for several of the streaming services.  My takeaway
> from the posts is that amazon has been easier to deal with than some other
> others (.e.g., Disney+) and that the best contact to resolve this for
> amazon prime is n...@geoguard.com as geoguard is apparently the prime
> (sorry, couldn't resist) source for amazon.  The website
> https://thebrotherswisp.com/index.php/geo-and-vpn/
> 
> was also referenced as a good source of contacts for several of the
> providers.
>
>
>
> Jon Young
>
> Vantage TCG
>
>
>
> On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler <
> j...@scrippscollege.edu> wrote:
>
> If you aren’t blocking P2P anonymizer clients, where user devices are
> endpoints for folks in other regions, Amazon and others may blacklist your
> IP range.  These clients may show up with students from other countries, or
> students who have returned from being abroad.
>
>
>
> If you have something like Cisco’s Umbrella, they have an entire
> anonymizer category you can block, but to be 100% effective, you need to
> block external DNS access so that is harder to circumvent.
>
>
>
> Jeff
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Date: *Friday, September 17, 2021 at 6:17 AM
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
> You don't often get email from pmur...@stonehill.edu. Learn why this is
> important 
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.)
> we have called Amazon and they told us to contact our ISP . We only see
> this on our wireless networks. Talking with our ISP it seems this is
> happening more and more and what basically has happened is out NAT ip’s for
> out wireless have been black listed and now we have to remove our selves
> from these lists. Has anyone else come across this yet ? if so how
> successful has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/communit

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Coehoorn, Joel]

You used to be able to do this via iOS, but Apple locked those apps out
sometime around 2011/2012 for using "undocumented APIs".

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 3, 2021 at 1:54 PM Turpin, Max  wrote:

> Aruba Utilities is great. I wish they had it for iOS.
>
> On Sep 3, 2021, at 2:53 PM, Tim Cantin  wrote:
>
> 
> WiFi Analyzer, which also has an inexpensive pro version (totally worth it)
>
> On Fri, Sep 3, 2021 at 2:51 PM Hales, David  wrote:
>
>> I was wondering if anyone had any free wireless scanning apps for Android
>> that they currently like?  Just something free and simple you can use to
>> check signal strength, SSIDs and BSSIDs around you when out in the field?
>> I always end up with a different one each time I replace my phone and was
>> about to poke around the Play store again.
>>
>>
>>
>> *David Hales*
>>
>> *Network Systems Administrator*
>>
>>
>>
>> Information Technology Services
>>
>> Tennessee Tech University
>>
>> 1010 N. Peachtree Av., CLEM117
>>
>> Cookeville, TN 38505
>>
>> *P:* 931-372-3983
>>
>> *E: *dha...@tntech.edu
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

[Coehoorn, Joel]

One other thing to keep in mind when considering an open access environment
is it's only the default and doesn't have to be the final word. If you see
a suspicious or malicious device, you can still force it back behind a
captive portal to get or re-up whatever user info you want before granting
(or not) access again, even on an otherwise open network.

Making people register a device or authenticate a captive portal doesn't
stop bad people, infected devices, stolen credentials, etc, from coming to
your network, so we need to be prepared to do this anyway.

The *only* place an open network leaves us hanging is the one-time event,
where someone does a Bad Thing™ and then never comes back. Even then, for
lesser events if they never come back it's not so much of a problem. But
for those greater events we hope never happen, not being able to say, "It
was him, and here are the logs to prove it." can be pretty scary.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Apr 22, 2021 at 2:47 PM Floyd, Brad  wrote:

> We as IT people can discuss the merits of captive portal / no captive
> portal, authentication / reasonably knowing if a device is doing something
> bad, etc. We are asked all of the time what our recommendations are in
> these circumstances and we should weigh in with our opinions. However, it
> seems like this discussion comes down to two questions that we should be
> asking our organization’s legal team / advisors:
>
>
>
>1. If I make this “XYZ decision in providing / maintaining our
>infrastructure”, am I considered to have legally exercised “due diligence”?
>2. If I implement the decision in #1, are you (as the legal team) able
>to reasonably defend the organization against likely legal challenges?
>
>
>
> Every organization has different pain levels and will likely make a
> decision based on those factors. Just my 2 cents.
>
> Thanks,
>
> Brad
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Thursday, April 22, 2021 2:04 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution?
>
>
>
> *[EXTERNAL SENDER]*
>
> For sure, my lens is based on California law, however, the federal Fair
> Labor Standards Act and state overtime and wage payment laws also come into
> play here.  Since nonexempt (hourly) workers have ready access to the
> technology, they will be in a position to respond to e-mails and text
> messages or to otherwise engage in work activities outside their scheduled
> work hours. Even if you don’t reimburse for the use of the personal device,
> there is the wage exposure of having to compensate those nonexempt
> employees because checking their work email is – well – working.   When we
> rolled out DUO, we had to offer all employees a token, and they signed a
> waiver if they wanted to use the DUO app on their personal phone for their
> convenience.
>
>
>
> On the eDiscovery/litigation front, it can be difficult/impossible to
> ensure that business records stored on an employee’s personal device are
> retained long enough to satisfy discovery requests.  There are also risks
> should that data not be available, and presents a whole other quagmire in
> the BYOD movement that is beyond this conversation.
>
>
>
> Jeff
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Thursday, April 22, 2021 10:54 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution?
>
>
>
> Jeff,
>
>
>
> It makes sense that you think this is settled law, because in California
> it is settled law.  I don’t recall all the details, but I was on a team
> involved with considering mobile device policies for Penn State, and we
> discussed a case in California around 2014/2015 that clarified California
> labor law.  The law required that employers reimburse employees for
> expenses, but said nothing about how those expenses should be calculated.
> Some employers decided they only needed to reimburse marginal expenses, but
> the court decision said that’s not the case.  So if you’re required to use
> your device for work in California you’re entitled to reimbursement of some
> kind.  As I recall, no specific reimbursement formula was recommended by
> the court in that case.  I assume there’s been some standardization since,
> even if only de facto.
>
>
>
> That, however, was a California court interpreting California law.  Our
> institution considered that ruling and concluded that Pennsylvania law was
> different and that we could discontinue our stipend and require certain
> employees to provide and use their own phones for work communications.  In
> the end, we stopped the stipend, but never implemented the mandate.  I was
> never informed precisely why we stopped short of the 

Re: [WIRELESS-LAN] [Ext] Re: [WIRELESS-LAN] Papercut Mobility-print and Enterprise mDNS

[Coehoorn, Joel]

Another DNS zone here.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Mar 19, 2021 at 2:49 PM Biggs, Nathanael 
wrote:

> We use DNS (not mDNS) for this as well. It was a bit of a pain to set up
> if my memory serves, but it has been solid since then. There is a lot of
> good documentation available from PaperCut to help you confirm the DNS
> records are correct, too.
>
> On Fri, Mar 19, 2021, 3:14 PM Tony Skalski <
> 0057dcfe0332-dmarc-requ...@listserv.educause.edu> wrote:
>
>> We've had it running since it was released. We don't use mDNS however.
>> The DNS config was not quite working for the few weeks of its life, but
>> this was straightened out quickly and has been solid since. We run BIND on
>> our name servers with a zone that forwards the discovery requests to our
>> mobility print server. This works on all networks, wired and wireless.
>> Personally I have never had much luck with enterprise mDNS (I'm looking at
>> you AirGroup).
>>
>> ajs
>>
>> On Fri, Mar 19, 2021 at 2:04 PM Michael Davis  wrote:
>>
>>> We are an Aruba shop, but I'm curious about any campus WiFi deployments
>>> using
>>> Papercut Mobility-print.
>>>
>>> We've recently started looking at the mobility-print feature of
>>> Papercut.  We have it
>>> working in some small and testing deployments, but we're having
>>> difficulty getting
>>> Android and Windows clients (using the papercut app) to see the Papercut
>>> server.
>>> Those same clients can see other mDNS printers on the wireless network,
>>> but not
>>> the Papercut server.
>>>
>>> If anyone has it working with Android/Windows and maybe added any
>>> service types
>>> to make it happen, I'd love to hear from you.
>>>
>>> https://www.papercut.com/products/free-software/mobility-print/
>>>
>>> thanks
>>> mike
>>>
>>> **
>>> Replies to EDUCAUSE Community Group emails are sent to the entire
>>> community list. If you want to reply only to the person who sent the
>>> message, copy and paste their email address and forward the email reply.
>>> Additional participation and subscription information can be found at
>>> https://www.educause.edu/community
>>>
>>
>>
>> --
>> *Tony Skalski*
>> System Administrator | IT
>>
>> *Office: *507-786-3227 <(507)786-3227>
>> 1510 St. Olaf Avenue Northfield, MN 55057
>> stolaf.edu
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Outdoor WLANs?

[Coehoorn, Joel]

We don't have dedicated outdoor APs, but purposefully designed our indoor
coverage to be less-efficient than was needful, placing APs to deliberately
cover outdoor spaces near building entrances and common gathering areas via
bleed-through. It's worked well, but we're a small campus in place that
gets pretty cold for much of the school year. If we were larger, or had
more outdoor activities for more of the year, we might have done this
differently. We also only have a single .1x SSID and a single open guest
SSID. The .1x network spans several vlans, but vlan assignment is sticky to
the individual, so it's the same network for all their devices as they move
around campus.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Feb 18, 2021 at 6:02 PM Michael Usher <
010ef28e43bf-dmarc-requ...@listserv.educause.edu> wrote:

> We broadcast the same SSIDs outdoors as indoors but we have different RF
> Profiles outdoors (allows lower data rates).
>
> For campus buildings, it's eduroam (our main service) plus Guest.
>
> For dorms, we have a ResWiFi and Guest.
>
> We keep eduroam and Guest in one IP range, but we do segment our Dorm
> networks by college area.
>
> One big reason for using the same SSID indoors / outdoors is to keep the
> outdoor clients separated so as not to burn airtime on indoor APs,
> degrading service for indoor users.
>
> On Thu, Feb 18, 2021 at 3:38 PM Richie Penuela 
> wrote:
>
>> Our standard WLANs in our University are secured network, guest, and
>> eduroam. We broadcast the same SSIDS both indoors and outdoors for the
>> mentioned reason of a seamless experience and there will be times that both
>> will bleed over the other. We have specific WLANs and SSIDs for outside
>> vendors since we wanted to segment those outside our secured/academic
>> network.
>>
>>
>>
>> -Respectfully,
>>
>>
>>
>> *[image: signature_1584035786]*
>>
>> Wireless Network Architect
>>
>> *UCF **IT Telecommunications*
>>
>> University of Central Florida
>>
>> *richie.penu...@ucf.edu *
>>
>> *it.ucf.edu *
>>
>>
>>
>> *Please note:* Florida has a very broad open records law (F.S. 119).
>> Emails may be subject to public disclosure.
>>
>>
>>
>> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Mike Atkins <
>> matk...@nd.edu>
>> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Date: *Thursday, February 18, 2021 at 5:54 PM
>> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Subject: *[WIRELESS-LAN] Outdoor WLANs?
>>
>>
>>
>> For those of you running outdoor Wi-Fi covering public space, do you
>> broadcast the same WLANs as in building?  Do you have a specific strategy
>> for why or why not?
>>
>>
>>
>>
>>
>>
>>
>> TLDR:
>>
>> Being a Northern Indiana campus, the demand for outdoor Wi-Fi during the
>> school year has been fairly low.  Last year has changed this for all of
>> us.  We face the same challenges as everyone else with cost/aesthetics vs
>> return on investment.  We are looking to provide some legit coverage this
>> year and get out of the "temporary" outdoor setups.  We are a two SSID
>> campus with eduroam being our dot1X secure network and ND-guest being open
>> unauthenticated Internet access only "guest" network. The question came up
>> out of a discussion related to ensuring performance for
>> faculty/staff/students in the public outdoor spaces but my other concern is
>> for our Information Security group.  An open guest network might be okay in
>> a building where we can track your device down fairly quickly but outdoors
>> might complicate this.  I think the campus user expectation is both
>> SSID's everywhere.  Trying to get some thoughts from around the block.
>>
>>
>>
>>
>>
>> --
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Mike Atkins *
>>
>> Infrastructure Architect
>>
>> Office of Information Technology
>>
>> University of Notre Dame
>>
>> Phone: 574-631-7210
>>
>>
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their em

Re: [WIRELESS-LAN] Issues with Zoom in Res Halls

[Coehoorn, Joel]

One thing to remember is Zoom is bi-directional hi-def streaming video.
Literally NOTHING is harder on your wifi and WAN connection, except maybe
certain low-latency online games (these tend to need more bi-directional
packets, but less bandwidth)

Back last Spring, when the whole remote thing really got started, I had the
discussion with our leadership about whether our network could handle such
traffic. I considered three scenarios: 1) Around 10% of students still on
campus, but attending virtually due to self isolation or quarantine. 2) At
most 50% on campus attending virtually if we had to do an alternating days
type model (this never actually happened).  And  3) 100% remote, where
students are NOT generally on campus, so it's faculty using the network
resources. Given those scenarios, I was confident we would be okay for 1
and 3, and made a few calls about #2 in case we needed to quickly adjust
bandwidth or coverage.

Today, we've so far received the first 5 inches of snow out of an expected
12, and last night the provost declared classes would be 100% virtual for
the storm. This goes beyond any of those scenarios, and our network is
being tested. I'm seeing more drops/retries, but not to the level things
are being disrupted. Crossing my fingers it holds up, but I won't be
surprised to hear complaints later, either. This isn't bad; it's the
natural result of pushing the edge of what the network is designed for. It
means I did my job well. The network can handle normal to large loads, and
for the truly exceptional events provides basic service for the 90%. Of
course 100% would be better, but spending those resources for a once a
century event seems wasteful (until you're sitting in the middle of one).

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Mon, Jan 25, 2021 at 11:13 AM Jeffrey D. Sessler 
wrote:

> There was mention of a bug in one of the code bases (maybe 8.5) that could
> cause this, but there was updated code for it.
>
> Also, go have a look at the events for the AP's in question.  We had a few
> reports of call pauses/lags, and with the Zoom diagnostic data from the
> meeting details in-hand, we correlated it to the client's connected AP
> switching channels because of RRM/Interference.
>
> If you're not familiar with the Zoom client/meeting data, ask your Zoom
> admin to give you access to the dashboard. For live and past meetings you
> can see a wealth of information on what the client is up to and how it is
> performing.
>
> Jeff
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Charles Rumford
> Sent: Friday, January 22, 2021 7:22 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Issues with Zoom in Res Halls
>
> Hey -
>
> We have started getting reports of issues with Zoom calls in our Res
> Halls. Most of the complaints have been around multiple drops during calls
> or lagging calls.
> Our res halls are currently only at 40-50% capacity if that.
>
> I was curious if anyone else has been seeing any issues with an increase
> of Zoom calls from on campus students.
>
>
> --
> Charles Rumford (he/his/him)
> IT Architect
> ISC Tech Services
> University of Pennsylvania
> OpenPGP Key ID: 0xF3D8215A
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] XPS 15 Laptop - Killer Networking NIC Experience

[Coehoorn, Joel]

IIRC, Killer is owned by Intel now, and it's supposed to be a high-end
consumer line. The issue is, because it's more of a boutique product, the
drivers aren't just there already in Windows.

On Fri, Jul 17, 2020, 12:49 PM Johnson, Christopher 
wrote:

> Good Afternoon everyone,
>
>
>
> Curious what everyone’s experience has been with the “Killer Networking  -
> https://support.killernetworking.com/” NICs – probably not the best name
> for a product? Which seemed to have been included with the Dell XPS 15
> laptop? If they’re as “stay far away from” as a couple forum posts I’ve
> seen – where Dell was just flat out been replacing them under warranty with
> Intel 8265 NICs -
> https://www.dell.com/community/Laptops-General-Read-Only/XPS-15-9560-Killer-Wireless-killing-my-network/td-p/5095933
>
> I’m not looking at replacing them. One of the staff members on campus
> mentioned this issue to me (issues at home and on-campus) – latest drivers,
> etc. Trying to determine if recommending an alternate card preferable – or
> tweaking some of the driver sets might be best.
>
> *Christopher Johnson*
> Wireless Network Engineer
> Office of Technology Solutions | Illinois State University
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Pod-style Residence Halls

[Coehoorn, Joel]

I did not recommend continuing port-per-pillow deployments the last time I
reviewed a residence. However, in addition to wireless coverage, I did push
to provide wired ports for common/TV spaces in the residences. This
provides flexibility for future changes, as well as a way to help offload
some of what tend to be the heaviest-use devices from the wireless spectrum
and thereby improve wifi performance. So a pod community for, say, 16
students might still need several APs to ensure consistent 5Ghz coverage,
depending on construction and wall placements, but might only have 2 wired
network drops for use by students.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Tue, Feb 25, 2020 at 1:10 PM Mallon, Jason  wrote:

> Chintan,
> All of our older dorms are wired currently wired, and are both pod-style
> and apartment.  These all have wires in them.  The newer dorms all of which
> have been pod-style are wireless only.  New construction we are using
> ceiling mount APs like the 1815i or 2802.  In the older dorms that we have
> to upgrade, we will be using the hospitality units (1815w).  We have them
> deployed in a couple dorms now and the coverage has been great.  We are
> also removing the hard lines in the older dorms and going to wireless
> only.
>
> Thanks,
> Jason Mallon | Network Engineer III
>
> OIT
> The University of Alabama  jemal...@ua.edu
>
>
> On 2/25/20, 10:46 AM, "The EDUCAUSE Wireless Issues Community Group
> Listserv on behalf of Chintan Patel"  on behalf of chintan.pa...@colostate.edu> wrote:
>
> Morning,
>
> We are in process of building new residence halls (3 buildings) with
> Pod-style rooms. Pod-style concept is new to us and I wanted some feedback
> from anyone who currently has these living spaces. I will be leading the
> Network and Wireless planning for the residence halls.
>
> Below are couple of my questions:
>
> 1. In Pod-style rooms - are you providing hard-wired data?
> 2. Wireless planning - any issues and/or challenges in wireless
> coverage? We currently use Aruba. Are you using "H" style hospitality WAPs?
>
> If you have any additional feedback and/or are willing to share the
> good, bad.. etc - please send me an email.
>
> Thanks,
>
> Chintan Patel
> Network/Systems Team
> Colorado State University - Housing and Dining Services
> Ph:970-491-1041
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

[Coehoorn, Joel]

>  "legal to prohibit the use of interfering devices ... by campus
community members who are contractually bound to campus policy."

I don't know about that. The enforcement example that stands out to me is
Marriott was not allowed to use the fine print when you get a room to
prohibit hot spots, interfering or not, and they paid a hefty fine because
of it.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Wed, Jan 29, 2020 at 8:33 AM Hall, Rand  wrote:

> I am not a lawyer nor a law enforcement officer so I encourage people to
> consult one for situations like this.
>
> That said, experience suggests to me that it would indeed be legal to
> prohibit the use of interfering devices on campus (network connected or
> not) by campus community members who are contractually bound to campus
> policy. Similar examples on most campuses would include tobacco and
> marijuana use and possessing weapons of various sorts.
>
> Rand
>
> Rand P. Hall
> Director, Network Services askIT!
> Merrimack College
> 978-837-3532
> rand.h...@merrimack.edu
>
> If I had an hour to save the world, I would spend 55 minutes defining the
> problem and five minutes finding solutions. – Einstein
>
>
> On Tue, Jan 28, 2020 at 7:08 PM Paul B. Henson  wrote:
>
>> On Tue, Jan 28, 2020 at 06:02:01PM +, David Pifer wrote:
>> > We have a standard as follows “Personal wireless access points,
>> > network switches, and routers are not permitted on campus as they can
>> > interfere with the functioning of the campus network.”
>>
>> Hmm... By this do you mean "are not permitted to be connected to the
>> campus network"? Cause if somebody's got a wifi router connected to a
>> cell phone data network you can't legally tell them they can't use it...
>> Whether it's on the same channel as your wifi or not.
>>
>> --
>> Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
>> Operating Systems and Network Analyst  |  hen...@cpp.edu
>> California State Polytechnic University  |  Pomona CA 91768
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Coehoorn, Joel]

> "To me, 11ax APs shouldn't even be on the Enterprise market yet."

I 100% agree with that sentiment.

At the same time, I can imagine the response an Aruba or Cisco would get
for waiting to offer those access points. Even offering the AP alongside
official guidance to disable the feature would leave them in a bad place.

The problem is our network teams are now the ones left holding the potato.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Fri, Jan 10, 2020 at 10:16 AM Lee H Badman <
00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:

> Hi Norman,
>
> To me, 11ax APs shouldn't even be on the Enterprise market yet. I know
> that doesn't touch your question, and we all have our own "you do what you
> gotta do" realities.
>
> Thanks for reading through that long post.
>
> -Lee
>
> Lee Badman | Network Architect (CWNE#200)
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
> SYRACUSE UNIVERSITY
> syr.edu
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Norman Elton
> Sent: Friday, January 10, 2020 10:10 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
>
> I agree with 100% of that. But here's a question ...
>
> >> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
> >> configs or code upgradin for some small minority of poorly designed
> >> or suddenly misbehaving clients that can be fixed from the client
> >> side
>
> What about Intel's AX driver bugs? I absolutely hate the idea of disabling
> AX to support a few clients. But how many people are telling their helpdesk
> to upgrade drivers on whatever BYOD laptop shows up?
> What about a conference with 200 laptops that suddenly finds that half are
> unsupported?
>
> But, once it's disabled, will we ever re-enable AX? It's easy to say that
> we'll disable it "short term", but we know those drivers won't magically
> update themselves. We could be looking at crippling our wireless
> indefinitely :-/.
>
> Our current AX test environment has it turned off on the 2.4 radio, so
> that at least those users can connect someplace. Leave 5 GHz for those that
> can support AX. I don't like the compromise, but the alternative ("hey
> we're trying out a brand new wireless network that won't work for random
> people") is equally unappetizing.
>
> Sigh.
>
> Norman Elton
> William & Mary
>
> On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman <
> 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > I know a lot of people are likely following along, so I’ll throw one
> more rant nugget out there (and this is not meant to distract from Ryan’s
> original question):
> >
> >
> >
> > Over the many years I’ve been doing this, I have found that MOST
> problems on a healthy, well-designed wireless network are absolutely
> client-related. Even on the likes of Active Directory managed PCs where the
> assumption is that Windows updates make everything fine. These updates
> don’t tend to touch WLAN adapter, BIOS, and chipset drivers which are often
> the root cause of wireless issues.
> >
> >
> >
> > Then there is the fallacy that the latest Intel/Broadcom driver is the
> “best”. Sometimes you have to use an older one on a specific model PC or
> NIC- especially where you are doing 802.1X. The whole effect is greatly
> magnified in the BYOD world that many of us live in with endless mainstream
> and not so mainstream client OS’s. Is it the WLAN vendor’s job to make up
> for all the goofy, ill-designed crap that’s out there? (Talking myself back
> from the ledge here, before I go off on the Wi-Fi Alliance). This situation
> sucks largely, and we’re stuck with it so we have to manage as best as we
> can.
> >
> >
> >
> > Then there are the optional features- for example, I’ve seen band
> > steering make life tough for Windows PCs seemingly out of the blue.
> > Except it wasn’t out of the blue- it was after Windows’ Patch Tuesday.
> > In this case, disabling long-enabled band steering “fixed” the problem
> > of users having wireless connectivity but not getting anywhere and
> > losing massive amounts of pings. BTW… band-steering is not part of the
> > 802.11 standard. Where does “fault” lie in this situation? Microsoft?
> > The WLAN adapter/driver vendor? The WLAN vendor? Me? It’s messy as
> > hell at times, given that “standards” are often a big fat lie when it
> > comes to wireless in my opinion. Disagree? I’ll fight ya J
> >
> >
> >
> > So… my premise is that MOST of the time the clients are the issue. And
> for m

Re: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13

[Coehoorn, Joel]

Bypassing icloud.com and gstatic.com open up some pretty big holes  :/


Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Thu, Nov 14, 2019 at 9:02 AM Christina Klam  wrote:

> All,
>
> We were able to resolve this issue by NOT sending the following domains
> through our web proxy servers.
>
> *.icloud.com
> *.apple.com
> *.google.com
> *.gmail.com
> *.googleapis.com
> *.gstatic.com
> *.yahoo.com
>
>
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> 1 Einstein Dr
> Princeton, NJ 08540
> +1 609-734-8154
> ck...@ias.edu
>
>
> --
> *From: *"C. Klam" 
> *To: *"The EDUCAUSE Wireless Issues Community Group Listserv" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Sent: *Wednesday, November 13, 2019 4:23:22 PM
> *Subject: *[WIRELESS-LAN] Mail to gmail and yahoo stopped working after
> IOS 13
>
> All,
>
> Has anyone experienced this issue and have a solution?  With IOS 13,
> people are no longer able to send or receive emails from google or yahoo
> through the Mail app.  If they try accessing gmail or yahoo mail through
> the specifically branded app or a web browser, everything is fine.We
> have narrowed down the issue even further.  The problem only happens when
> the iPhone is using a proxy server.   We even tried bypassing the proxy all
> together for p*-mailws.icloud.com, but that has not helped.
>
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> 1 Einstein Dr
> Princeton, NJ 08540
> +1 609-734-8154
> ck...@ias.edu
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] Password reset/change guidance

[Coehoorn, Joel]

I'd love to "stand up an onboarding system", but so far the cost has been
far too much for us relative to the user experience.

The UX hasn't been there because the better options want to use sms and 2
of the top 5 cellular carriers have poor coverage on our campus. We can
help students and employees work past that, but it makes us unwelcoming to
too many guests.

With this limitation, I don't see anything better than 1x at the moment.

On Wed, Nov 6, 2019, 12:04 PM Sweetser, Frank E.  wrote:

> Personally, I'm a big fan of leveraging certificates for wireless
> authentication.  It completely decouples the username and password once
> you're past the provisioning process, but you can still tie your RADIUS
> server into AD to reject people with locked out accounts if you want.
> Machines on a domain can leverage ADCS, but for BYOD devices you'll need to
> stand up an onboarding system, like SecureW2 or Clearpass.
>
> For setup, we have an open SSID that's dual purposed with guest logins,
> but also allows access to our onboarding system.  This allows users to do
> it completely self service.
>
> Frank Sweetser
> Director of Network Operations
> Worcester Polytechnic Institute
> "For every problem, there is a solution that is simple, elegant, and
> wrong." - HL Mencken
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Kovich Greg <
> greg.kov...@al-enterprise.com>
> *Sent:* Wednesday, November 6, 2019 8:41 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [EXT] [WIRELESS-LAN] Password reset/change guidance
>
> Hello WLAN Community,
>
> A customer of ours has been using a captive portal to authenticate
> students to WiFi (Alcatel-Lucent branded Aruba gear).
> When a student forgets or does not reset their password there is a link on
> the CP to accomplish that… unfortunately, there have been problems with the
> variety of  student device browsers, so they are considering a move to
> 802.1X authentication in the hope that this smooths out the student
> experience.
>
> What best practice advice do you have for students to deal with password
> changes/resets when they can’t connect to the campus WiFi?
>
> Thank you for any guidance you can provide!!
> Sincerely,
> Greg
>
> ---
>
> Greg Kovich
> Director, North America Education Sales
> Alcatel-Lucent Enterprise
> ALE USA
> 3015 Abby Lane | Suite 301-B
> Schererville, IN 46375
> t:  +1-818-878-4667 m:  +1-219-276-2320
> e:  greg.kov...@al-enterprise.com w:
> www.al-enterprise.com
> 
>
> @ALUEnterprise
> [image: LinkedIn]
> 
>  [image:
> Twitter]
> 
>  [image:
> YouTube]
> 
>  [image:
> Facebook]
> 
>  [image:
> Rainbow]
> 
>
> 
>
> The Alcatel-Lucent name and logo are trademarks of Nokia used under
> license by ALE.
> This communication is intended to be r

Re: [WIRELESS-LAN] Theater wifi - to have or not to have

[Coehoorn, Joel]

Add one counter-opinion. I tend to believe you **WILL** want coverage here,
and probably very soon; it's just what modern students expect.  But at the
same time, this can be a very costly project just because "someone will
need it someday".

**DO** add the switching and network drops to support the APs you'll need
to provide coverage. That part will be fairly cheap now, but grossly more
expensive afterwards. And **DO** have a bid in front of project planners to
handle the AP purchase, licensing, and installation. It's likely they'll
make the jump...

... but let those stakeholders make the decision.

We had a project recently where we raised some funds to install new
bleachers and do a cosmetic refresh (paint and carpet) in a gym. I
suggested that while the old bleachers were gone was a good time to improve
wifi support in the building and gave a cost estimate to the project
planners. They opted to do the wifi updates, but it was their decision.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Tue, Oct 22, 2019 at 1:36 PM Johnson, Christopher 
wrote:

> Put it in while you can indeed to what Michael said. And funny point about
> the “student expectation at times is unrealistic” as my co-worker overheard
> a girl saying recently the “Wi-Fi” sucks, when her friend asked her why, it
> was because it drops off under a 4 direction walk-way under-pass beneath an
> intersection….
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> *From:* Johnson, Christopher
> *Sent:* Tuesday, October 22, 2019 1:33 PM
> *To:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* RE: [WIRELESS-LAN] Theater wifi - to have or not to have
>
>
>
> Same situation as with what Thomas Carter ran into.
>
>
>
> We ran into the same situation a few years ago -> currently have one AP in
> the concert hall seating area and one in the theatre seating area (the
> concert hall AP is up in the cat-walk and does a surprisingly good amount
> of coverage/reflection around the area down below) -> because the rooms are
> used for more that just theatre/performances – *sometimes for classes and
> others for important presentations/presenters*. We were asked by a couple
> individuals “can we just say no to Wifi” in those area during campus
> upgrade. *We did add several additional APs in the atrium area for where
> students study and the back-stage areas for performers when taking their
> breaks*. It was ultimately decided no additional density due to cost (new
> work in old work).
>
>
>
> To the point about “distractions during performances and presentations/“people
> would be using devices instead of watching the performances” -> we got
> complaints again about Wi-Fi in the concert hall – and one of the IT folks
> brought up a very good and interesting point *“I think several around me
> were more distracted by continual efforts to get a good connection because
> that is what the expectation is these days.  And the rest were just flipped
> over to cell probably without knowing it.”*
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Manon Lessard
> *Sent:* Tuesday, October 22, 2019 12:37 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Theater wifi - to have or not to have
>
>
>
> *[This message came from an external source. If suspicious, report to
> ab...@ilstu.edu ] *
>
> Not only do most students expect it, universities push their online
> learning platforms, performers appreciate it and you can hand them “on the
> cheap”, but there’s always the possibility that some are going to be used
> for convocation ceremonies…meaning lots and lots of happy grads and their
> parents who want to share over social media (else, beware of Spotted:Your
> Uni)
>
>
>
> *Manon Lessard*
> Technicienne en développement de systèmes
>
> CCNP, CWNE #275, ESCE Design
>
> Direction des technologies de l'information
>
> Pavillon Louis-Jacques-Casault
> 1055, avenue du Séminaire
> Bureau 0403
> Université Laval, Québec (Québec)
>
> G1V 0A6, Canada
>
> 418 656-2131, poste 412853
> Télé

Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

[Coehoorn, Joel]

We also run a completely open SSID. There is a captive portal, but it's at
the gateway rather than the wireless controller, so the same mechanism can
also handle wired connections, and it's only used for enforcement. New
visitors can get on the network without seeing the captive page.

*>  to get the protections afforded to ISP’s under DMCA we need to inform
users that they’re not allowed to share copyrighted materials and that
their connection will be blocked if they do.*

We handle the notification out-of-band for our students.  We have to notify
them; we don't necessarily have to use a captive portal to do it right at
connection time. The information is included with the account activation
for new students, repeated during orientation, repeated again via e-mail
near the start of each term, repeated again on the gateway capture page for
early offenses, and included in the student handbook.

If it were to come to the point of a block, we can give specific devices
a capture page with no way to click through. But our policy also includes
this text:

* Internet access today is more than a simple privilege, but is now
necessary for continued successful progress in academic pursuits. Student
actions which require the Department of Information Technology and the
Office of Student Development to conclude it is no longer appropriate to
allow a student to continue using the campus network may therefore result
in dismissal of the student  *

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Fri, Sep 13, 2019 at 7:42 AM Enfield, Chuck  wrote:

> “We run eduroam and a completely open guest SSID. The open SSID has no
> captive portal, no click through terms of services, and no restrictions on
> Internet access for content or speed.”
>
>
>
> I’m jealous Felix.  I made a strong push for this approach, but General
> Counsel stopped it.  FWIW, I think they got it right, but life would be
> easier and users would be happier your way.
>
>
>
> Their rationale is that to get the protections afforded to ISP’s under
> DMCA we need to inform users that they’re not allowed to share copyrighted
> materials and that their connection will be blocked if they do.  For
> account holders we make them agree to these terms and more when they
> activate their account.  But if the network doesn’t require an account this
> notification seems to demand a captive portal.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Felix Windt
> *Sent:* Friday, September 13, 2019 8:26 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Feasibility of an open SSID for student use
>
>
>
> I’d pay a fair price for an easily administered solution that lets us roll
> out PPSK in the dorms and deploy broadcast/multicast domains scoped to
> specific users.
>
>
>
> We run eduroam and a completely open guest SSID. The open SSID has no
> captive portal, no click through terms of services, and no restrictions on
> Internet access for content or speed. That SSID bridges through to VLANs in
> a DMZ, and its only real restriction is that it can only reach proper
> public IP addresses on campus, plus 2-3 applications on private IPs that
> are specifically permitted. That’s enforced on the firewalls between campus
> and the DMZ.
>
> We do see quite a lot of students on that SSID permanently. As a huge
> amount of our student applications are either cloud hosted or available on
> the public Internet, that works just fine for them. We’d prefer them on
> eduroam, but user experience trumps our preferences. The only real problem
> are devices such as Sonos sound bars, Google appliances, and other devices
> that will only support PSKs for wireless. For those we don’t have a
> solution right now.
>
>
>
> Once WPA3/OWE is out and widely supported I genuinely don’t know how much
> we’ll care about where devices are. At that point it seems not just more
> user friendly but easier for IT overall to just throw reasonable security
> in front of web apps that the student and faculty population need to
> access, and let them sit on the SSID that’s easier to get on to.
> Administrative machines under central control would probably be kept on
> properly authenticated networks, but those are easier to solve if you have
> reasonable mass device management options.
>
>
>
> For what it’s worth, we use the eduroam CAT tool for onboarding.
>
>
>
> thx,
>
>
>
> Felix Windt
>
> Dartmouth College
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Rumford, Charles" <
> charl...@isc.upenn.edu>
> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS

Re: [WIRELESS-LAN] Residential Wireless and Gaming

[Coehoorn, Joel]

Agree that it's best to let gamers use wired ports.

Nothing, and I mean ***nothing*** is harder on your shared wifi link than
low-latency game traffic. The actual throughput for this traffic tends to
be very small, especially compared to streaming... it's typically only
updated position/vector and action data, rather than full-video content.
The problem, however, is in the sheer number and frequence of packets, as
every little twitch needs a new update, and the fact this traffic is
bi-directional.

Where streaming traffic tends to all source from the AP, where the AP can
naturally avoid colliding with itself, much more of the gaming traffic
originates at the client, and therefore much more likely to cause
collisions in the shared half-duplex air space used by wifi. Getting that
traffic OFF the wifi and back onto wired links can do amazing things for
the general quality of life for everyone in that environment.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Wed, Sep 4, 2019 at 3:12 PM Angelo Santabarbara 
wrote:

> Wireless contention is the real problem.  We recommend all gamers connect
> their systems to wired ports.  Not only does it make their experience
> better, but it also lessens the wireless load (On our campus XBox and PS4
> fall into the top 4 traffic sources).  If you already have a wired
> infrastructure than the edge switches are not all that expensive.
> Alternatively install access points like the Ruckus H510 in each housing
> unit which include 4 hard wired ports.
>
> Angelo D. Santabarbara
> Director of Networks & Systems
> Siena College
> asantabarb...@siena.edu
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wall plate AP and Coax line sharing box

[Coehoorn, Joel]

We also have the "wall warts". We were able to mount a new box immediately
below the original, and put a blank keystone filler where the network port
used to be. For students who still want to plug in, our APs have a three(!)
switched pass-through ports on the bottom they can use. The second box
works just fine, but if I had it to do again, I'd probably use the idea to
drill a hole in the side of the box.

It's also worth nothing we no longer provide cable TV directly as of this
academic year. The cables still need to be there so students who want to
can still talk to our local provider directly, but it's not turned on by
default any more.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Jan 23, 2018 at 2:57 PM, Curtis K. Larsen 
wrote:

> We ran into this too.  You can see how we handled the dual-gang units in
> the attached images.  It's not super pretty but it worked.
>
> Thanks,
>
> Curtis
>
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Ken Meggitt <
> krmegg...@alaska.edu>
> Sent: Tuesday, January 23, 2018 1:22 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Wall plate AP and Coax line sharing box
>
> Hello Alan,
>
> My group recently added Wall Plate AP's to an entire dorm.  We had a
> similar issue with old cable TV Coax that supplied TV to the dorms.  Rather
> than abandon or remove it entirely we mounted bulkheads into the side of
> the boxes that allowed coax connections from the side while still allowing
> room for the wall plate AP to mount to the box.  The modifications required
> some drilling and a little cleanup but aside from that they could be
> completed quickly and with minimal effort.  depending on the size of the
> boxes you have in your rooms this may or may not work for you.
>
> On 1/23/2018 11:03 AM, Alan D Wang wrote:
> Hello,
> We are looking to possibly re-design the wireless deployment in several of
> our older dorms this summer but would like to do this with minimal need to
> move and/or add new junction boxes and cable runs.  One issue we will run
> into is that in newer rooms/common rooms the junction box that holds the
> data drop that will be used for the wall plate AP is also the same box that
> has the cable tv connection in it.  Has anyone here come up with a solution
> for mounting the wall plate AP that still allows access to the cable tv
> connection?  Depending on the building age, some of these boxes are single
> gang and some are dual gang.
>
> Thanks
> --
> Alan Wang
> Network Analyst
> Binghamton University
> aw...@binghamton.edu
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> --
> Ken Meggitt
> OIT Network Engineering
> x7575
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall Rooms

[Coehoorn, Joel]

My experience is you can get good signal propagation without complaints
going through one wall, but not often more. We go every other room in a
checkboard pattern for traditional rooms, also using (formerly
Motorola=>Zebra) Extreme AP7502's, which I love (it's nice to finally see
someone else here using this under-rated line), and we're doing well enough
I'm considering going to an every-third-room deployment strategy the next
time I update a dorm, which for a traditional dorm still meets the "one
wall" rule.

The every-other option is working well even in an older building that has
crazy poured-concrete interior walls like I've never seen elsewhere. The
original construction is a metal chicken wire mesh stretched from floor to
ceiling that is **murder** on wifi signal, with a heavy concrete mixture
poured around it. The walls actually curve inward a bit as they reach the
junction with the outside wall.

In the case of suites/apartments, I try for one AP per suite (using AP7522
on the ceiling in the common room/living room), but we have two buildings
that were put up just a year or two before wifi was a big deal, and there's
no good way to get network drops into the ceiling... no plenum, and the
existing cable paths run in the outside wall between the brick and
insulation layer, and I have next to no way to change any of it. I wish I'd
been here when they were constructed... I would have insisted on drops into
the common spaces. These buildings use a hybrid between hallway and
in-room, with an AP7502 in every suite, plus some hallway APs to augment.





Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 11, 2017 at 2:06 PM, Daniel Brisson  wrote:

> I have found with Cisco’s 1810Ws that we can get more than one room.
> Obviously, this depends greatly on building construction, but we can
> typically get at least 3 rooms covered with one Access Point.  It’s really
> not *that* much more than deploying the larger APs.  I am looking at
> between 2-3x number of 1810Ws to replace our aging 3502i’s, which doesn’t
> seem that bad really considering we just need to add one 48-port POE switch
> in most cases.
>
>
>
> -dan
>
>
>
> --
>
>
>
> Dan Brisson
>
> Network Engineer
>
> University of Vermont
>
>
>
>
>
> *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Thomas Carter <
> tcar...@austincollege.edu>
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Wednesday, October 11, 2017 at 3:03 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU>
>
> *Subject: *Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall
> Rooms
>
>
>
> I’ve complained to vendors about this before, but the problem is the
> one-per-room deployment can be 2-4x the cost of in-hall deployment. At
> smaller schools like ours, nebulous future support hours saved won’t make
> up for current costs now.  The biggest issue is an in-hall AP that supports
> 4-6 rooms is only 2x the cost of a single in-room solution. For example,
> the dilemma I face is there is money to replace 6-8 year old APs and I can
> do one hall or 3-4 (with no guarantees of future money), which do you
> choose?
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> 
> Sherman, TX 75090
>
> Phone: 903-813-2564 <(903)%20813-2564>
> www.austincollege.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Stephen Belcher
> *Sent:* Wednesday, October 11, 2017 12:55 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall
> Rooms
>
>
>
> We started with an all wireless residence halls concept three years ago
> and will finish the last three (fairly small) installs next summer. We went
> with in-room access points supplemented with APs in common areas. For
> traditional residence halls we went with Cisco 702w initially changing to
> 1815w access points when they became available. For residence halls
> designed more as a suite concept we went with 2800 series access points. We
> pretty much blast the 5 GHz everywhere and disable 2.4 GHz in every other
> room (with a few exceptions).
>
>
>
> We have 6120 beds and the cost per bed for installs was about $370. I will
> be at Educause this year with a poster presentation on wireless dorms. If
> anyone is around stop by and say hi and grab some literature with the cost
> breakdown and FAQs.
>
>
>
>
>
> */* *Stephen Belcher*
>
> Assistant Director 

Re: [WIRELESS-LAN] 5GHz Micro Adapters

[Coehoorn, Joel]

I've seen some laptop vendors lock down the internal adapter in the bios to
the original approved model only, claiming recent FCC rules as the excuse.

On Aug 28, 2017 5:47 PM, "Johnson, Christopher"  wrote:

> Good Evening,
>
> 1.   Has anyone had any experience and would recommend a particular
> 5GHz Wifi Micro USB adapter for students that have a Windows Laptop with a
> 2.4GHz only integrated adapter?
>
> 2.   How is the quality/performance of a 5GHz Micro USB Adapter?
>
> a.   I can’t imagine it performing as well as a laptop with Wi-Fi
> antennas integrated throughout the monitor.
>
> b.   Would it be better to recommended the internal Wi-Fi NIC be
> swapped out for another compatible model – although I could see this being
> an issue if the antennas weren’t dual-band capable.
>
>
>
> Thank you and have a great night!
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Backup power

[Coehoorn, Joel]

In theory, we use UPS with all of our switch. In practice, while we always
have one when we deploy a new or replacement switch, the funding hasn't
been there for maintaining the batteries or replacing a UPS if it fails.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Jul 20, 2017 at 11:00 AM, Hales, David  wrote:

> We size and install a UPS in every switch closet.  We have only a few
> models of switch and access point, so we built a spreadsheet to calculate
> our power load based on actual power draw observed in our lab.  We try to
> size our UPSes to provide a minimum of 15 minutes of uptime with 150% of
> their installed load.  That gives us enough headroom for adding switches to
> existing stacks, or adding other PoE devices down the road.  Based on a 5-6
> year replacement cycle, that sizing should be more than enough to keep up
> with any growth in load we might experience before the next cycle where we
> can resize for the load at that point in time.
>
>
>
> We keep our distribution and core on service contracts, but we use limited
> lifetime hardware warranty on our access switches.  We keep enough spares
> on hand to handle the troubleshoot and cross ship transition for any that
> fail.  Again, we only have a couple of models in production, so keeping
> spares on hand is a pretty low cost option.
>
>
>
> *David Hales*
>
> *Network Systems Administrator*
>
> *Information Technology Services*
>
> 1010 N. Peachtree
>
> Clement Hall 117
>
> Cookeville, TN 38505
>
> *P* 931-372-3983 <(931)%20372-3983>
>
> *F* 931-372-6130 <(931)%20372-6130>
>
> *E* *dha...@tntech.edu* 
>
> *www.tntech.edu/its* 
>
> *[image: Tennessee Tech Logo]* 
>
> *[image: TTU Facebook] * *[image:
> TTU Twitter] * *[image: TTU
> Instagram] * *[image: TTU
> Youtube] * *[image: TTU Pintrest]*
> 
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Sandra Bury
> *Sent:* Thursday, July 20, 2017 10:02 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Backup power
>
>
>
> Good morning -
>
>
>
> I would be interested to know how many of you include UPS purchases for
> switches in each network closet in your campus deployments. If you do not
> build in backup power, do you put your switches on a maintenance contract,
> or do you pay to replace them when they fail outside of warranty?
>
>
>
> Thanks very much.
>
>
>
> Sandy
>
>
> *Sandra H. Bury*
>
> Executive Director, Computing Services
>
> Information Resources and Technology
>
> Bradley University
>
> 309-677-2808 <(309)%20677-2808>
>
> sa...@bradley.edu
>
>
>
> *[image: https://www.bradley.edu/global/images/emailsig_wordmark.gif]*
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam AUP question

[Coehoorn, Joel]

​No one said the AUP agreement has to be electronic.  You can put this in
your Student Handbook and employee contracts, and get agreement that way.​



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Jul 14, 2017 at 10:09 AM, Michael Davis  wrote:

> In the AUP itself, it's stated:  "No person or party may use the eduroam
> services without agreeing to this Acceptable Use Policy."
>
> I would be curious to see how others are meeting this.  We already have
> thousands of users using eduroam,
> do we now go back and force them into a Captive portal to agree to the AUP
> ?
>
> Seems to me that it's much easier now to just forget eduroam, remove it
> from campus, and go back to our
> branded Wifi.
>
>
>  On 7/11/17 4:56 PM, Elizabeth Shannon wrote:
>
> Section 3.3.7 of the Internet2 eduroam connector Agreement, states
> “Connector used reasonable efforts to ensure that such employee or Student
> IdP User acknowledged the AUP”.  I would like to know other institutions
> are meeting this requirement. We offered K-State branded SSIDs, eduroam,
> and Guest; users do not have to acknowledge terms of service or accept an
> AUP. Thanks.
>
>
>
> --
>
> Elizabeth Shannon, CIPT
>
> Kansas State University
>
> Information Security and Compliance
>
> 785.532.2540 <(785)%20532-2540>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Ubiquiti per dorm room WIFI

[Coehoorn, Joel]

We don't use them here, but my understanding from a colleague at another
institution is the existing room cable drops are NOT as efficient as actual
designed coverage.  You will end up needing more APs than a designed
layout, and the coverage and power settings won't be quite as nice.

But. The ubiquiti APs are cheap enough, especially when adding ongoing
licensing into the mix, and the coverage is still good enough, that you can
definitely come out with a win using this scheme.

On Jun 5, 2017 10:39 AM, "Rogers, Michael J."  wrote:

I realize this is a couple months old but wanted to provide some info and
ask a question related to the in-wall style ap.



We have been testing the Ubiquity UAP-AC-IW for about a month in an
office.  It has been working fine.  It does work over standard poe.  Only
thing we are really still waiting to test is vlan support for the Ethernet
jack.  I believe it is about out of beta.



We are considering these for ResHall deployments.  Love the idea of not
running additional cable.  For those that have deployed the in-wall type ap
- do you find that you need more of them because of the low height they are
mounted at?  I would guess all the furniture might attenuate a bit.  If so
did you end up deploying one per room?



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Norman Mourtada
*Sent:* Saturday, March 11, 2017 1:31 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Ubiquiti per dorm room WIFI



We are using something similar with Aruba model 205H 802.11ac 2.4/5 2x2
wave 1 and now the new model 303H wave 2 with MU-MIMO. This is a
hospitality AP model for dorms with built-in 3 Ethernet ports for wired
access as well. See http://www.arubanetworks.com/assets/ds/DS_AP303H.pdf.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Michael Blaisdell
*Sent:* Saturday, March 11, 2017 11:02 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Ubiquiti per dorm room WIFI



Has anyone looked at the new Ubiquiti IN WALL WAP?  It has what I need.  I
also believe it answers some of the questions that came up in past posts
about residence hall WIFI.

UAP-AC-IW - Ubiquiti UniFi In-Wall 2.4 / 5GHz AC Access Point


I read some of the specs at the baltic network site.

Product Specifications
• Dimensions: 139.7 x 86.7 x 25.75 mm (5.5 x 3.41 x 1.01 ")
• Weight: 200 g (6.43 oz)
• Networking Interface: (3) 10/100/1000 Ethernet Ports
• Buttons: Reset
• Power Method: Passive Power over Ethernet (48V), 803.2at Supported
(Supported Voltage Range: 44 to 57 VDC)
• Power Supply: UniFi Switch (PoE)
• Power Save: Supported
• PoE Out: 48V Pass-Through (Pins 1,2+; 3,6-)
• Maximum Power Consumption: 7W
• Maximum TX Power:
2.4 GHz: 20 dBm
5 GHz: 20 dBm
• Antennas: (1) Dual-Band Antenna, Single-Polarity
2.4 GHz: 1 dBi
5 GHz: 2 dBi
• Wi-Fi Standards: 802.11 a/b/g/n/ac
• Wireless Security: WEP, WPA-PSK, WPA-Enterprise (WPA/WPA2, TKIP/AES)
• BSSID: Up to Four per Radio
• Mounting: 1-Gang Electrical Wall Box (Not Included)
• Operating Temperature: -10 to 50°C (14 to 122°F)
• Operating Humidity: 5 to 95% Noncondensing
• Certifications: CE, FCC, IC

Advanced Traffic Management
• VLAN: 802.1Q
• Advanced QoS: Per-User Rate Limiting
• Guest Traffic Isolation: Supported
• WMM: Voice, Video, Best Effort, and Background
• Concurrent Clients: 250+

I didn't post the link to the data sheet but is listed on the site.





-- 

Michael Blaisdell
Director of Network Services

IT Services

Learning Commons/Library
Saint Francis University

117 Evergreen Drive

Loretto, PA  15940
814-472-3242 <(814)%20472-3242>
http://www.francis.edu


*The best way to predict the future is to invent it.** - O**badiah Bumbly*

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 2.4 vs 5

[Coehoorn, Joel]

We still have a lot of devices (especially low-end smartphones) that only
have 2.4 radios.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Mar 6, 2017 at 10:42 AM, Oliver, Jeff  wrote:

> Folks, just wondering how many PSI’s have successfully turned off your 2.4
> and gone 5GHz only? And how much blowback?
>
>
>
>
>
> Cheers,
>
> Jeff
>
>
>
> ---
>
>
>
> Jeffrey L. Oliver
>
> Manager, Network and Telecommunications
>
> Information Technology Services
>
> The University of Lethbridge
>
> 4401 University Drive, Lethbridge, Alberta, T1K 3M4
>
>
>
> Tel: 403.329.5162 <(403)%20329-5162>
>
> Mob: 403.315.4461 <(403)%20315-4461>
>
>
>
> URI:   jeff.oli...@uleth.ca
>
> Web:http://www.uleth.ca/information-technology/
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Here come the LTE-U devices...

[Coehoorn, Joel]

IIRC, this has the same power limitations as WiFi and other unlicensed
applications. That limits range enough I don't see carriers just deploying
this everywhere across our campuses. If nothing else, they'd have to get
permission to place the radios. I think it makes more sense for them as
something they can offer to us for micro-cells to improve coverage in
buildings and underground, instead of distributed antennas.

Even that won't make sense until handset support is in more than just a few
devices, though the current Apple/Samsung hegemony means the right device
could tip that scale faster than we expect. I'm also curious if this is
something that Cisco/Aruba/etc will build into Access Points and
controllers in a carrier-agnostic way, so we don't need additional devices,
wiring, or management and can spread it over a good-sized area when we know
we need it.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Feb 22, 2017 at 12:24 PM, Bob Brown  wrote:

> FCC announced it has authorized first LTE-U devices (Ericsson and Nokia
> are first two suppliers approved)
>
> CHAIRMAN PAI STATEMENT ON COMMISSION
> AUTHORIZATION OF FIRST LTE-U DEVICES
>   --
> WASHINGTON, February 22, 2017 – Federal Communications Commission Chairman
> Ajit Pai issued the following statement today on the agency’s first
> authorization of LTE-U devices:
>
> “Today, the Commission announced authorization of the first-ever LTE-U
> (LTE for unlicensed) devices in the 5 GHz band.  This is a significant
> advance in wireless innovation and a big win for wireless consumers.
>
> “LTE-U allows wireless providers to deliver mobile data traffic using
> unlicensed spectrum while sharing the road, so to speak, with Wi-Fi.  The
> excellent staff of the FCC’s Office of Engineering and Technology has
> certified that the LTE-U devices being approved today are in compliance
> with FCC rules.  And voluntary industry testing has demonstrated that both
> these devices and Wi-Fi operations can co-exist in the 5 GHz band.  This
> heralds a technical breakthrough in the many shared uses of this spectrum.
>
> “This is a great deal for wireless consumers, too.  It means they get to
> enjoy the best of both worlds: a more robust, seamless experience when
> their devices are using cellular networks and the continued enjoyment of
> Wi-Fi, one of the most creative uses of spectrum in history.
>
> “I remain committed to ensuring a competitive and vibrant unlicensed
> ecosystem that fosters innovation and promotes the efficient use of
> spectrum.  Today’s announcement, enabled by cooperation among private
> actors and collaboration with the public sector, reflects that commitment.”
>
>
> https://www.fcc.gov/news-events/blog/2017/02/22/oet-
> authorizes-first-lte-u-devices
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 2.4GHz - educating end users about interference

[Coehoorn, Joel]

I love the 2nd page with the colored chart and diagram.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Feb 21, 2017 at 10:24 AM, Walter Reynolds  wrote:

> This is a link to a pdf of what we came up with.
>
> https://drive.google.com/file/d/0B0BKRE3DeEPKb1RWc1BPSkljYUtJZ
> jRGel9icmU3NklJRHRv/view
>
> If the link does not allow you to see it I am attaching the file as well.
>
>
> 
> Walter Reynolds
> Principal Systems Security Development Engineer
> Information and Technology Services
> University of Michigan
> (734) 615-9438
>
> On Fri, Feb 17, 2017 at 11:02 AM, Michael Hulko  wrote:
>
>> Netscout.. aka Fluke… aka Airmagnet wrote a pretty easy to understand
>> document related to interference.
>>
>>
>> M
>>
>> On Feb 17, 2017, at 10:44 AM, Jeffrey D. Sessler > > wrote:
>>
>> You are fighting a battle that will never be won, and even a stale-mate
>> is unlikely.
>>
>> IMHO, your best bet is to work toward abandoning 2.4. In the early days,
>> we did try outreach and education, but there are just too many devices
>> today that use 2.4, and in many cases, users don’t even know it e.g.
>> Apple’s Airdrop. You can minimize some of this by solving the reasons
>> behind some of the interference sources i.e. install more WAPs to improve
>> the service, reducing the rogue problem. Install residential printers to
>> mitigate the need for student printers.
>>
>> Most of our residential is now designed around dense 5 GHz, and while 2.4
>> is available, it’s mostly ignored.
>>
>> Jeff
>>
>> *From: *"wireless-lan@listserv.educause.edu" <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >
>> on behalf of "Gray, Sean" >
>> *Reply-To: *"wireless-lan@listserv.educause.edu" <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >
>> *Date: *Thursday, February 16, 2017 at 2:21 PM
>> *To: *"wireless-lan@listserv.educause.edu" > E.EDU >
>> *Subject: *[WIRELESS-LAN] 2.4GHz - educating end users about interference
>>
>> Hi Fellow Wireless Wizards!
>>
>> This is my first post to the group, so please be gentle.
>>
>> Here at the University of Lethbridge we are about to embark on a bit of
>> an education drive for all of our wireless users with regards to the 2.4GHz
>> spectrum and their impact on it. Does anybody have good examples of
>> notices, posters etc. that they would be willing to share, that reference
>> the evils of rogues and other interference sources citing the negative
>> impact they have on the wireless network. Like everyone else on this list
>> we are seeing huge influxes of our friends the wireless printer, Bluetooth
>> devices and the like…
>>
>> if only we could just turn 2.4GHz off.
>>
>> Thanks
>>
>> Sean
>>
>>
>> *Sean Gray* | B.Sc (Hons)
>> Voice, Collaboration & Wireless Network Analyst
>> ITS, University of Lethbridge
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/discuss.
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/discuss.
>>
>>
>>
>> Michael Hulko
>> Network Analyst
>>
>> Western University Canada
>> Network Operations Centre
>> Information Technology Services
>> 1393 Western Road, SSB 3300CC
>> London, Ontario  N6G 1G9
>>
>> tel: 519-661-2111 x82433 <(519)%20661-2111>
>> direct: 519-850-2433 <(519)%20850-2433>
>> e-mail: mihu...@uwo.ca
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/discuss.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Student Gaming behind NAT

[Coehoorn, Joel]

Our firewall vendor (Untangle) is experimenting with a restricted UPnP
option, that may eventually allow us to use it for only approved devices
and approved ports, for an approved timespan. Other UPnP requests would be
rejected.

Not sure yet how I feel about the feature. If it works, I know our
student's would love it and I'm confident I could secure it to protect our
own public-facing services. But I'm not sure how it could allow two NAT'd
devices to both have, say, port 3074 forwarded at the same time.

On Feb 14, 2017 10:52 AM, "Voelker, Andy"  wrote:

> We’re having increasing problems with newer games operating on a 1:1 NAT
> in our residence halls.  Some of these games have a dozen port entries per
> platform (Xbox, PS4, PC) and after all that the games still aren’t acting
> reliably.  We’re using a Palo Alto firewall, which carries application
> signatures for SOME games, but not that many.  I’m finding myself spending
> too much time on this, yet not able to dedicate enough to get to a good
> solution.  I’m interested to hear how others are handling this (since I’m
> new to operating this type of service).
>
>
>
> Little background info:  We have a device SSID with a WPA2-PSK that dumps
> onto the student network, which carries some network permissions but
> relatively few.  A potential solution would be to stop NATing addresses,
> provide a public IPs to the device network, and segment them into an
> off-campus-only VRF.  However, students are starting to interact with their
> consoles using their PC’s and mobile devices, which would not work in this
> model.  By this I mean screen-casting, live streaming, etc.  I suspect that
> need will grow.  Also other “things” that use the device network like
> Chromecast, Sonos, Google Home, WiFi lights, etc would be useless unless we
> wrote firewall rules that allowed each and every one of these protocols.
> Many of these rely on mDNS, DIAL, etc though.  Not easy.
>
>
>
>
>
> I covet your thoughts.  Thanks in advance.
>
>
>
> ​
>
> Andy Voelker
>
> Network Administrator and IT Infrastructure Team Lead
>
> Davidson College
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Per room wireless

[Coehoorn, Joel]

Early design for our next residential build (suites) is to put a
ceiling-mounted AP in the common space of each suite. Each suite has four
bedrooms. At completion, each bedroom should have a single student, but the
design goal is allow for eventual double occupancy when we have growth.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Nov 4, 2016 at 11:32 AM, Hector J Rios  wrote:

> Mike,
>
> Search for subject " Question about Cisco 1810w APs in residential
> buildings". There was a good discussion on the experience some have had
> placing the APs on outer walls.
>
> Regards,
>
> Hector Rios
> Louisiana State University
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Atkins
> Sent: Friday, November 04, 2016 10:13 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Per room wireless
>
> Our last two dorms we placed an AP in every third room staggered above and
> below so no client should be no more than one wall away.  We were fortunate
> enough to get Ethernet drops for APs to every room just in case.
> I say fortunate but we really pushed it as insurance for the future.
> Coverage is great. but now we have to get better at dealing with high
> density.  The APs were mounted above the door to reduce the chance of
> damage.  If anyone has APs on the outer wall, we would certainly be
> interested in your experience.  Otherwise it will likely be a test over the
> summer when students and their belonging are not present to give us an
> accurate picture.
>
>
>
>
>
> Mike Atkins
> Network Engineer
> Office of Information Technology
> University of Notre Dame
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Blaisdell
> Sent: Friday, November 04, 2016 10:48 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Per room wireless
>
> How many on the list have moved to a per room model for wireless for
> student residence halls?
>
>
>
> Michael Blaisdell
> Director of Network Services
> IT Services
> Learning Commons/Library
> Saint Francis University
> 117 Evergreen Drive
> Loretto, PA  15940
> 814-472-3242
> http://www.francis.edu
> The best way to predict the future is to invent it. Alan Kay
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] TLS Onboarding Vendors

[Coehoorn, Joel]

> If those using or considering TLS had the option of PPSK (personal
pre-shared key), would you opt for PPSK instead?

Definitely. I think it's a much more user-friendly option, while providing
similar control and security as TLS.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Nov 1, 2016 at 9:12 AM, Jeffrey D. Sessler 
wrote:

> Just curious. If those using or considering TLS had the option of PPSK
> (personal pre-shared key), would you opt for PPSK instead?
>
> Jeff
>
> On 10/31/16, 9:27 AM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Bruce Boardman"  on behalf of board...@syr.edu> wrote:
>
> We are using Cloud Path for onboarding, but we are considering other
> options if and when we go to EAP TLS. We may get it baked in if we use ISE
> or Clear Pass but I considering other standalone options as well. Anybody
> have  experience or thoughts they'd like to share. Thanks
>
> Bruce Boardman Networking Syracuse University 315 412-4156 Skype
> board...@syr.edu
>
> **
> Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Captive portal trouble with LG phones

[Coehoorn, Joel]

I have an LG phone, and it is a common occurrence for me everywhere I go
with public wifi that my phone will want to give up on a wifi connection
and switch to data before I can complete a registration process. It's not
just our campus, but also McDonald's or Culver's with my kids, Starbucks,
or anywhere that does capture.

I say this because, while it is something you will want to address, it's
likely something that users of the phone will be used to, so at least
they're less likely to try to blame IT.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Oct 13, 2016 at 8:16 AM, Turner, Ryan H 
wrote:

> I despise captive portal detection on devices.  On our onboarding
> platform, I do everything possible to PREVENT the automatic popup of
> browsers due to problems like these (and many others).  For you to really
> figure this out, you are likely going to need to do a packet capture of the
> session and see what that users phone is attempting to connect to.  I would
> be doing a packet capture to poke some holes through so that the captive
> portal browser never opens in the first place.
>
>
>
>
>
> Ryan Turner
>
> Manager of Network Operations
>
> ITS Communication Technologies
>
> The University of North Carolina at Chapel Hill
>
>
>
> r...@unc.edu
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Thomas Carter
> *Sent:* Wednesday, October 12, 2016 9:36 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> I forgot to mention we’re currently running 5.4. We’ve had this trouble
> 3-4 times in the past few weeks, and every time it is a brand new LG phone.
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> 
>
> [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Sullivan, Don
> *Sent:* Wednesday, October 12, 2016 7:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> We use Packetfence also and we have not heard of or seen this issue. We
> are running version 6.0.3.
>
>
>
> *Don Sullivan*
>
> *Network Administrator*
>
> *205-726-2111 <205-726-2111>*
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Thomas Carter
> *Sent:* Monday, October 10, 2016 2:40 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> We use PacketFence as our NAC and have a captive portal to allow users to
> self-register their devices. In the past couple of weeks we’ve had problems
> with the latest LG phones (other Androids work fine) disconnecting in the
> middle of a captive portal session; it won’t stay connected long enough to
> register the device. It seems similar to the old Apple “success.html” test
> for internet connectivity, but I haven’t been able to determine if that is
> the case. Has anyone else seen this issue with new LG phones?
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> 
>
> [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif]
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/
> 

Re: [WIRELESS-LAN] Disabling LEDs on APs

[Coehoorn, Joel]

We disabled the LEDs in residence halls. It wasn't that big a deal... in
our system (Zebra/Motorola) the lights are on during power up, and only
turn off after connecting to the controller. I can also enable lights for
an AP, building, smaller area pretty easily from the controller if I'm
troubleshooting something where I want to see them.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 6, 2016 at 8:57 AM, Lee H Badman  wrote:

> First-world problems… Curious if others have gone down this road in
> Residence Halls. We’re not really being asked to, but are considering
> wholesale disabling LEDs on our Cisco APs in the dorms as a quality of life
> step. Has this caused anyone any pain when it comes to not being able to
> see the colors on the AP as status indication? Have you actually had
> requests to disable the LEDs? Overall experience with accommodating or
> denying the request?
>
> Thanks-
>
> Lee Badman
>
>
> *Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>  *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2

[Coehoorn, Joel]

Find someone with a good 3D printer ;D



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Sep 1, 2016 at 11:24 AM, Troy Lynn Wiseman  wrote:

> This is not pretty, but we use standard L brackets you can buy at the
> hardware store.
>
>
>
> Thanks
>
>
>
> TROY WISEMAN
>
> Network Engineer V
>
>
>
> INFORMATION TECHNOLOGY
> MAIL CODE 4622
> SOUTHERN ILLINOIS UNIVERSITY
> 625 WHAM DRIVE
> CARBONDALE, ILLINOIS 62901
>
>
>
> twise...@siu.edu
>
> P: (618) 453-6264
>
> INFOTECH.SIU.EDU 
>
>
>
> [image: SIU]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
> *Sent:* Thursday, September 1, 2016 10:59 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2
>
>
>
> You actually answered a question I meant to include, but I didn’t ask ..
> how are people doing wall mounts.  That issue just popped up this morning.
> I’ll keep this on file for those instances.  Thanks!
>
>
>
> -Brian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *James Helzerman
> *Sent:* Saturday, August 27, 2016 10:11 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2
>
>
>
> We use Cisco so I am not sure of the Aruba bracket but I was able to
> easily modify a camera mount for this purpose.  We also use the Oberon
> mount and are happy with that.
>
> This camera mount attaches to a single gang box and has a pass thru for
> the cable.  My picture does show the pass thru well but the link below does.
>
> http://www.securityideas.com/pa89pathjstm.html
>
> Jimmy
> University of Michigan
>
>
>
> On Aug 26, 2016 5:55 PM, "Lionel Shigemura"  wrote:
>
> A local Aruba vendor has made some custom 2-gang cover plates modified
> with a tile grid type piece for another Campus.  Just mount the adapter
> plate and clip the AP similar to a ceiling grid.  It was custom piece at a
> "decent" price, but can't recall exactly.  I've used various Oberon
> products and they're really nice.  We have some older bldgs with plenum
> ceiling that use a steel frame grid with integrated supply ducts.  No
> standard grid for clip usage. I've used the Aruba AP-220-MNT-W1 and Aruba
> AP-220-MNT-W2 using screws and zip ties.  If the W2 is too costly, a
> cheaper options we entertained was to modify the included grid clip adapter
> and screw it into the steel plate.  The latter solution was really
> difficult to remove so we didn't use it.
>
>
>
> For walls, I prefer this solution until I find something better.  #1011-00
>
> http://www.oberoninc.com/products/right-angle-brackets
>
>
>
> I contacted Oberon's competitor and their similar model didn't have a
> knockout for cable pass-through and had some differences.  This was shortly
> after Atmosphere.  Wasn't worth the cost when we had to modify to make it
> work.
>
>
>
> Lionel
>
>
>
>
>
> On Fri, Aug 26, 2016 at 9:17 AM, John Kristoff  wrote:
>
> Has anyone found, purchased or produced wall mounting kits suitable for
> attaching an AP to a gang box.  Specifically for Aruba APs like the 325
> (or the 220).  We've found the AP-220-MNT-W2, but if you get a lot of them,
> it gets costly quick.
>
> Thank you,
>
> John
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] point to point wireless bridge

[Coehoorn, Joel]

Hey, Max. Nice to know I'm not the only one here running Zebra.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Jul 19, 2016 at 11:12 AM, Max McGrath  wrote:

> We're a Motorola/Zebra shop and use AP7161s and AP7562s for bridges.  The
> link below (running on AP7161s) is probably 1/4 mile apart and we get
> phenomenal speeds.
>
>
> [image: Inline image 1]
>
> --
> Max McGrath  
> Network Administrator
> Carthage College
> 262-552-5512
> mmcgr...@carthage.edu
>
> On Tue, Jul 19, 2016 at 11:01 AM, Entwistle, Bruce <
> bruce_entwis...@redlands.edu> wrote:
>
>> We have been running a pair of Bridgewave GE60 units for several years to
>> link to some remote buildings.  We recently learned that these units are
>> reaching/reached EOL, so it is time to begin looking at replacing this
>> hardware.   I was looking to see what others have used for this type of
>> link.  The distance between the two units is about 200 feet and the bridge
>> units are connecting to 1Gb ports on the switches at each end.
>>
>>
>>
>> Thank you
>>
>> Bruce Entwistle
>>
>> Network Manager
>>
>> University of Redlands
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Coehoorn, Joel]

We looked into Clickatel and really *really *liked it.

Unfortunately, our campus is pretty close to the middle of nowhere. Neither
AT&T, Sprint, nor T-Mobile have the coverage to reliably deliver texts, and
they comprise a fair number of our visitors. You NEED Verizon (or a
verizon-based mvno) out here. I'm still trying to figure out a good
reliable way to get keys to guests in the absence of conistent txt message
delivery.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Jun 27, 2016 at 1:55 PM, Lee H Badman  wrote:

> Twillio. Is reliable and affordable.
>
> Lee Badman
> Network Architect/Wireless TME
> Syracuse University
> 315.443.3003
>
>
> -Original Message-
> *From:* Hector J Rios [hr...@lsu.edu]
> *Received:* Monday, 27 Jun 2016, 14:29
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *Subject:* Re: [WIRELESS-LAN] student residential routers?
>
> Any recommendations on an SMS gateway service? We are implementing
> ClearPass and we want our sponsors to have the ability to send credentials
> via text. I know about leveraging SMTP, but I’m interested in that option.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] backhaul wifi comparison/suggestions

[Coehoorn, Joel]

I've used Engenius bridges in that scenario.  Just $70 each, no licensing:

http://www.amazon.com/EnGenius-Technologies-Wireless-Bridge-ENS500/dp/B00BOVOM0S/



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Apr 5, 2016 at 4:52 PM, John Rodkey  wrote:

> That's what I've got in place now, but it also costs because of the yearly
> license fees.
> It hasn't been 100% reliable, either (interference on 2.4MHz, I'm pretty
> sure), so going 5 is desirable.
>
> John
>
> On Tue, Apr 5, 2016 at 2:42 PM, Ian McDonald  wrote:
>
>> A pair of (cisco) access points from your scrap pile in bridge mode? 100%
>> inexpensive J
>>
>>
>>
>> --
>>
>> ian
>>
>>
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *John Rodkey
>> *Sent:* 05 April 2016 22:36
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [WIRELESS-LAN] backhaul wifi comparison/suggestions
>>
>>
>>
>> I have need for a fairly inexpensive,  low bandwidth (10Mbps), short
>> distance (<200 ft)  point to point wireless connection .
>>
>> I am aware of the Cambrium ePMP 1000 and Ubiquiti nano.
>>
>> Would anyone like to compare these items or propose other good solutions
>> to this type of situation?
>>
>> John
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new flexible radio assignment?

[Coehoorn, Joel]

Not with Cisco, but I love my AP7502's
.


The radios in that device are not programmable, but they are in their big
brother AP7522, where I could have both radios in the device running 5Ghz
or set one as a client for health checks. The Zebra (formerly Motorola)
controller won't do this dynamically, though... at least not yet.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 22, 2016 at 2:07 PM, Mike Atkins  wrote:

> I’m looking forward to the 2800/3800 AP features as we deploy new
> infrastructure and high density WiFi.  I hopeful the external antenna model
> can help reduce the # of APs/licenses needed in very high density
> locations.  The auto channel width could be nice if it works okay in our
> environment.  Only time and testing will tell…..   Not sure if multi-gig
> will be a factor in the coming year but we are certainly looking at it for
> the new Cisco and new Aruba APs.  Our Aruba folks indicate two 5.2 GHz
> radios in the same antenna location will not work efficiently…. So we’re
> hoping there is some software magic to overcome physics.  Needless to say
> I’m trying to keep my expectations low in order to be pleasantly
> surprised.
>
>
>
> There are a couple “No Strings Attached Show” podcasts discussing
> 2800/3800 and flexible radio assignment.  (sponsored podcast)  There is
> also a “Cisco Champion Radio” podcast discussing 2800/3800 features.
>
>
>
> PS.  We are looking at 1810w for dorm deployment.  It’s wave2 AC but still
> does not do clean air if you need that.
>
>
>
>
>
>
>
> *Mike Atkins *
>
> Network Engineer
>
> Office of Information Technology
>
> University of Notre Dame
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Daniel Brisson
> *Sent:* Tuesday, March 22, 2016 2:46 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts
> on new flexible radio assignment?
>
>
>
> Yes, the flexible radio design is definitely interesting.  I’m interested
> to see how it plays out in terms of shuffling clients between APs based on
> what radio is available.
>
>
>
> I wanted to ask…have you considered the 702W for your res halls?  It
> really seems to be the way to go in terms of creating small cells for the
> myriad devices that existing in that setting.  We have a new dorm going up
> as well and with our experience with the 3502i’s, which grants has not been
> bad, but I really see the benefit of going with the 702w style.
>
>
>
> -dan
>
>
>
>
>
>
>
> Dan Brisson
>
> Network Engineer
>
> University of Vermont
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Tuesday, March 22, 2016 2:27 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on
> new flexible radio assignment?
>
>
>
> For the Cisco shops:
>
>
>
> I recently had a briefing on the new Cisco 2800/3800 Wave 2 WAPs coming in
> May, and I’m pretty excited for the new flexible radio design. For those
> that have not read up on it, in the new models one of the two radios can
> dynamically move (self optimize) between 2.4 and 5 GHz depending on need
> (coverage/performance) or function (Serve clients, security monitoring,
> service assurance aka be a client, or enhanced location).
>
>
>
> Seems like Cisco is addressing one of my long standing concerns/wishes,
> that when designing dense deployments, that the number of 2.4 GHz radios
> become overkill and wasted. The new model provides for much better 5 GHz
> coverage (lots of WAPs running 5GHz x 2) with just enough running 2.4 GHz
> to handle legacy needs. It’s going to make my life much easier when
> designing for our residential halls.
>
>
>
> Any of the other Cisco shops excited for the new flexible radio feature?
> Thoughts? I have a new residence hall coming online in August so the timing
> is great.
>
>
>
> Jeff
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.

Re: [WIRELESS-LAN] Desktop projection to classroom display

[Coehoorn, Joel]

I just did some searching, and ALL of those (Crestron,  ClickShare, and
WePresent) will only show content that you can load in their app. If you
want to show content from other apps, you're stuck.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:13 PM, Wall Wofford  wrote:

> WePresent is another option that we hope to explore soon.
>
> Regards,
> Benjamin
>
> On Wed, Mar 2, 2016 at 12:09 PM, Sullivan, Ryan 
> wrote:
>
>> At UCSD, we have a customer who recently asked about a Barco Clickshare
>> set up. The default mode is that it does act as an AP but there is an
>> advanced set up configuration that allows the AP function to be disabled
>> when the base unit has a wired connection and the remote buttons can attach
>> to a WPA2-E network.
>>
>> Section 4.12
>>
>> http://www.barco.com/tde/%282331390682231610%29/R594/08/Barco_InstallationManual_R594_08__ClickShare-CSC-1-Installation-Guide.pdf
>>
>> No actual experience with the product but it sounds promising.
>> Thanks,
>> Ryan Sullivan
>>
>>
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Thomas Carter [
>> tcar...@austincollege.edu]
>> Sent: Wednesday, October 28, 2015 6:35 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> We have a ClickShare - it works well, but was very pricy. It basically is
>> an AP (luckily it can do 5GHz so interference wasn’t a problem) that talks
>> to the dongles. The benefit is the simplicity for Windows and Mac users; we
>> get no support calls on it. The down side is the cost (4 digits for the
>> device and USB dongles).
>>
>>
>> Thomas Carter
>> Network & Operations Manager
>> Austin College
>>
>>
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
>> Sent: Tuesday, October 27, 2015 8:27 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> On Tue Oct 27 2015 07:49:31 CDT, "Ashfield, Matt (NBCC)" <
>> matt.ashfi...@nbcc.ca> wrote:
>> >
>> > We’d like to try and standardize on a technology so we can manage it
>> (ha!). I’m just wondering if anyone has solved this one yet?  We’ve looked
>> briefly at AirParrot but wondering if anyone else has had any luck in this
>> area.
>>
>> One of our groups just showed up with the Barco ClickShare.  I know it's
>> been discussed here in the past a couple of times, but any idea how it
>> compares with some of the other solutions mentioned here already?
>>
>> Just at a first glance I'm not too wild about it since it basically looks
>> like an AP that gets connected to a projector or display.
>>
>>
>> --
>> Julian Y. Koh
>> Associate Director, Telecommunications and Network Services Northwestern
>> Information Technology
>>
>> 2001 Sheridan Road #G-166
>> Evanston, IL 60208
>> 847-467-5780
>> NUIT Web Site:  PGP Public Key:<
>> http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
>>
>>
>>
>>
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>
>
>
> --
> Benjamin Wall Wofford
>
> *Director of Technology Support Services*
> Fuller Theological Seminary
> w...@fuller.edu
> phone: 626-304-3798
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Coehoorn, Joel]

We have an open SSID



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:40 PM, Augustus Pertalion  wrote:

> We run an open network in our resnet environment, in addition to an
> authenticated one.
>
> Thanks,
>
> John
>
> --
> John Pertalion
> Network Infrastructure and Control Systems
> 1116 Peacock Hall
> Appalachian State University
> Boone, NC 28608
> 828 262 7909
>
> On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:
>
>> 
>>
>> Other than Jeff Sessler at Scripps, who else is running an open network
>> in their resnet environment? Off-list answer is fine, if you prefer. I’d
>> like to bounce a few questions off of those doing this, off-list.
>>
>> Kind regards,
>>
>> Lee Badman
>>
>>
>> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>>  *w* its.syr.edu
>>
>> *SYRACUSE UNIVERSITY *syr.edu
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Coehoorn, Joel]

Because devices *work *with PPSK. That's too often not the case for 802.1x,
and unfortunately this seems to be getting worse rather than better.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 1, 2016 at 12:01 PM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu> wrote:

> Why “reinvent the wheel” with PPSK when 802.1X uses the existing personal
> user credentials?
>
>
>
> ​
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Coehoorn, Joel [mailto:jcoeho...@york.edu]
> *Sent:* Tuesday, March 1, 2016 12:02 PM
> *Subject:* Re: Self-registered MAC device bypass- worth the headaches?
>
>
>
> Ruckus supports a PPSK variant, as well.
>
>
>
> I'm just gonna put this out there. I have this idea in my head for an
> ideal wifi service. It starts with personal pre-shared key (PPSK), but it's
> something I don't believe is possible yet with any vendor.
>
>
>
> Step one is to create a unique key prefix for each user, effectively
> embedding a username value (the prefix) into the same field as the
> key/password. The prefix would be as short as possible, perhaps as small as
> three characters, in order to keep entry into devices simple. The purpose
> of this prefix is to allow users to choose their own wifi password, while
> still ensuring that each PSK value is unique and identifiable to a given
> user. If we don't value allowing users to choose their own wifi passwords,
> we could instead generate and assign them, and just map back the assigned
> key to the user.. but I believe there is value in this.
>
>
>
> Users would onboard by first connecting to a portal available via
> open/limited ssid to claim their key. They would have to log in with their
> traditional username/password. The portal would then prompt them for a key
> suffix (their wifi password), and then show them the complete key (prefix +
> suffix), which would be registered with our system. It would also have
> options to show them history for devices authenticated using their key,
> expire an old/create a new key using the same prefix, and other typical
> account management options. Once created, that key could be used with
> anything that supports traditional PSK connections.
>
>
>
> One important feature that I'd like to see as part of this, and what I
> think helps make this idea unique, is that devices authenticated with the
> same PPSK should always end up with the same vlan id. In this way, a
> student would be able to, for example, connect to a desktop in his room
> from the phone/tablet he brought to class and grab a file he forget to show
> an instructor. It also makes things like wireless printers, long the bane
> or our existence, almost reasonable in terms of setup and support.
>
>
>
> By keeping a prefix that's unique to each user, or mapping all key
> assignments back to the user, we can still always know who is responsible
> for a given device. We could do things like get a report of keys that
> authenticate more than, say, 6 devices to monitor for key abuse, expire
> keys when there is a problem, engage a known user when expiring old keys is
> not enough, and even map users to specific vlan pools for network policy
> enforcement. We could also create keys for events or specially classes of
> device (security cameras, door locks, wifi phones, etc). Additionally,
> per-user keys means each user's over-the-air signals have different
> encryption keys, preventing things like firesheep from working. This is
> just about all the things we do with 802.1x today, but in a form that's
> much friendlier to the consumer devices we have to support.
>
>
>
> This plan effectively embeds a username (the prefix) and a password
> (suffix) into the same value, with our without the prefix, so some of the
> same security concerns apply, but these are solvable problems. We just need
> to get vendors on board with the idea.
>
>
>
>
> Joel Coehoorn
> Director of Information Technology
> 402.363.5603
> *jcoeho...@york.edu *
>
> The mission of York College is to transform lives through
> Christ-centered education and to equip students for lifelong service to
> God, family, and society
>
>
>
> On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton  wrote:
>
> Matt, Bill and others,
>

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Coehoorn, Joel]

Ruckus supports a PPSK variant, as well.

I'm just gonna put this out there. I have this idea in my head for an ideal
wifi service. It starts with personal pre-shared key (PPSK), but it's
something I don't believe is possible yet with any vendor.

Step one is to create a unique key prefix for each user, effectively
embedding a username value (the prefix) into the same field as the
key/password. The prefix would be as short as possible, perhaps as small as
three characters, in order to keep entry into devices simple. The purpose
of this prefix is to allow users to choose their own wifi password, while
still ensuring that each PSK value is unique and identifiable to a given
user. If we don't value allowing users to choose their own wifi passwords,
we could instead generate and assign them, and just map back the assigned
key to the user.. but I believe there is value in this.

Users would onboard by first connecting to a portal available via
open/limited ssid to claim their key. They would have to log in with their
traditional username/password. The portal would then prompt them for a key
suffix (their wifi password), and then show them the complete key (prefix +
suffix), which would be registered with our system. It would also have
options to show them history for devices authenticated using their key,
expire an old/create a new key using the same prefix, and other typical
account management options. Once created, that key could be used with
anything that supports traditional PSK connections.

One important feature that I'd like to see as part of this, and what I
think helps make this idea unique, is that devices authenticated with the
same PPSK should always end up with the same vlan id. In this way, a
student would be able to, for example, connect to a desktop in his room
from the phone/tablet he brought to class and grab a file he forget to show
an instructor. It also makes things like wireless printers, long the bane
or our existence, almost reasonable in terms of setup and support.

By keeping a prefix that's unique to each user, or mapping all key
assignments back to the user, we can still always know who is responsible
for a given device. We could do things like get a report of keys that
authenticate more than, say, 6 devices to monitor for key abuse, expire
keys when there is a problem, engage a known user when expiring old keys is
not enough, and even map users to specific vlan pools for network policy
enforcement. We could also create keys for events or specially classes of
device (security cameras, door locks, wifi phones, etc). Additionally,
per-user keys means each user's over-the-air signals have different
encryption keys, preventing things like firesheep from working. This is
just about all the things we do with 802.1x today, but in a form that's
much friendlier to the consumer devices we have to support.

This plan effectively embeds a username (the prefix) and a password
(suffix) into the same value, with our without the prefix, so some of the
same security concerns apply, but these are solvable problems. We just need
to get vendors on board with the idea.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton  wrote:

> Matt, Bill and others,
>
> You’d indicated that you have instructions for most common devices, is
> this something that you can share. Like others, we have a manual
> registration process (built on ClearPass), but it does require the MAC in
> order to complete the registration. The Amazon Echo is now relatively
> straightforward, as it shows up in the Alexa app after you’ve connected
> your phone to the Echo. To find it, users open the Alexa app, go to
> settings, choose the device and scroll all the way down to the bottom of
> the screen. There it will show you the software version, serial number and
> MAC address. All of that said, I haven’t been able to test the latest
> versions to see if you can do all of this without needing to connect to the
> Internet. If you aren’t we are back at square one and have to take it off
> site to get through the initial setup, which is a real pain.
>
> Another device we’ve had a lot of issues with is the newest AppleTV. Again
> I haven’t checked the latest update so this may have changed, but when it
> first came out, you had to do a little dance to get the MAC. The dance had
> you connect it to wired, navigate to the network settings when the MAC
> address and then remove the wired cable. This would put the device back
> into Wi-Fi mode and would display the Wi-Fi MAC. Then you are able to
> manually register it and go through the complete process.
>
> Chromecast has had a few other issues, mostly related to dropping sessions
> and making poor AP choices.
>
> This whole discussion has got me thinking and

Re: [WIRELESS-LAN] aps into a office Christmas tree

[Coehoorn, Joel]

The wreath on my office door:

[image: Inline image 1]



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Dec 16, 2015 at 2:27 PM, Lee H Badman  wrote:

> Wonder what code bug they leveraged to pull that off.
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Trent Hurt
> *Sent:* Wednesday, December 16, 2015 3:09 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] aps into a office Christmas tree
>
>
>
>
>
>
>
>
> http://www.networkworld.com/article/3015954/mobile-wireless/our-christmas-tree-at-the-office.html
>
>
>
>
>
>
>
> Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
>
> Wireless Network Administrator
>
> University of Louisville
>
> Phone (502) 852-1513
>
> FAX (502) 852-1424
>
> Wireless.louisville.edu 
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It's that time of year...

[Coehoorn, Joel]

That's not the only recent wifi news article

http://www.telegraph.co.uk/news/uknews/12025988/Mother-claims-wifi-allergy-killed-her-daughter-and-accuses-school-of-failing-to-safeguard-children.html





Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Dec 2, 2015 at 1:23 PM, Patrick Campbell  wrote:

> It looks like we have a Ham among us judging from the frequency range and
> “S” signal level instead of dBm.
>
>
>
> Pat, WA3UOE
>
>
>
>
>
> J. Patrick Campbell
> Wireless System Design Specialist
>
> The Pennsylvania State University
>
> 110 University Support Building 2
>
> University Park, PA 16802
>
> Email: jp...@psu.edu
>
> Office 814-865-5888
> Cell 814-280-7630
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald
> *Sent:* Wednesday, December 2, 2015 2:03 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] It's that time of year...
>
>
>
> Hi Brandon,
>
> I'm pretty sure wideband noise from cheap and nasty electronics can cause
> havoc with most telecommunications.
>
> Whether fairy lights are any better or worse than anything else, I doubt
> it, though they are very cheaply produced, and unlikely to be very well
> designed.
>
> My Cisco 837 power supply (while still powering the router quite
> effectively) developed a S9+40 noise from 1.8MHz to 30MHz, which turned out
> to be down to the infamous bulgy caps, so it's not down to purchase price
> either ;)
>
> Best Regards,
>
> --
> ian
>
> Sent from my phone, please excuse brevity and/or misspelling.
> --
>
> *From: *Case, Brandon J 
> *Sent: *‎02/‎12/‎2015 17:52
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject: *[WIRELESS-LAN] It's that time of year...
>
> The holidays are officially upon us!
>
>
> http://gizmodo.com/can-christmas-lights-really-play-havoc-with-your-wi-fi-1745648879
>
> Has anyone else gotten wind of this yet? Seems to be making the rounds
> here.
>
> Thanks,
> --
> Brandon Case
> Senior Network Engineer
> IT Infrastructure Services
> Purdue University
> ca...@purdue.edu
> Office: (765) 49-67096
> Mobile: (765) 421-6259
> Fax:(765) 49-46620
>
> PGP Fingerprint:
> 99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] OT - Anyone using OpenDNS Umbrella DNS security product?

[Coehoorn, Joel]

I look forward to hearing your results from blocking port 53. What
communication have you done for this so far?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Nov 19, 2015 at 2:49 PM, Randy Mahurin 
wrote:

> Here are the comments from our Security Engineer, we've been using it for
> several months now:
>
> "So we've been using OpenDNS Umbrella for about 2 months now.  We
> actually replaced our proxy server with this after some back and forth on
> what it gained us vs what we lost.  While we've been using it for 2 months,
> we only recently implemented the Virtual Appliances (VA's- talked about
> towards the end of this) into the mix that really gave us more visibility.
>
> Long story real short, we've been happy with it so far and if you want any
> more info let me know.
>
> Pro's:
>
>- We use bitsighttech.com as a 3rd party to rate us against other
>.edu's.  We were sitting in the 600 range for quite awhile, and then in
>july-sept, we just started getting hammered on score because of potentially
>exploited machines.  We can track it back to pretty much the day we
>switched over to openDNS to a lot of those falling off the list.  Systems
>still weren't cleaned at the time, but it since they were no longer able to
>go outbound, the score hit went away and then we were able to start using
>umbrella to track them down.
>- Blocks a ton of stuff that our proxy server wasn't blocking before
>since now it is blocking more than just 80/8080 traffic!
>- Scheduled reports.  I get a daily last 24 hr botnet report to show
>me systems on campus that are blocked trying to access botnet systems,
>we're just starting to work through this list.
>
>
> Con's:
>
>- They don't auto rescan their sites, if something is blocked for
>malware, until someone out there using their fabric requests a site be
>rescanned, it doesn't happen. The first week we had 3 requests, the 2nd 3,
>the third 2, etc...  We're probably averaging 1-2 support tickets a week on
>sight rescans and 80-90% have come back clean and been removed. A few have
>come back as still infected and we didn't unblock them.
>- Blocking sites, for us we used to use the proxy server to block
>exact pages out of phishes, so http:\\somesite.com\somefolder\phishme.html;
>Well now the best we can do is blocking somesite.com.  Looking back at
>99% of the phishes we've blocked in the past 3 years blocking the full site
>hasn't been an issue, but there was a site or two that this will/would have
>caused issues with.
>
> Other pieces
>
>- Depends on your point of view if this is a pro or a con.  The
>virtual appliances (talked about below) auto patch if you have 2 of them
>(which you'd want for redundancy).  If you have a strict change management
>policy, you have no control over when these patch beyond giving it a time
>window in the middle of the night and it does it automagically.  It does
>one, waits for it to come back up and restablish contact and verify
>functionality (somehow, bit magically) and then it will do the other.
>We'll be going through this for the first time within the next month.  You
>have to sign up to even get notices of this happening and it was basically
>between 11/18 and 12/8 we'll be rolling this out.  So no control over
>it outside of the time window you provide for it to look at doing this
>daily.  One less thing you have to patch or schedule, but something you
>have no control over also.
>- Just purchased by Cisco, waiting to see what they do on cost going
>forward.  Part of the reason we moved away from the proxies were because
>cisco kept increasing the maint cost each year!
>
>
>
> If you want to make the most use out of it.
> 1.  Roll out their Virtual Appliances and these become your primary DNS
> servers on campus for all of your clients (servers and workstations).  They
> forward *.local and *.whateveryourdomain(s) are onto your other DNS
> servers.  If you don't do this, reporting is fairly worthless as all you
> get is your DNS servers IP addresses, so tracking down who may be infected
> is difficult depending on what type of logging you have locally.  These are
> VMs.
> 2.  Plan on changing your outbound firewall to blocking tcp/udp 53 from
> all systems except your Primary DNS servers and the VA's in #1 at some
> point in the future.  Basically make sure people aren't bypassing the extra
> security you've provided by going to google's DNS, their home ISP, etc.  We
> plan on making this change over Christmas break.
> 3.  If an AD shop, look at rolling out their VM that ties into AD and
> parses DC logs for login events.  If/when this is in place it will match
> the IPs found i

Re: [WIRELESS-LAN] Desktop projection to classroom display

[Coehoorn, Joel]

I have nothing but good things to say about AirServer. Recent versions now
also support Miracast, and can also record or stream direct to Youtube.

Be caution of claims that a solution will work with iPad and Android. The
devil is in the details, and often the detail is that it only works with
their app... you get things like a whiteboard and powerpoint display, but
real full-screen mirroring of any app just isn't there. If doesn't have
native AirPlay/Miracast support, it's not gonna get the job done.





Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Oct 27, 2015 at 11:42 AM, Mike Cunningham 
wrote:

> Eric, do you have your wired and wireless networks on the same subnet? We
> use a different subnet for wireless and have found that many of these types
> of devices don’t like the way our network is configured. The broadcast from
> the device to help a wireless device find what to connect to never crosses
> over to the wireless side or if it does the communications between the
> mobile device is unreliable.
>
>
>
>
>
> Mike Cunningham
>
> VP of Information Technology Services/CIO
>
> Pennsylvania College of Technology
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Kurtz, Eric
> *Sent:* Tuesday, October 27, 2015 12:25 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Desktop projection to classroom display
>
>
>
> We recently deployed these Extron units (without the wifi since we have a
> solid wifi infrastructure already)   As long as your device can reach this
> device’s ip you should be good.
>
>
>
> http://www.extron.com/product/product.aspx?id=sharelink200&s=4
>
>
>
> The Extron *ShareLink 200* Wireless Collaboration Gateway enables anyone
> to present content from a laptop, smartphone, or tablet on a display,
> transforming any meeting room into a collaboration space. ShareLink™
> technology supports simultaneous display of slides, documents, graphs, and
> photos from up to four devices without needing a cable. It is compatible
> with Windows® and OS X® computers as well as Apple® and Android® smartphones
> and tablets. It also includes a moderator mode to ensure only approved
> content is displayed. In spaces with sight line concerns, slides can be
> viewed on a personal device via a Web browser. The professional
> capabilities of the ShareLink 200 wireless and network models provide easy
> integration of mobile devices into meeting and huddle rooms, interactive
> collaborative spaces, and larger presentation environments.
>
>
>
> *Eric Kurtz*
>
> *Senior Systems Engineer*
>
> Office of Information Technology
> Susquehanna University
> 514 University Avenue
> Selinsgrove, PA 17870-1164
> 570.372.4537
> ku...@susqu.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Ashfield, Matt (NBCC)
> *Sent:* Tuesday, October 27, 2015 8:50 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Desktop projection to classroom display
>
>
>
> Good Morning
>
>
>
> Like I’m sure most of you have experienced, we are dealing with technology
> like AppleTVs and Chromecasts showing up in our classrooms and being asked
> to “make it work”. Obviously we run into the roadblocks of those devices
> not fitting into our network well, or working with certain OS’s, not to
> mention security implications.
>
>
>
> We’d like to try and standardize on a technology so we can manage it
> (ha!). I’m just wondering if anyone has solved this one yet?  We’ve looked
> briefly at AirParrot but wondering if anyone else has had any luck in this
> area.
>
>
>
> Any info/advice is appreciated.
>
>
>
> Thanks,
>
>
>
> Matt
>
> NBCC
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Ruckus has purchased Cloudpath

[Coehoorn, Joel]

Best case scenario: Ruckus' awesome Dynamic PSK feature gets rolled into
Cloudpath for the rest of us and the pricing comes down in an effort to use
CloudPath to eventually sway customers towards Ruckus hardware. Worst case:
Cloudpath effectively goes Ruckus-only, leaving us to move to either
Secure-W2, Cisco ISE, or Aruba ClearPass.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Oct 22, 2015 at 9:58 AM, Frank Sweetser  wrote:

> Well that's... interesting.
>
> Anyone heard any rumors about what their roadmap might be?  These
> acquisitions of an independent service by a larger portfolio company rarely
> seem to well for customers of the independent service if you're not also a
> customer of the large one.
>
> Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
> that
> Manager of Network Operations   |  is simple, elegant, and wrong.
> Worcester Polytechnic Institute |   - HL Mencken
>
> On 10/22/2015 10:43 AM, Lee H Badman wrote:
>
>> FYI.
>> *Lee Badman*| Network Architect
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003 *f* 315.443.4325 *e* _lhbadman@syr.edu_
>>  *w* its.syr.edu
>> *SYRACUSE UNIVERSITY
>> *syr.edu
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Zebra Wireless

[Coehoorn, Joel]

Has anyone here used or looked the Zebra wireless platform (formerly
Motorola/Symbol)?  I'm looking at them for a deployment away from the main
campus. They have a very tempting AP line-up with pricing less than $250
per AP, and I wonder if anyone else has used or looked at them.


Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Coehoorn, Joel]

HEOA just requires that we provide an individual notices to students once
per year that includes an explanation of copyright and our enforcement
policies. Said policies must include technical measures to limit copyright
infringement and a policy to promote legal alternatives, but I didn't see
anything in there about data retention requiring us to keep logs relating
IPs/MACs to users.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Sep 7, 2015 at 5:38 PM, Steve Bohrer 
wrote:

> Hi Jeff,
>
> Can you comment on how the Higher Education Opportunity Act (HEOA) fits
> into this? Our understanding is that HEOA, in addition to the opportunity
> of Pell grants, now also gives us the opportunity to provide specific
> annual user eduction about copyright, and to get involved with copyright
> enforcement. IANAL enough to discuss whether HEOA compliance requires more
> or less user identity info than DMCA compliance, but HEOA was historically
> one of the reasons we've tried to know who owns the devices on our wired
> and wireless networks. Are there Educause or other resources about HEOA
> similar to the one you cite for DMCA?
>
> Steve Bohrer
> Network Admin, ITS
> Bard College at Simon's Rock
> 413-528-7645
>
> > On Sep 4, 2015, at 5:28 PM, Jeffrey D. Sessler 
> wrote:
> >
> > Matthew,
> >
> > Under the DMCA, the ISP only has to, upon learning of the infringing
> transmission, act quickly to remove or disable access to the infringing
> transmission. We can carry that out with no knowledge of who’s behind the
> device. That said, it only applies to resources owned by the institution.
> >
> > Here is some key info in case you’re interested. Some of it is sourced
> from from an EDUCAUSE FAQ for DMCA designated agents in higher-ed.
> >
> > If your institution, after taking reasonable efforts to investigate and
> match a user to the IP address designated in the DMCA notice, cannot, for
> technical or other legitimate reasons, match a user to this IP address, the
> DMCA does not specifically require any other action.
> >
> > The DMCA does not include a records retention requirement for logs. So,
> if your record retention for radius, dhcp, etc. is only 7 days, and a DMCA
> notice arrives for something that occurred 14 days ago, then you are under
> no obligation to do more.
> >
> > Resources owned by an institution—such as faculty, staff, or computer
> lab computers—fall under 17 U.S.C. Section 512(c). This section provides a
> safe harbor for an ISP so that it is not liable for monetary damages for
> infringing materials on its servers provided it does not have “actual
> knowledge” of the infringing material, does not receive a direct financial
> benefit from the infringement, and, when notified, responds “expeditiously”
> to remove the infringing material or disable access to such material.
> >
> > Most student and guest activity on university networks occurs through
> personally owned equipment and thus falls under 17 U.S.C. Section 512(a).
> This section provides immunity to the ISP for information that simply
> transits the ISP’s networks, with no direction, input, or interference from
> the ISP itself, and is not stored anywhere on the ISP’s network. Notably,
> no additional proactive steps are required for an ISP to avail itself of
> this immunity. However, for a variety of reasons, some institutions have
> made a policy decision to treat these notices as if they fall under Section
> 512(c), terminating users from the network unless and until the infringing
> content is removed. Often such activity is handled through a student
> affairs process, rather than as a legal or IT matter, so as to seize upon a
> “teachable moment” for students.
> >
> > If you’re interested, here is the link:
> >
> http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/intellectual-property/dmca-faq
> >
> >
> > Jeff
> >
> >
> >
> > On 9/4/15, 1:58 PM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Williams, Matthew" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of mwill...@kent.edu> wrote:
> >
> >> Jeff,
> >>
> >> Without knowing who is behind the device, how do you handle copyright
> issues?
> >>
> >> Respectfully,
> >>
> >> Matthew Williams
> >> Manager, Network and Telecommunications Services
> >> Kent State University
> >> Office: (330) 672-7246
> >> Mobile: (330) 469-0445
> >>
> >> -Original Message-
> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
> >> Sent: Friday, September 4, 2015 4:24 PM
> >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> >> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in
> the dorms- quick Survey
> >>
> >> Frans

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Coehoorn, Joel]

The difference between us and a McDonalds or Starbucks is that we are the
student's residence. They can't as easily just wait or go elsewhere in
order to do things that really should not be done on an open wifi
connection.

Additionally, this is the first encounter with the issue for many students.
They haven't yet had a chance to know that they should care. Therefore, I
do believe it is our responsibility to provide the secure option and
educate our students on the importance of using it.

At the same time, college students are supposedly adults now, and capable
of making their own decisions, and so I try to provide both options (we
really do have an completely open SSID), along with some education and a
nudge via SSID naming that the secure SSID may be "better" in some
ephemeral way.




Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Sep 4, 2015 at 2:09 PM, Frans Panken 
wrote:

> Jeff,
>
> Jeffrey D. Sessler schreef op 04/09/15 om 20:55:
> > Just to turn this on it’s ear a bit...
> >
> > Why not go back to an open network for student devices, with the same
> EULA as they’d get be it at a Starbucks, McDonalds, hotel, or convention
> center? Why are we (my self included) so hell bent on student devices
> connecting via WPA-Ent and all the challenges associated with accommodating
> devices that can’t?
> Basically, because you do not know who is behind the device if this user
> does something that conflicts with any of the policies (e.g., security
> to name one).
> >
> >
> > Does data exist that shows all of this overhead we’ve created has had
> any measurable benefit (for the cost), especially when the same users
> aren’t concerned about over-the-air security when at the above mentioned
> places?
> Regardless of the numbers, I will tell you it was worth it.
>
> Inmagine the blames your institute copes with if some one decides to put
> a rogue access point in between that cathes all kinds of privacy data?
> The end-user will blame the institue because it happended there!
>
> Note that there are easy out-of-the-box tools that are dedicated for
> these kind of attacks and easy to set-up, even for a 12 year old. For
> example, have a look at pineapple: https://www.wifipineapple.com/
> (very usefull to play with!)
>
> Or Nethunter, that uses Linux Kali and is installed on a simple phone or
> tablet (http://www.nethunter.com/).
>
> >
> > Why do we care so much? Is there some middle-ground that is “good
> enough” but provides almost the same experience as at home?
> Seriously, you have an open network at home?? You login with your bank?
> Ever hear of SSL strip (if not, I recommend to Google it and watch that
> little slot in your browser continously)
>
> >
> > Would our efforts be better spent implementing other beneficial
> technologies such location-aware WiFi, where after the student connects all
> their AppleTV, TimeMachine, and Chromecast devices, the network is smart
> enough to provide them visibility of only those devices when in/near the
> same location e.g. Location-aware bonjour?
> I hope the arguments above convinced you. If not, I think I can think of
> some more...
>
> -Frans
> >
> >
> >
> > Jeff
> >
> >
> > On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Lee H Badman"  on behalf of lhbad...@syr.edu> wrote:
> >
> >> Where it gets interesting- broadcast and single class C required. But-
> this is a great summary of requirements.
> >>
> >> Lee Badman | Network Architect
> >> Information Technology Services
> >> 206 Machinery Hall
> >> 120 Smith Drive
> >> Syracuse, New York 13244
> >> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
> >> SYRACUSE UNIVERSITY
> >> syr.edu
> >>
> >> -Original Message-
> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
> >> Sent: Friday, September 04, 2015 10:46 AM
> >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> >> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in
> the dorms- quick Survey
> >>
> >> Here is my first pass at requirements:
> >>
> >> 1. The service must prevent or discourage devices that ARE capable
> of using 802.1x authentication from using the service.
> >>
> >> 2. The service should provide some sort of traceability of devices
> back to their owners.
> >>
> >> 3. The service must provide some method to deny access to an
> individual device.
> >>
> >> 4. The service must be easy enough to use that the average student
> can connect a device to the network in 10-15 minutes without requiring
> assistance from ITS.
> >>
> >> 5. The service must restrict access to only authorized University
> customers.
> >>
> >> 6. In the residence Halls, the service must supp

Re: [WIRELESS-LAN] Lab Computers and wireless

[Coehoorn, Joel]

Could you do machine authentication for these devices, and put them into a
vlan dedicated to the labs?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 1, 2015 at 4:08 PM, Frank Sweetser  wrote:

> A few people have mentioned dropping user categories into different VLANs,
> which is certainly one viable option.  However, this may cause problems for
> the multi user machines, as having the machine flip VLANs on login can be
> disruptive.
>
> As an alternative, you may be able to use the wireless controllers as the
> control point by defining different firewall policies there, and selecting
> the policy on a per login basis. You still have user based resource
> availability, but the machine never has to change VLAN or IP address.
> 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> On September 1, 2015 4:22:24 PM EDT, Paul Crittenden <
> paul.critten...@simpson.edu> wrote:
> >We are predominately a Meru shop. We have a staff and a student SSID
> >and a Windows Radius server for authentication.  To complicate this we
> >have lab laptops which both students and staff need to be able to log
> >into. Currently we have no way to prevent students from connecting to
> >our staff wireless and staff to student and still allow both students
> >and staff to connect to lab laptops.
> >
> >We have been charged to find out how other institutions are handling
> >this and what best practices they are using for this situation.
> >
> >Thanks in advance for any insight you may be able to offer.
> >
> >
> >**
> >Participation and subscription information for this EDUCAUSE
> >Constituent Group discussion list can be found at
> >http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

[Coehoorn, Joel]

I wonder if the student in question carries a cell phone?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 1, 2015 at 8:10 AM, Barrett, Bruce  wrote:

> We are getting complaints about this from our business areas, Enrollment
> Services etc. I was curious where the 9 feet from an AP recommendation came
> from.
>
>
>
> Bruce
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Charlie Weaver
> *Sent:* Tuesday, September 01, 2015 8:53 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Yes, it sets a precedent that you are going to meet the students’ needs
> and protect the university.  If the parents and the students think it’s an
> issue, why try and force the matter when it is easy enough to move the AP
> and let them plug into the network through a port in the room.
>
>
>
> If they ask for the wireless on the entire campus to be turned off or in
> all of the classrooms the student is in, then it’s a different story.
>
>
> While this is not an ADA issue, the ADA laws talk of “reasonable
> accommodation”.  I would be hard pressed to believe this request was not
> reasonable.
>
>
>
> Ridiculous yes, but still very reasonable.
>
>
>
> Charlie Weaver
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Frank Bulk
> *Sent:* Monday, August 31, 2015 12:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Doesn’t that set a precedent?
>
>
>
> Frank
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Gruenhagen, Tim
> *Sent:* Thursday, August 27, 2015 10:12 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Coincidentally, we just moved an AP out of a student's room because her
> parents were certain that it was a health hazard to be within 9 feet of an
> AP.  No point in arguing with an upset mom.
>
>
>
> On Thu, Aug 27, 2015 at 10:59 AM, Lee H Badman  wrote:
>
> Two words:  Lawyers… geeze.
>
>
>
> *Lee Badman* | Network Architect
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Bob Brown
> *Sent:* Tuesday, August 25, 2015 5:35 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> FYI We’ve included a link to the lawsuit and the school’s statement on
> this lawsuit in this piece:
> http://www.networkworld.com/article/2975945/mobile-wireless/massachusetts-boarding-school-fay-southborough-sued-over-wi-fi-sickness.html?nsdr=true
>
>
>
>
>
> *Bob Brown*
>
> Online Executive Editor, News
>
> T: 508.766.5418
>
> LinkedIn  | Twitter:
> @alphadoggs  | Facebook profile
>  | Google + profile
>  | Instagram
> 
>
>
>
> *NETWORK* *WORLD*
>
> 492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002
>
> NetworkWorld.com  | Media Kit
>  | Conferences & Events
> 
>
> An IDG Enterprise  Brand
>
>
>
>
>
> *From: *, James Patrick 
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Tuesday, August 25, 2015 at 4:43 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> I'll drink to that!
>
>
>
> -- Jim Gogan
>
> ITS Communication Technologies
>
> Univ of North Carolina at Chapel Hill
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Chuck Enfield
> *Sent:* Tuesday, August 25, 2015 4:29 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Say what you want, but I know Wi-Fi makes me sick every year around this
> time.  I 

Re: [WIRELESS-LAN] LTE over Wi-Fi spectrum sets up industry-wide fight over interference

[Coehoorn, Joel]

The good news is that LTE-U still has the same power limitations as other
unlicensed uses. Telecom companies won't be able to easily provision an
LTE-U "tower" every 30 meters within our campus, limiting their ability to
cause interference.

Instead, I see them mostly using this fill coverage gabs by selling wifi
routers with an LTE-U service built-in for rural and other underserved
areas. Additionally, I see them using this to try to push their backhaul
costs onto other providers. A Verizon could get a Cox to help foot their
transit bill by selling their special routers to customers at just below
their cost. Consumers would buy these routers because they are cheaper, and
suddenly Verizon gets some "free" spectrum in that area and can manage
things so the call terminates at the Verizon location nearest the other end
of the conversation.

The biggest risk on our end is probably having students bringing routers
with this ability into their residences, but we can deal with that the same
way we've always done... well, almost, depending on how the whole Mariott
thing turns out.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Aug 27, 2015 at 4:12 PM, Thomas Carter 
wrote:

> Don’t forget the WiFi SLA discussion – another source of interference
> outside of our control.
>
>
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Philippe Hanset
> *Sent:* Thursday, August 27, 2015 2:17 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] LTE over Wi-Fi spectrum sets up
> industry-wide fight over interference
>
>
>
> We can now combine three threads that we have had over the summer on this
> list
>
> 5 GHz, Containment, and the LTE-U controversy (this thread just started)
>
>
>
> LTE-U and Jamming…will my Wi-Fi equipment provider enable LTE-U
> “containment” and as a University/College how can I prevent LTE-U from
> interfering
>
> with my 5GHz deployment.
>
>
>
> Oh boy…
>
>
>
> Philippe
>
>
>
> Philippe Hanset
>
> www.eduroam.us
>
>
>
>
>
>
>
> On Aug 27, 2015, at 2:55 PM, Hinson, Matthew P <
> matthew.hin...@vikings.berry.edu> wrote:
>
>
>
> Source:
> http://arstechnica.com/information-technology/2015/08/verizon-and-t-mobile-join-forces-in-fight-for-wi-fi-airwaves/#p3
>
>
>
> It was only a matter of time.
>
>
>
> Thank you!
>
> Matthew Hinson
>
> Supervisor, Network Operations
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Off-Topic: Apple Cloud/Virtualization?

[Coehoorn, Joel]

While I expect your first choice here is to go 100% native, if you don't
find a better option the folks at Xamarin have done a pretty good job
letting you build iOS apps on Windows with Visual Studio.​



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Jun 8, 2015 at 8:38 AM, Ashfield, Matt (NBCC)  wrote:

>  My apologies for the off-topic post, but this is head and shoulders the
> best higher ED list I’m a part of, so thought I’d ask here…
>
>
>
> Our College is going to be teaching a module on Native IOS App
> development. They will be using the IOS SDK’s to develop the apps. (ie,
> this is not HTML5 apps).
>
>
>
> Where this is one module of a larger program, the idea of buying a bunch
> of Macs for a lab is not overly cost-effective. I thought I’d ask here to
> see if anyone has had any success with Mac-in-a-cloud type of services, or
> possibly a mac-server providing terminal-services/vm type of services?
>
>
>
> Any info you can provide is appreciated. To minimize off-topic traffic to
> the list, please email me directly at matt.ashfi...@nbcc.ca
>
>
>
> Thanks,
>
>
>
> Matt
>
> NBCC
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] google play ACL

[Coehoorn, Joel]

Wow. All of Amazon, too? I'm sitting on the outside of this process looking
in, hoping to do something like this before the end of the summer, and that
ACL is depressing.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, May 29, 2015 at 1:37 PM, Turner, Ryan H 
wrote:

>  Thank you, Jacob.  Looks like I may have to go this route as well.
>
>
>
> Ryan H Turner
>
> Senior Network Engineer
>
> The University of North Carolina at Chapel Hill
>
> CB 1150 Chapel Hill, NC 27599
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jacob Bennefield
> *Sent:* Friday, May 29, 2015 10:26 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] google play ACL
>
>
>
> We have been working with Ruckus and Cloudpath on this issue as well.
> These are the web addresses we allow to make google play and a few other
> things accessible.  You basically have to open up everything to google but
> google.com
>
>
>
> 2  ocsp.digicert.comEditClone
>
> 3  crl3.digicert.com   EditClone
>
> 4  crl4.digicert.com   EditClone
>
> 5  *.play.google.com   EditClone
>
> 6  *.ssl.gstatic.com   EditClone
>
> 7  *.android.clients.google.com EditClone
>
> 8  *.googleusercontent.com   EditClone
>
> 9  *.ggpht.com  EditClone
>
> 10   *.geotrust.com EditClone
>
> 11   *.appengine.google.com EditClone
>
> 12   *.settings.crashlytics.com
> EditClone
>
> 13   *.googleapis.comEditClone
>
> 14   *.cloud.google.comEditClone
>
> 15   *.gvt1.com EditClone
>
> 16   *.android.com  EditClone
>
> 17   passwordreset.lamar.eduEditClone
>
> 18   *.amazon.com  EditClone
>
>
>
>
>
>
>
> Jacob Bennefield, BBA
>
> Manager of Network Services
>
> Lamar University
>
> jacob.bennefi...@lamar.edu
>
> Phone: 409-880-7997
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Turner, Ryan H
> *Sent:* Friday, May 29, 2015 9:01 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] google play ACL
>
>
>
> Hello all,
>
>
>
> I’ve asked this question in the past, got some answers, attempted to
> implement some solutions, and have ultimately been disappointed with the
> results…
>
>
>
> Our problem:  We have a limited access onboarding SSID.  Currently, users
> must download the cloudpath agent directly from OUR server, requiring them
> to configure their devices to allow non google market place applications.
> I am attempting to streamline the onboarding process by allowing access to
> google play directly to download the onboarding application, but am failing
> miserably…  I have put up the white flag and opened up most of google, but
> now I am finding that through a combination of cache servers, and Samsung
> devices that appear to query for their own app store first, my results work
> only half the time.
>
>
>
> Has anyone else figured out a way to solve this madness?  We are not going
> to open up the SSID to everything, because people would just use it and not
> the proper wireless.
>
>
>
>
>
> Ryan H Turner
>
> Senior Network Engineer
>
> The University of North Carolina at Chapel Hill
>
> CB 1150 Chapel Hill, NC 27599
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> CONFIDENTIALITY: Any information contained in this e-mail
> (including attachments) is the property of The State of Texas and
> unauthorized disclosure or use is prohibited. Sending, receiving or
> forwarding of confidential, proprietary and privileged information is
> prohibited under Lamar Policy. If you received this e-mail in error,
> please notify the sender and delete this e-mail from your system.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

I'll add another anecdotal viewpoint that I don't think anyone chooses to
go to a specific school because of the wireless. I do think a student
*may *choose
NOT to go to a specific school if the student has a bad wireless
experience.

A candidate is more likely to assume the wifi works, and their one bad
experience is an aberration, unless it happens repeatedly or they hear
other students complain about it. A simple, "Yeah, it's always like that
comment." and suddenly a candidate goes elsewhere, but unless that happens
wifi just isn't on a candidate's radar. Even if it is, many high schooler's
don't yet have their own laptops (it's becoming a common graduation
present), and will instead rely on a phone that has a backup data plan.
This is especially true on a campus visit. Many candidate may never even
try to connect to your network before arriving as a student for the first
time.

A current student will know better (or think they know better) by the end
of the their first term. A single bad experience here or there typically
won't matter much, but a consistently poor result may contribute to a
transfer decision where wifi is one factor. I think wifi is rarely if ever
the only factor, but the poorer the provided wifi service gets the more it
has a potential to be a big factor.
​​
In other words, wifi service can translate over into the retention side of
things, but teasing out just how much is challenging. The wifi service is
important, but it's probably a mistake to try to build out the service to
the level where you could see it as a competitive advantage over other
institutions. As long as you don't fall significantly behind, you should be
in good shape. Failing to provide service at all, though, is to risk
falling significantly behind. Again, this is my anecdotal viewpoint.

  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, May 14, 2015 at 10:33 AM, Chuck Enfield  wrote:

> I agree with the utility analogy, but what does that tell us?  Not much, I
> think.   Natural gas is also a utility, but request that in your office and
> see what kind of response you get.  The utility analogy fails to answer
> many
> question related to how and where we should deliver Wi-Fi services.  The
> answers to these questions must be driven by business requirements, and
> those are challenging to define.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson
> Sent: Thursday, May 14, 2015 10:35 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless)
> service, or not to provide (wireless) service...
>
> Wi-Fi has become an (expensive to maintain) utility.  It is just expected
> to
> be there and work well.  You don't have people going around asking how much
> of a deciding factor the reliability of the electricity is for choosing
> where to go to school.
>
> Also, 7Signal isn't exactly an unbiased party with no conflicts of
> interest...
>
> On Thu, May 14, 2015 at 09:58:29AM -0400, Chuck Enfield wrote:
> > I have no doubt that network availability, accessibility, and
> > performance all affect student satisfaction.  But my question is
> > directed at the issue of recruitment and retention, as these things
> > have a clear impact on the bottom line.  It stands to reason that
> > student satisfaction affects the bottom line as well, but to what
> > extent is far less clear.  If we can't figure out if networking is a
> > significant factor in who chooses to attend our institutions, it's
> > highly unlikely we'll figure out how it affects things like alumni
> > activity, donations, etc..
> >
> > The (undated) graphic Chris provided is the first time I've seen a
> > survey of students that addresses the recruitment question.  38% say
> > Wi-Fi quality is a deciding factor is pretty powerful.  That said, how
> > students choose their institution is a well-researched question and
> > I've never found information like this in any other source.  Typical
> > of what I find is this 3 year old data from a UCLA survey:
> >
> > 1. College has very good academic reputation (63.8 percent) 2. This
> > college's graduates get good jobs (55.9 percent) 3. I was offered
> > financial assistance (45.6 percent) 4. The cost of attending this
> > college (43.3 percent) 5. A visit to this campus (41.8 percent) 6.
> > College has a good reputation for its social activities (40.2 percent)
> > 7. Wanted to go to a college about this size (38.8 percent) 8.
> > College's grads get into top grad/professional schools (32.8 percent)
> > 9. The percentage of students that graduate from this college (30.4
> > percent) 10. I wanted to live near home (20.1 percent) 11. Information
> > from a

Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

What is the motivation here?

I ask because this sounds like a cost thing. It sounds like the President
is looking at 3 hefty expenses:

1. Existing fixed line internet service
2. Wifi Upgrades
3. Staff support costs for Wifi services

and is hoping to avoid all three of these by switching to an LTE/3G
service. Suddenly the bulk of the fixed-line internet bill goes away, you
don't have to pay for wifi upgrades, and support issues are just directed
to the carrier, instead of institutional IT staff.

Personally, I can't imagine the numbers possibly working out in your favor,
given what I've seen of carrier LTE rates (even if it is just as a
consumer). Pull up your logs and find out how much bandwidth you've used
over a period of month. Then find out how much it would cost to purchase
that data, and I expect that even the bulk rates will give the President
sticker shock and make this whole thing go away.

It may also be that cost is a side issue, and it's really about
streamlining the student experience... suddenly internet access issues are
a carrier issue, and even when students have problems they'll tend to
direct their ill-will at the carrier instead of your institution, plus it
gives IT the ability to function at a higher level, looking at capabilities
and services more than day to day network support. But again, I think the
cost here will orders of magnitude over what is expected.

The day is coming when this kind of service will make sense, but we're not
there yet. And it goes further than just bulk-purchasing LTE data. Just
like now most wireless systems tunnel traffic to a controller appliance
 before terminating it on the university network, someday cellular services
will tunnel traffic even from desktop computers to a leased service in the
cloud, to create private institutional cellular networks, where none of the
network infrastructure resides on campus. But that's a *long* way off yet.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, May 13, 2015 at 9:04 AM, Mark Elley 
wrote:

> Hi Brian,
>
> If 3/4G is seriously being considered by senior management then before any
> decision is actually taken there should be a serious amount of testing (by
> them) - the term 'eating your own dogfood' springs to mind.  I can't
> imagine using a mifi at home to stream Netflix or to download an Apple
> update, especially when the 2.4GHz spectrum will be terribly managed and
> the 3/4G network saturated by huge amounts of traffic.  If they value
> customer satisfaction then there is no option but to invest in wireless
> IMHO.
>
> Good luck with the case.
>
> Mark Elley
> Residential & Mobile IT Manager
> IT Services, University of Bristol
>
> On 13 May 2015 at 14:42, Christopher Michael Allison <
> chris.m.alli...@siu.edu> wrote:
>
>>  An article I found about LTE replacing services it isn't wifi but it
>> gives a detailed account of how LTE connection was tested. It isn't
>> directly related to higher ed applications but it give a good account of
>> the impact of congestion on an LTE service.
>>
>>
>>
>> http://www.networkworld.com/article/2226079/wireless/how-i-replaced-wired-internet-with-4g-lte.html
>>
>>
>>
>>
>>   CHRISTOPHER ALLISON
>> Network Engineer I
>>
>>   Information Technology
>>  Mail Code 4622
>>  625 Wham Drive
>> Carbondale, Illinois 62901
>>
>>  chris.m.alli...@siu.edu <+chris.m.alli...@siu.edu>
>>  P: 618 / 453 - 8415
>>  F: 618 / 453 - 5261
>> INFOTECH.SIU.EDU 
>>
>>
>>  *"Choose a job you love, and you will never have to work a day in your
>> life."*
>>  Confucius
>>   --
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hunter Fuller <
>> hf0...@uah.edu>
>> *Sent:* Wednesday, May 13, 2015 8:36 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless)
>> service, or not to provide (wireless) service...
>>
>>
>> That sounds extremely painful. I cannot imagine deploying a solution that
>> 97+% of laptops cannot use directly.
>>
>> --
>> Hunter Fuller
>> OIT
>>
>> Sent from my phone.
>> On May 13, 2015 8:25 AM, "Brian Helman"  wrote:
>>
>>>  I have a little more information to provide now.  I absolutely
>>> appreciate that it will be extremely tempting to respond with biased
>>> opinions.  I don’t think there is anything that can be said that I haven’t
>>> already expressed to my team.  However, that will not help me write up my
>>> recommendation.  So that being said, feel free to chime in with tangible
>>> reasons to do this or not…
>>>
>>>
>>>
>>> Apparently, our president heard that some schools are investigating
>>> purchasing bulk data contracts with mobile (“cellular”) carriers for data.
>>> The idea 

Re: [WIRELESS-LAN] Roaming

[Coehoorn, Joel]

​
Do y’all have one vlan per building?

We have four wireless vlan zones (North, South, East, West).

Do you allow roaming over entire campus, per building or what?

The buildings in each zone are strategically chosen to avoid roaming
problems... we don't have much outdoor coverage, so it would be hard to
roam between the zones anyway. North and South are academic/administrative
buildings, East and West are residential.


How large are youf DHCP pools? What is the pool expiration time?


We use /21s with 8 day leases. However, it works out such that the vlans in
each zone rarely have more active devices than you would with a /24. The
larger address space and longer leases are so that clients generally have
persistent IP addresses in each zone over time, even if they aren't
actively using a lease. We do NAT everything, so maintaining address space
for 4x our regular population isn't a problem.



How do y’all find these abusers?


We don't require any authentication to the wireless network. We want to be
as welcoming to guests (especially alumni and admissions candidates) as
possible. However, we do still track use based on IP only (hence the need
for longer, persistent leases). This is a kind of double-blind strategy to
avoid charges of favoritism in enforcement. Abuse is monitored at the
internet gateway, using a product called Untangle NGFW. I can't say enough
good things about that product, though we're a very small institution and
it might not scale up for many others on this list. If/when abuse is
detected, an enforcement determination is then made by the student
development office... not by IT.


Only after the enforcement determination is made will we cross reference
the IP/mac across all four zones, and force all four IPs to a captive
portal page on the NGFW that requires authentication. We also convert the
leases to reservations, and move the macs to a policy group in the policy
trees such that internet service is highly degraded if the user chooses to
attempt something like setting a static IP, but will operate normally if we
have a username associated with it. This process isn't as much work as it
sounds like.


The whole scheme was created initially because we haven't long had the
ability to do vlan pools. We had to use zones to avoid everyone being in
one big vlan, and each zone had exactly one vlan. We keep the scheme
because it allows some natural isolation of residential traffic from the
rest of the network.

  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, May 5, 2015 at 10:19 AM, Legge, Jeffry  wrote:

>  Currently we allow roaming over our entire campus. Some buildings have
> their own vlan while others do not. Each year we have more devices and thus
> our DHCP pools are stressed. We are looking at changing our network design
> and giving each building their own vlan and larger DHCP pools. We currently
> have a class B IPV4 internet addresses and will move to NAT. When students
> are abusing copyright etc. we are given an IP address and asked to
> determine who is doing the abusing. As students roam they could end up with
> multiple IP addresses and Natting will complicate the ability to find these
> abusers  I am curious about the following.
>
>
>
> ​​
> Do y’all have one vlan per building?
>
>
>
> How large are you DHCP pools?
>
>
>
> What is the pool expiration time?
>
>
>
> Do you allow roaming over entire campus, per building or what?
>
>
>
> How do y’all find these abusers?
>
>
>
> Any thoughts will be appreciated.
>
>
>
> -Jeff Legge
>
> Radford University
>
> 540-250-5224
>
>
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

I'm considering a student-funded Wifi refresh project. Our Wifi system was
designed for 2.4Ghz, with 2.4/5Ghz dual-radio APs added over the last two
years such that the new AP was just dropped into the same spot as the old
2.4-only model. These are mainly in hallways instead of student rooms.

Needless to say, the 5Ghz coverage isn't very good. The overlap is just bad
enough that 5Ghz devices are often at a range where they get signal that's
just good enough to avoid jumping to 2.4, especially certain devices
**cough**apple**cough**, but is noticeable weaker than what we'd like to
see. Overall adding 5Ghz has been an improvement over 2.4-only, but it
hasn't helped to the degree that it should.

The next logical step is to get the APs into student rooms. However, the
funding just isn't there right now. Having just spent the money for
dual-radio APs, the thinking is to get another year out of this equipment
and start the move to 802.11ac next summer. Hopefully the ac stuff will be
cheaper by then, as well.

To help us get through this next year, I'm working on a proposal to have
students sponsor new access points. If, say, a 4-student suite can put the
funds together for a new AP, we'll put the AP in their room for this year.
Of course, the next year we'll be free to move the AP to where it will do
the most good.  I'm going to propose we ask student to put up 50% of the
cost of the AP. More than that, and they may feel that they own the device,
and tamper with or take it with them. Less than that, and there's not much
point to making the offer. It helps that our APs are fairly inexpensive to
begin with; the student cost would be about $250, and that's a reasonable
amount with split 2-4 ways.


  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] troubleshooting wireless issues

[Coehoorn, Joel]

One resource we use is our student workers. They hear and know things about
student perception of the network that faculty and staff just don't. But
again... smaller campus, and it's still reactive rather than proactive.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Apr 2, 2015 at 3:34 PM, Ankit Agarwal  wrote:

> Hi Dave,
>
> We have the same problem. Students don't like to reach out to help desk or
> create tickets. I usually ask faculty or staff if they hear any complains
> about wireless. I also sometimes walk around and ask students how wireless
> is working for them and what areas they face issues. Its easier for me as
> we have small campuses. But I am not sure how good this approach will be
> for bigger universities.
>
> Regards,
>
> *Ankit Agarwal*
> Network Engineer
> California College of the Artstechnology.cca.edu |Email: aagar...@cca.edu
>
>
> On Thu, Apr 2, 2015 at 1:09 PM, Alexander, David 
> wrote:
>
>>  I’d like to know what other schools are doing to proactively
>> troubleshoot wireless issues on your campus.
>>
>>
>>
>> Our network team does a great job of troubleshooting end user wireless
>> connectivity issues when a customer calls the Service Desk to report an
>> issue, but end users don’t like to call our Service Desk to report issues.
>> Because of this, end users assume our network sucks or they try their own
>> workarounds (eg. using cellular data, etc.).
>>
>>
>>
>> What level of success do you have with customers contacting your Service
>> Desk about connectivity issues?  Do you do anything to proactively find out
>> if customers are having connectivity issues?
>>
>>
>>
>> It seems like a lot of the issues are on the client side (eg. updating
>> Surface Pro drivers, applying a Mac fix, etc.).  What approaches are you
>> using to communicate about device specific issues?
>>
>>
>>
>> I’d appreciate any feedback you have on how you are approaching this
>> issue on your campus to improve end user experience with your wireless
>> network.
>>
>>
>>
>> Thanks,
>>
>> Dave
>>  ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

[Coehoorn, Joel]

I used to prefer e-mail as well, but lately I've appreciated the web site
format more and more. Part of the reason is that it's so easy to turn this
kind of web site into an e-mail subscription... this is what RSS is made
for. That said, the reason I've preferred the web site is the ability to
find the content through Google, and I'm not sure something that is
publicly indexed is the right place to foster these discussions.

What I'd really like is something that lives in between a Stack
Overflow/Stack Exchange Q&A site and a traditional forum/bb format...
something that is better at discussion than Stack Exchange, but does a
better job of surfacing the truly useful discussions than a forum.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 18, 2015 at 2:17 PM, Lee H Badman  wrote:

>  You could be right- I used to run a Google group for regional ham radio
> nerds, I think that did both (I think).
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Frank Sweetser
> *Sent:* Wednesday, March 18, 2015 3:07 PM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Looking for interest among Wi-Fi
> professionals
>
>
>
> Perhaps best of both worlds? I believe there are some forums in which you
> can participate equally through both mailing lists and web forums.
>
> On March 18, 2015 2:59:56 PM EDT, Lee H Badman  wrote:
>
> I hear you and get it, Ian- thanks.
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Ian McDonald
> *Sent:* Wednesday, March 18, 2015 2:58 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Looking for interest among Wi-Fi
> professionals
>
>
>
> Can't see me using anything that I have to visit and look at rather than
> it being delivered to me like a listserv. There's just not the time in the
> day.
>
> Best Regards
>
> Sent from my phone, please excuse brevity and/or misspelling.
>   --
>
> *From: *Lee H Badman 
> *Sent: *‎18/‎03/‎2015 17:49
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject: *[WIRELESS-LAN] Looking for interest among Wi-Fi professionals
>
> This is not meant to self-promote, apologies if it seems that way. Looking
> for interest on whether those on the list would get value out of a
> potential new wireless-oriented discussion board, as described here:
>
>
>
>
> https://wirednot.wordpress.com/2015/03/18/hey-wireless-professionals-would-you-use/
>
>
>
> Won’t hurt my feelings either way, but could be kind of valuable if you
> picture it widely used.
>
>
>
> Regards-
>
>
>
> Lee Badman
>
>
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm chipset | PCWorld

[Coehoorn, Joel]

It's gonna be a long time coming, but I think the eventual end-game here is
we stop providing residential service at all. As the unlicensed spectrum
deteriorates and the licensed providers (Verizon, AT&T, et al) improve
service and rates, eventually we'll hit a tipping point where it no longer
makes sense. Students will just use their cell service. But again... that's
a very long ways off yet. In the meantime, we have to do the best we can
with the spectrum available to us.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Feb 27, 2015 at 8:47 AM, Chuck Enfield  wrote:

> Without a doubt, but I assumed it's unavoidable.  Such is the nature of
> unlicensed spectrum.  More wireless devices means more congestion, which
> means anybody for whom it's important that their systems work well will
> put them in the best available band until eventually it is saturated too.
> The only solution I can conceive of is to make enough unlicensed spectrum
> available that everything can coexist in an mutually acceptable manner.
> We don't have that with 5GHz.  Add 60 GHz to the mix, with lots of
> high-capacity channels and poor propagation, and we probably get some
> breathing room, but even then I don't know how long it will last.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
> Sent: Friday, February 27, 2015 8:45 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new
> Qualcomm chipset | PCWorld
>
> All I can say is that if we continue down this path, the 5GHz band will
> eventually turn into the mess that the 2.4GHz band is today. There might
> be more channels available in the 5GHz band, but there is a colossal
> parade of devices that are on their way to invade it, and it's not going
> to be pretty.
>
> Now, off to find fight rogues.
>
> Hector Rios
> Louisiana State University
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
> Sent: Thursday, February 26, 2015 7:15 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new
> Qualcomm chipset | PCWorld
>
> http://www.pcworld.com/article/2889792/lte-can-mooch-off-of-wifi-spectrum-
> with-new-qualcomm-chipset.html
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks

[Coehoorn, Joel]

> I do think this can be good for Aruba  If integrated well, HP could
have a compelling
> package with ProCurve and Aruba all managed under AirWave with some magic
SDN
> sprinkled in there somewhere.

We'll see how it works out. We had a 3Com system once upon a time. Remember
3Com?




  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Feb 26, 2015 at 1:23 PM, Thomas Carter 
wrote:

>   I kept telling our Dell reps that Dell needs to buy into wireless and
> grab Aerohive or Ruckus. They would just mention the Aruba deal; we’ll see
> what happens with that.
>
> I do think this can be good for Aruba. I see it as this – Cisco is a
> company that does $50B revenue annually and spends $6B in R&D. I know
> that’s not all wireless, but Aruba has $725M annual revenue with $170M R&D.
> They need the financial backing to stay in second and maybe close the gap
> on Cisco. If integrated well, HP could have a compelling package with
> ProCurve and Aruba all managed under AirWave with some magic SDN sprinkled
> in there somewhere.
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
> 903-813-2564
>
> [image: AusColl_Logo_Email]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey Sessler
> *Sent:* Thursday, February 26, 2015 10:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba
> Networks
>
>
>
> Makes sense. Aruba is #2 in the market (but pretty distant from Cisco),
> and HP is 4th depending on who to talk with, so acquiring Aruba would put
> their combined market share well past the other competition, and a tad
> closer to Cisco. Then again, it could go all wrong under HP. I thought Dell
> would have been a better match - I wonder what happens to the Aruba/Dell
> oem relationship if this happens? Or the Alcatel oem agreement.
>
>
>
> Jeff
>
> >>> On Wednesday, February 25, 2015 at 1:07 PM, in message <
> b46a050c-963c-4838-acec-6c890472e...@exchange.louisville.edu>, Trent Hurt
>  wrote:
>
> http://mvnoblog.com/hp-is-reportedly-trying-to-buy-aruba-networks/
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] NAT tracking question

[Coehoorn, Joel]

I was wondering the same thing.

Thinking about the problem, it occurred to me that for institutions that
once had enough IPs to go around to each device, getting more IPs to handle
the recent explosion in the number of devices per person and the number of
simultaneous online devices may be a challenge as IPv4 exhaustion is upon
us. In that case, NAT'ing one external IP for all of an individual users'
devices would still meet any identification goals.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Feb 23, 2015 at 2:13 PM, Chuck Anderson  wrote:

> If you have 1 public IP address reserved for each individual user, why
> do you need to do NAT at all?  This is a serious question--if you
> aren't saving public IPs by doing 1:many NAT, why do NAT at all?
>
> Thanks.
>
> On Mon, Feb 23, 2015 at 11:33:45AM -0500, Norman Elton wrote:
> > We play tricks with our ISC DHCP server and a pair of F5 LTMs (similar
> > to the A10 gear). The DHCP server hands out predetermined private IP
> > addresses to devices as soon as we determine ownership (through our
> > NAC). For outbound traffic, the F5 uses this private IP address to NAT
> > to a public IP address that is reserved for the individual user. The
> > end result is that no matter where the device is on campus, we know
> > that 128.239.x.y is something owned by Joe Smith. If we need to know
> > exactly which device, we consult our flow logs. But at least we're 99%
> > confident we're dealing with the right student.
> >
> > I'm happy to share the gory details if someone wants to wrap their
> > head around it.
> >
> > Norman Elton
> > College of William & Mary
> >
> >
> >
> > On Mon, Feb 23, 2015 at 10:30 AM, Danny Eaton 
> wrote:
> > > We've got our Juniper SRX 5800 doing our NAT for all wireless, plus
> all students and visitors (wired or wireless).
> > >
> > > We send those logs (and the SRX is VERY CHATTY about NAT) to our
> Splunk server for the tying together of date/time, public IP and private IP
> - in the event we get a notice from some TLA.
> > >
> > > -Original Message-
> > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart
> > > Sent: Monday, February 23, 2015 9:12 AM
> > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > > Subject: Re: [WIRELESS-LAN] NAT tracking question
> > >
> > > We use a Sonicwall E8500 for NAT, it will log all NAT translations and
> send them as syslog to a server for storage. I have logrotate changing
> files every hour to make it easier to search on.
> > > --
> > > Heath Barnhart
> > > ITS Network Administrator
> > > Washburn University
> > > Topeka, KS
> > >
> > >
> > > On Wed, 2015-01-14 at 14:49 -0500, Jerry Bucklaew wrote:
> > >> To ALL:
> > >>
> > >> We have a large Cisco wireless deployment with public ip address
> > >> space.  Getting more public IP's is getting difficult so we are
> > >> considering going to NAT.  The issue we have with NAT is that we still
> > >> want to be able to map an outside IP back to a individual user.  Once
> > >> you go to NAT that of course becomes more difficult to do.   I know a
> > >> lot of you are probably already doing this and I was wondering how and
> > >> what products do you use?  I assume most have a one to many NAT and
> then
> > >> use something like a netflow collector to to track the inside NAT IP
> to
> > >> the outside Src-IP/DST-IP/Port/Time. Any good working solutions or
> > >> products would be helpful.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Interesting Wifi 3-D Visualization

[Coehoorn, Joel]

If you haven't seen this already, it's worth your time

http://www.engadget.com/2015/02/16/wifi-mapping-in-3d/

My favorite line is, "The distance between these features is roughly the
same as one wavelength of 2.4Ghz".


  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

In theory, yes. In practice, good luck finding it implemented that way in a
product we can actually deploy, or supported in a product in use by our
constituents.


On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk  wrote:

> Isn’t the certificates thing being described something like EAP-TLS?
>
>
>
> Frank
>
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

> does the enterprise wlan market need to figure out how to look more like
a consumer wlan? Is this a problem EDU's have created because of some
desire to provide a service that's more complex or invasive to use then it
has to be? Is there really a need to on-board devices and have them
associate using WPA2 Ent, or could we support the bulk of our users
(especially students) using something more consumer friendly?

THIS. For a few years now I've been wishing for an encrypted wifi offering
that works much more like SSL does on the web. Divorce the encryption
features currently .1x from the authentication/authorization parts. Let me
by a certificate from someone like VeriSign or Digicert that everybody
already trusts, deploy it to may APs or controller, and if you trust them,
you can get an encrypted connection without needing to do anything
different than if you were using a public hotspot. It needs to be just that
easy for end users. No enrollment, no pre-shared key, nothing. All of the
other authorization/authentication things that I want to do (or not do,
depending on things like subnet, MAC/ACL list, etc) can be handled after
the wifi link terminates at the controller or AP.

This is where the WiFi Alliance has the potential to help things. They can
push for inclusion of this ability in the 802.11 standard, and they can
push device makers to have better support for it. They're pull may be
reduced or wifi's early years, but it's not gone yet.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler 
wrote:

>  I don't know Lee, in my mind is it the device maker's requirements to
> work in both consumer and enterprise environment, or does the enterprise
> wlan market need to figure out how to look more like a consumer wlan? Is
> this a problem EDU's have created because of some desire to provide a
> service that's more complex or invasive to use then it has to be? Is there
> really a need to on-board devices and have them associate using WPA2 Ent,
> or could we support the bulk of our users (especially students) using
> something more consumer friendly?
>
> Take residential (dorm) wifi as an example. If you had a model with an
> open or PSK-emulated wireless network coupled with location-based service
> filtering, the user gets on with every device out there, and they can see
> their chromecast, appletv, etc. and any others on that AP or 1 adjacent.
> Pretty much gives you the consumer feel.
>
> Jeff
>
>
> >>> On Thursday, January 22, 2015 at 11:47 AM, in message <
> 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu>, Lee H Badman <
> lhbad...@syr.edu> wrote:
>
> I know self-promotion is in poor taste, but wanted to share this
>
>
>
> http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718?
> ​
>
>
> and encourage anyone of like (or opposing) mind to add comments. I'm told
> that the Alliance is at least reading along, FWIW.
>
>
> -Lee
>
>
>  *Lee H. Badman*
> Network Architect/Wireless TME
> ITS, Syracuse University
> 315.443.3003
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

Not sure I agree with the "separate certification" idea. Too many of
students will still expect their residences to work with just "living room"
specification. To many of our faculty expect their classrooms to work that
way.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Jan 22, 2015 at 2:41 PM, Thomas Carter 
wrote:

> Well written and definitely on point. Our users think wireless should
> “just work”. Roaming, Dot 1X, etc is a foreign language to them. It works
> at home with their Linksys, why can’t it work here? They think (and
> sometimes say) “the problem must be your wireless network and not my
> wireless device.”
>
>
>
> Thomas Carter
>
> Network and Operations Manager
>
> Austin College
>
> 903-813-2564
>
> [image: AusColl_Logo_Email]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hinson, Matthew P
> *Sent:* Thursday, January 22, 2015 2:27 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
>
>
>
> Lee,
>
>
>
> Good write-up. I found myself nodding in agreement frequently as I read
> along.
>
>
>
> The biggest problem I see in the trenches of WLAN administration is a lack
> of knowledge about the Alliance at all. Their marketing has been so
> successful that “Wi-Fi” has become synonymous with 802.11 wireless
> networking. I cannot tell you the number of times a user brings a
> particular device on our network that can’t do .1X or some other critical
> standard. 10/10 times, you can check the Alliance’s database and find out
> that it isn’t certified.
>
>
>
> Of course, when you explain to them that their device isn’t working, they
> immediately default to “Well I’ve never even *heard* of that Wi-Fi
> Alliance thing.”
>
>
>
> TL;DR: I see the biggest problem as people not caring whether the device
> is certified or not, to say nothing of the quality of said certification.
>
>
>
> -Matt
>
>
>
> Matthew Hinson
>
> CWAP
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Lee H Badman
> *Sent:* Thursday, January 22, 2015 2:47 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
>
>
>
> I know self-promotion is in poor taste, but wanted to share this
>
>
>
>
> http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718?
> ​
>
>
>
> and encourage anyone of like (or opposing) mind to add comments. I'm told
> that the Alliance is at least reading along, FWIW.
>
>
>
> -Lee
>
>
>
> *Lee H. Badman*
> Network Architect/Wireless TME
> ITS, Syracuse University
> 315.443.3003
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It would seem FCC just declared WLAN quarantine features illegal

[Coehoorn, Joel]

>. We ask our students to sign a number of agreements when they
matriculate, one of which has to do with being a good net citizen (don't
DDOS our servers or anyone else's, don't download protected content, etc).
They must agree not to use their own APs without the permission of IT*

I'm not sure that covers it. What if Marriott adds similar rules to these
when you sign the check-in papers for your hotel room? What about
non-student guests, who haven't agreed to this and are using a MiFi to
avoid agreeing to any NAC policies?



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Oct 27, 2014 at 4:15 PM, Dave Flynn  wrote:

> While I agree that this opens up a nasty precedent for commercial
> institutions, I don't think it's a threat to colleges or universities. We
> ask our students to sign a number of agreements when they matriculate, one
> of which has to do with being a good net citizen (don't DDOS our servers or
> anyone else's, don't download protected content, etc). They must agree not
> to use their own APs without the permission of IT*; if they do, we have the
> right to knock them off the network. Generally speaking, we prefer to do
> that by disabling the wall port(s) to which they cannot instead of
> poisoning them from our own APs, but they've agreed to follow our
> guidelines regardless of the mechanism we choose. It's a condition of being
> a student here. The Marriott situation does not apply.
>
> *Not that they don't try. We have dozens of rogue APs every Fall and it
> takes many hours to clean them up.
>
> Dave Flynn
> Manager of Systems and Infrastructure
> Carleton College
> 507 222 7836 - office
> 651 331 6323 - cell
>
> --
> *From: *"Pete Hoffswell" 
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Sent: *Monday, October 27, 2014 4:05:01 PM
>
> *Subject: *Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
> quarantine features illegal
>
> My thought is that the FCC is "simply" trying to police the ISM band, as
> outlined in FCC part 15 regulations
>
>
> http://www.ecfr.gov/cgi-bin/text-idx?SID=d5df6d61f643786c6651653f0942fd73&node=pt47.1.15&rgn=div5
>
> The 2.4GHz ISM band is free an open for everyone to use.  If you
> intentionally disrupt transception, well, I think you might be breaking
> some part of part 15.  I've not read part 15, nor could I even begin to
> comprehend it.
>
> But it gets grey quickly, doesn't it?   If you have a rogue AP on your
> campus, and you mitigate it by sending a spoofed disassociate packet, well,
> are you "jamming"?
>
> I'm with Lee.  I think the FCC jumped into a deep pond with this one.  The
> rules are out of date at best.  They need to clarify.
>
>
>
>
>
>
>
>
> -
> Pete Hoffswell - Network Manager
> pete.hoffsw...@davenport.edu
> http://www.davenport.edu
>
>
> On Mon, Oct 27, 2014 at 4:38 PM, Lee H Badman  wrote:
>
>>  Not so sure I agree- I know that Marriott’s insane fees led to this,
>> but the FCC seems to be saying “you can’t touch people’s Wi-Fi, period”
>> whether you offer a free alternative or not seems irrelevant. But then
>> again, it appears that they issued a decision and were clueless about the
>> fact that they created a lot of confusion over features that are built in
>> to equipment that they certified for use in the US.
>>
>>
>>
>> Lee Badman
>>
>> Wireless/Network Architect
>>
>> ITS, Syracuse University
>>
>> 315.443.3003
>>
>> (Blog: http://wirednot.wordpress.com)
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Williams, Matthew
>> *Sent:* Monday, October 27, 2014 4:32 PM
>>
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
>> quarantine features illegal
>>
>>
>>
>> I don’t think that there’s a distinction about the location.  My
>> understanding is that the issue was that Marriott was jamming the hotspots
>> to force people to pay for the hotel provided wireless network.  I don’t
>> think that there would have been a lawsuit if the hotel Wi-Fi was free.
>>
>>
>>
>> Respectfully,
>>
>>
>>
>> Matthew Williams
>>
>> Kent State University
>>
>> Network & Telecommunications Services
>>
>> Office: (330) 672-7246
>>
>> Mobile: (330) 469-0445
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
>> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> ] *On Behalf Of *Kitri Waterman
>> *Sent:* Monday, October 27, 2014 4:25 PM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
>> quarantine features illegal
>>
>>
>>
>> "Marriott Hotel Services has come to a $600,000 agreement with the
>> Federal Communications Commission to settle allegations that the hotel
>> chain "interfered wi

Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this?

[Coehoorn, Joel]

​I use Untangle... but we're a very small school (400 undergrads), so this
won't be the best choice for everyone.​

Again, I also don't run that policy for the population at large. I watch my
logs a little extra close for the first week or three and move students to
the policy group as needed.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 8, 2014 at 11:12 AM, Bob Williamson 
wrote:

>  Joel,
>
>
>
> I am curious what you are using that triggers a throttle/tarpit when
> Bittorent is detected.
>
>
>
> Thanks,
>
> Bob Williamson
> Network Administrator
> Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org
> D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org
>
>  *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Coehoorn, Joel
> *Sent:* Wednesday, October 8, 2014 8:22 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all,
> Bittorrent- Anyone else seeing this?
>
>
>
> I've found that some Bittorrent clients just do. not. give. up.
>
>
>
> You block a torrent, the clients will try, try again, often changing
> something in how they send the messages: route over https, exclude certain
> peers, etc, and eventually they sometimes find a way around the block.
>
>
>
> What I've seen that's most effective in really defeating bittorrent is
> throttling/tarpitting the user's traffic: not just bittorrent itself, but
> *everything* originating from that internal IP. Send them back to the dial
> up era. When the bittorrent traffic stops, their connection returns to
> normal within a few minutes.
>
>
>
> Students in this situation have figured out pretty quickly that bittorrent
> was causing their slowness issues. From the student's perspective,
> bittorrent breaks their computer. The great thing here is that it really
> does tend to follow that thought process, and the blames tends to be
> assigned to the protocol or something wrong with their bittorrent
> configuration, rather than with your network. At this point, the behavior
> is self-correcting.  If a student does complain, you point them to
> bittorrent as a possible factor, and they'll get it soon it enough.
>
>
>
> There's some good news/bad news for this approach, though. The good news
> is that you don't have to detect every packet from every torrent stream for
> a student to have an effective block. The bad news is that some unwanted
> traffic still does get through (though usually not enough to offend the
> copyright gods), and that there is a risk for small false positives
> creating slow connections for innocent users... especially when there are
> some legitimate bittorrent uses such as research data, linux distributions,
> game updates, etc. I tend to not apply this policy to the population at
> large, but only to those who have already tripped a flag somewhere: log
> first, find where your torrenters are, and apply the tarpit policy rule to
> that group.
>
>
>
>
>
>
>
>
>   Joel Coehoorn
> Director of Information Technology
> 402.363.5603
> *jcoeho...@york.edu *
>
> The mission of York College is to transform lives through
> Christ-centered education and to equip students for lifelong service to
> God, family, and society
>
>
>
> On Wed, Oct 8, 2014 at 8:54 AM, Lee H Badman  wrote:
>
>  We recently started relying on the 5508 AVC capability to block
> Bittorrent, which it seems to do fairly well. But… we are getting an
> increasing number of take-down notices where Bittorrent was used to do
> something, but drilling into the data in PI shows that nothing was detected
> by the WLC  for the activity that led to the take-down. In other words, the
> system doesn’t see the Bittorrent activity.
>
>
>
> We have all three Bittorrent protocols in use
> (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed
> being blocked. But what is getting by is probably sufficient enough that we
> may have to abandon the WLC P2P strategy and go back to an appliance. Has
> anyone been through this, and found anything else to add to the profile to
> help stem the Bittorrent? (We also have the obvious ones like eDonky, etc)
>
>
>
> Thanks-
>
>
>
> Lee
>
>
>
> Lee Badman
>
> Wireless/Network Architect
>
> ITS, Syracuse University
>
> 315.443.3003
>
> (Blog: http://wirednot

Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this?

[Coehoorn, Joel]

I've found that some Bittorrent clients just do. not. give. up.

You block a torrent, the clients will try, try again, often changing
something in how they send the messages: route over https, exclude certain
peers, etc, and eventually they sometimes find a way around the block.

What I've seen that's most effective in really defeating bittorrent is
throttling/tarpitting the user's traffic: not just bittorrent itself, but
*everything* originating from that internal IP. Send them back to the dial
up era. When the bittorrent traffic stops, their connection returns to
normal within a few minutes.

Students in this situation have figured out pretty quickly that bittorrent
was causing their slowness issues. From the student's perspective,
bittorrent breaks their computer. The great thing here is that it really
does tend to follow that thought process, and the blames tends to be
assigned to the protocol or something wrong with their bittorrent
configuration, rather than with your network. At this point, the behavior
is self-correcting.  If a student does complain, you point them to
bittorrent as a possible factor, and they'll get it soon it enough.

There's some good news/bad news for this approach, though. The good news is
that you don't have to detect every packet from every torrent stream for a
student to have an effective block. The bad news is that some unwanted
traffic still does get through (though usually not enough to offend the
copyright gods), and that there is a risk for small false positives
creating slow connections for innocent users... especially when there are
some legitimate bittorrent uses such as research data, linux distributions,
game updates, etc. I tend to not apply this policy to the population at
large, but only to those who have already tripped a flag somewhere: log
first, find where your torrenters are, and apply the tarpit policy rule to
that group.





  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 8, 2014 at 8:54 AM, Lee H Badman  wrote:

>  We recently started relying on the 5508 AVC capability to block
> Bittorrent, which it seems to do fairly well. But… we are getting an
> increasing number of take-down notices where Bittorrent was used to do
> something, but drilling into the data in PI shows that nothing was detected
> by the WLC  for the activity that led to the take-down. In other words, the
> system doesn’t see the Bittorrent activity.
>
> We have all three Bittorrent protocols in use
> (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed
> being blocked. But what is getting by is probably sufficient enough that we
> may have to abandon the WLC P2P strategy and go back to an appliance. Has
> anyone been through this, and found anything else to add to the profile to
> help stem the Bittorrent? (We also have the obvious ones like eDonky, etc)
>
> Thanks-
>
> Lee
>
> Lee Badman
> Wireless/Network Architect
> ITS, Syracuse University
> 315.443.3003
> (Blog: *http://wirednot.wordpress.com* )
>
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless lighting controls, etc

[Coehoorn, Joel]

Funny how things just come together sometimes. I also saw this today:

https://www.youtube.com/watch?v=egIY7ushchU


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu *




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 30, 2014 at 12:28 PM, Jason Watts  wrote:

> Lee,
>
> Aside from Lutron and Crestron, which I believe both have equipment which
> operates in the low Mhz range (200-400), I've heard of Enocean which has
> offerings in both 300 and 900Mhz range and uses energy harvesting with some
> of its switches and components so that they are non-wiring dependent.
>
> Here is a link to what they are terming their wireless ISO/IEC standard:
>
> http://www.enocean.com/en/enocean-wireless-standard/
>
> We looked at them when Facilities was shopping around to upgrade some
> lighting systems. Haven't seen any of their gear in operation yet.
>
> --
> Jason Watts
> Pratt Institute, Academic Computing
> Senior Network Administrator
>
>
> On 9/30/2014 10:11 AM, Lee H Badman wrote:
>
>> My cynical side thinks I know the answer already, but let my cast my net
>> anyways…
>> Has anyone found or been involved with any sort of lighting/sound
>> controls that have wireless componentry and work well with enterprise
>> WLAN?
>> Thanks-
>> Lee
>> Lee Badman
>> Wireless/Network Architect
>> ITS, Syracuse University
>> 315.443.3003
>> (Blog: _http://wirednot.wordpress.com_)
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iOS 8 drops tomorrow

[Coehoorn, Joel]

This is kind of a side issue, but it's not just the OS itself. An iOS
update tends to bring a lot of app updates along with it. I just opened my
iPad and had 16 apps wanting to update. A couple days ago it was another 8,
with 1s and 2s more than usual at other times over the last couple weeks.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu *




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Sep 18, 2014 at 9:29 AM, Matt O'Brien 
wrote:

> It looks like the space requirements for the IOS update to 8.0 kept a high
> percentage of devices from being able to get the update. Lots of upset IOS
> device owners on our campus, especially the ones with 16GB IOS devices.
> Looks like the update requires roughly 4.4GB of space before it will allow
> the device to download the update.
>
> Matt,
>
> On Thu, Sep 18, 2014 at 8:06 AM, Craig Eyre  wrote:
>
>> We didn't notice an out of control increase like iOS 7 but I did note
>> that my phone didn't prompt me for the update, I had to go into the
>> software update area and look for it. This might have kept the bandwidth
>> down or it could be just my phone :>)
>>
>>
>> Craig
>>
>> On Thu, Sep 18, 2014 at 6:44 AM, Peter P Morrissey 
>> wrote:
>>
>>>  Same here. Overall traffic peaks were higher, but our base levels grow
>>> quite a bit every year, so I would say the percentage of increase wasn’t as
>>> high as last year, but the traffic increase was significant. We saw peaks
>>> on our Internet connection of about a gig higher than normal for time of
>>> day but they were well within our burstable limit, and another gig or so
>>> increase in Akamai traffic. This persisted on and off until around midnight.
>>>
>>>
>>>
>>> Pete Morrissey
>>>
>>>
>>>
>>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jason Wang
>>> *Sent:* Thursday, September 18, 2014 12:24 AM
>>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow
>>>
>>>
>>>
>>> We didn't see as sharp of an increase for this, but overall traffic
>>> reached about the same level for us on iOS 8 as it did last year for iOS 7.
>>>
>>> This is what we saw for iOS 8:
>>> [image: ios8_20140917]
>>>
>>>
>>> And this is what we saw for iOS 7 last year:
>>> [image: ios7_20130918]
>>>
>>>
>>> Jason
>>>
>>>
>>>  On 9/17/14, 3:32 PM, Entwistle, Bruce wrote:
>>>
>>> We have not seen as significant of an increase in traffic with the iOS 8
>>> release as we did with the iOS 7 release.
>>>
>>>
>>>
>>> Bruce Entwistle
>>>
>>> Network Manager
>>>
>>> University of Redlands
>>>
>>>
>>>
>>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
>>> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> ] *On Behalf Of *Peter P Morrissey
>>> *Sent:* Wednesday, September 17, 2014 11:38 AM
>>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow
>>>
>>>
>>>
>>> Thanks Lee for digging up the link for Akamai signup.
>>>
>>>
>>>
>>> The Akamai caching definitely kicked in for us, offloading up to over a
>>> Gig’s worth.
>>>
>>>
>>>
>>> If you look at a graph of our Internet traffic versus Akamai server
>>> traffic (don’t know if they’ll come through the listserv) you can see that
>>> our Internet traffic took a little jump right at 1:00 PM, but then settled
>>> down to normal levels when the Akamai server traffic spiked up, taking over
>>> the load. Overall though, so far today, the traffic levels from IOS8
>>> haven’t been too bad. Maybe we’ll see more when the kiddies get out of
>>> class.
>>>
>>>
>>>
>>> Pete
>>>
>>> *`Daily' Graph (5 Minute Average) Internet *
>>>
>>> [image: day]
>>>
>>> *Max*
>>>
>>> *Average*
>>>
>>> *Current*
>>>
>>> *In*
>>>
>>> 3924.1 Mb/s (39.2%)
>>>
>>> 1843.2 Mb/s (18.4%)
>>>
>>> 3296.3 Mb/s (33.0%)
>>>
>>> *Out*
>>>
>>> 615.0 Mb/s (6.2%)
>>>
>>> 323.8 Mb/s (3.2%)
>>>
>>> 420.6 Mb/s (4.2%)
>>>
>>>
>>>
>>>
>>>
>>> *`Daily' Graph (5 Minute Average) Akamai*
>>>
>>> [image: day]
>>>
>>>
>>>
>>>
>>>
>>> -Original Message-
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
>>> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> ] On Behalf Of Peter P Morrissey
>>> Sent: Wednesday, September 17, 2014 2:09 PM
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow
>>>
>>>
>>>
>>> Hi John,
>>>
>>> Don't have link handy but I'll ask their support.
>>>
>>> Pete
>>>
>>>
>>>
>>> -Original Message-
>>>
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
>>> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> ] On Behalf Of John Center
>>>
>>> Sent: Wednesday, September 17, 2014 1:57 PM
>>>
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>>
>>> Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow
>>>
>>>
>>>
>>> Hi Pete,
>>

Re: [WIRELESS-LAN] guest wireless

[Coehoorn, Joel]

I will admit to having a completely open guest network. We don't even
require a terms of service click-through, and it's not encrypted. We do
have some strict throttling for file sharing/p2p traffic, and I have some
decent auditing capabilities, so I can track down violations and restrict
them later if needed, but that's about it. We do the same throttling and
auditing on the regular network

Our Admissions and Advancement offices *love* this: a candidate or guest
comes on campus, and their device just works: never any 802.1x issues,
never a problem with sponsorships or authentication. We're in a residential
neighborhood, but I've learned not to worry about neighbors using our wifi:
it's really a drop in the bucket. No one uses bandwidth like a college
student uses bandwidth, and as I'm one of those who live just across the
street, I can testify that leeching wifi from the college is a horrible
personal wifi experience (also: before I came here and I had an hour long
commute, and I can say that walking across the street to get to your office
is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted
option, and the vast majority do on their laptops now, and some on their
phones, but students love the open network for things like smart TVs,
blu-ray players, etc. They feel this makes our network *better*. We have
some game consoles on the open network, but Residence Life encourages
students to plug those into a wired port (even providing cat5 cables at
times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot
for any neighbors or people wandering by". We want to be part of the
community, and welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never
had a request for data. This may some day force us to make a policy change,
but in the meantime, I'd have a revolt on my hands if I ever tried to do
away with the open SSID.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu *




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie  wrote:

> That's interesting Heath. What's the reasoning behind the exclusion period?
>
>
> On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart <
> heath.barnh...@washburn.edu> wrote:
>
>>  We have an open guest network, however, you do have to register with a
>> name, email, and phone number. Guests have 3 days of access followed by a 3
>> day exclusion period were the device is not allowed on the network. Access
>> is restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't
>> throttle the bandwidth.
>>
>>   --
>> Heath Barnhart
>> ITS Network Administrator
>> Washburn University785-670-2307
>>
>>
>>
>>   On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
>>
>> I am looking for information on what people do with guest wireless.  Do
>> you have open wireless on your campus?  Do you have a password that
>> everyone knows?  Do you create special passwords for groups?  Any
>> assistance would be helpful.
>>
>>
>>
>> Thank you
>>
>>
>>
>> m
>>
>>
>>
>> [image: Description: MU Arches]
>>
>> Mark Reboli
>>
>> Network/Telcom Manager
>>
>> Misericordia University
>>
>> (570) 674-6753
>>
>>
>>
>>
>>  ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi

[Coehoorn, Joel]

I've been **very** happy using AirServer (www.airserverapp.com) instead of
AppleTVs for mirroring. The software installs to a PC or Mac, and allows
the computer to act as an AppleTV. It even supports multiple-simultaneous
connections and recording(!) - (recording is currently Mac only, coming
soon for PC). What connected classroom doesn't already have a PC or Mac
where you could just install this program? And it's only $4 per classroom.
That's not a typo.

The downside is that this does make demands on your network... namely, that
your classroom PCs be on the same subnet as your wireless devices, or that
you complete the same kind of mDNS gateway setup for the classroom computer
that you would have needed to do for an AppleTV.

I know this sounds a bit like an advertisement, but I'm just a *very* happy
customer. We started a pilot with 12 real AppleTVs in the summer/early fall
of 2012, and within a few weeks of discovering this we had ripped all of
the AppleTVs out and deployed this campus-wide, for less than the smaller
pilot program cost.

The software can be set to run all the time, or start on demand, though
either way the user must be logged into a PC before it will accept a
stream. I've found it works best when started on demand... this cuts down
on the number of classrooms that show available for mirroring from the
iPad, making it easier to find what you're looking for, and it also solves
the issue of a random student or passerby interrupting a lecture already
using the computer by kicking off a stream. Also, there was a bug for the
PC version back in 2012 (since fixed) with running as a service, so that's
just part of the deployment we have now.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Jan 15, 2014 at 10:33 PM, Jason Cook wrote:

> Hi James,
>
> You are right it doesn't do mirroring as such for IOS.  The mersive guys
> are pretty helpful, if you are interested it would be worth having a chat
> with them anyway, they might be pushing for such a feature in the future.
>
> As you say ultimately it's about choosing something that fits your
> requirements, IOS mirroring wasn't on our list as required but certainly
> nice to have... I'm sure it's only a matter of time until the requests pour
> in.  I believe we are also looking at a couple of AB tutor licenses, don't
> know if this has anything of use https://abtutor.com/ios_features
>
> Regards
>
> Jason
>
> --
> Jason Cook
> The University of Adelaide, AUSTRALIA 5005
> Ph: +61 8 8313 4800
> e-mail: jason.c...@adelaide.edu.au
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Andrewartha
> Sent: Thursday, 16 January 2014 2:54 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD
> wifi
>
> Hi Lee,
>
> On 16/01/14 12:07, Lee H Badman wrote:
> > Not sure what you're looking at, but AppleTV has nothing to do with
> Mersive. I'm not trying to sell their stuff, just quite fond of it after
> the frustrations of what the network needs to have done to it (bigger
> networks are worse) for AppleTV.
>
> I was looking at the Solstice datasheet [1] which seems to indicate it
> doesn't do AirPlay on its own.
>
> > I see TCO of AppleTV as $99 (for AppleTV) + lots of hours dorking with
> the network + lots of support issues when it becomes a service so relied on
> that it simply can't tolerate almost-guaranteed disruption/unpredictability
> + time spent trying to accommodate non-Apple devices = AppleTV actually
> costs hundreds (or thousands) of dollars and leaves you with a network
> you'd probably prefer not to have, and a fragmented "what device can do
> what" environment for diplay mirroring.
>
> Absolutely, you have to determine whether it's worth it, for Apple TVs or
> Solstice. I'm just trying to determine feature compatibility - from what I
> can tell, the Solstice app [1] can only play media files or view webpages,
> it's not true iOS display mirroring and so doesn't solve the "what device
> can do what" environment. Perhaps that's all your classes need, but not
> being able to mirror other iOS apps makes it a non-starter for our
> requirements.
>
> > I like the Mersive paradigm as an alternative- it asks nothing of the
> network. Although I'd still like to see Apple fix their own limitations.
>
> Sure, I wish you could drop Apple TVs into a directory like printers
> (though AirPrint indicates that's going away too) and just choose from a
> list. Actually, you can with the latest MDM stuff [3], but then you're
> having to push configuration to the device. Bonjour even supports wide-area
> DNS-SD, just the Apple

Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi

[Coehoorn, Joel]

I think most of all, they wouldn't like the results even if the wireless
worked. I imagine instructors will at some point expect to be able to
mirror a single device to all twelve screens at once, so they all show the
same thing, and I don't believe that Apple's AirPlay will work that way.
It's my understanding that if they have 12 Apple TVs, they'll need to be
running 12 separate iPads/iPhones/Macs to take advantage of those screens.
If that's what they want to do, that's one thing... but somehow I don't see
it being used that way. It seems much more likely that what they really
want is one AppleTV connected to a redistributor that will show a single
instructor's iPad across all 12 screen with only one connection, or if you
have a good enough controller system, just those screens that the
instructor selects.

Now, about the wireless actually working... hahahaha, how cute. What you
could do is run a network drop for each AppleTV, and make sure the wired
network drop gets an address from your wireless range, or is exposed to
your wireless range via a bonjour gateway. That would at least take a lot
of the traffic out of the rf space.



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Jan 15, 2014 at 10:37 AM, Hurt,Trenton W.  wrote:

> Of the folks who are allowing users to do bonjour services over wifi.
>  Either thru native multicast , or the enhancements from the various wifi
> vendors. Has anyone noticed spectrum issues in dense classrooms?  I have a
> department who is proposing 12 screens with 12 apple tvs in room with 180
> seats and I'm can't see how this can work given the crowded spectrum in
> large seat rooms.  Has anyone tried multiple apple tvs in the same room
> with multiple users mirroring different content simultaneously ?
>
> Sent from my iPhone
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifi

[Coehoorn, Joel]

Through contacts at my alma mater, I know they were doing what you describe
until this year. This is their first year with a managed wifi deployment. I
don't know how happy they are with the new system, but I can tell you they
had a lot of complaints under the old method.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Dec 13, 2013 at 11:36 AM, Barros, Jacob  wrote:

> I didn't think this topic would generate that much buzz.  Thank you all
> for your feed back.  Allow me to jump tracks here and and throw out a
> concept that may seem heretical.
>
> In res halls, has anyone provided ONLY wired connections and allowed
> students to bring in their own router(s).  From a managed perspective,
> there are several reasons why it's a bad idea.  However I cannot shake the
> notion that with proper education, the rewards might outweigh the risks.
>
> To me, the target reward is that the student receives the level of service
> they want where they want it.  The user can chose what device is desired
> and upgrade as they see fit and the technology is always current.  IT would
> help with best practices, education and limited support but the student is
> ultimately responsible.
>
> I would really like to pitch this for an apartment style dorm that is
> being built.  Does anyone think this model can work?
>
>
>
>
> Jake Barros  |  Network Administrator  |  Office of Information Technology
> Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifi

[Coehoorn, Joel]

I forgot to add: that institution is about 5000 residential undergrads,
about 12 residence halls, and about 40/60 apartment vs dormitory.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Dec 13, 2013 at 11:38 AM, Coehoorn, Joel  wrote:

> Through contacts at my alma mater, I know they were doing what you
> describe until this year. This is their first year with a managed wifi
> deployment. I don't know how happy they are with the new system, but I can
> tell you they had a lot of complaints under the old method.
>
>
>   Joel Coehoorn
> Director of Information Technology
> York College, Nebraska
> 402.363.5603
> jcoeho...@york.edu
>
>
>
>  *The mission of York College is to transform lives through
> Christ-centered education and to equip students for lifelong service to
> God, family, and society*
>
>
>
> On Fri, Dec 13, 2013 at 11:36 AM, Barros, Jacob wrote:
>
>> I didn't think this topic would generate that much buzz.  Thank you all
>> for your feed back.  Allow me to jump tracks here and and throw out a
>> concept that may seem heretical.
>>
>> In res halls, has anyone provided ONLY wired connections and allowed
>> students to bring in their own router(s).  From a managed perspective,
>> there are several reasons why it's a bad idea.  However I cannot shake the
>> notion that with proper education, the rewards might outweigh the risks.
>>
>> To me, the target reward is that the student receives the level of
>> service they want where they want it.  The user can chose what device is
>> desired and upgrade as they see fit and the technology is always current.
>>  IT would help with best practices, education and limited support but the
>> student is ultimately responsible.
>>
>> I would really like to pitch this for an apartment style dorm that is
>> being built.  Does anyone think this model can work?
>>
>>
>>
>>
>> Jake Barros  |  Network Administrator  |  Office of Information Technology
>> Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178
>>  ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Looking for input- Short DHCP lease times on Cisco WLC

[Coehoorn, Joel]

Remember that the client will ask to renew the lease at the halfway point.
So a 10 minute lease time means you'll see traffic in the air after only 5
minutes.

What I shoot for is to have a student sit down with a laptop for a one hour
class, get his initial lease, and not have him need to do any additionally
dhcp traffic, even if he stays active for the entire class. That means a
minimum lease time of around 2 hours. There are places where this is hard
to achieve, though.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Tue, Dec 3, 2013 at 2:55 PM, Ian McDonald  wrote:

>  We dynamically change lease time based on free space in the pool. Free
> space goes down, so does lease time. IIRC our shortest time is 10 minutes.
>
> Thanks
>
> --
> ian
>
> Sent from my phone, please excuse brevity and misspelling.
>   --
> From: Lee H Badman 
> Sent: 03/12/2013 20:52
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Looking for input- Short DHCP lease times on
> Cisco WLC
>
>  Wondering if anyone has gone down this road before-
> We have pockets where, say 2000 busy WLAN users may be on like 60 APs in a
> given building, largely still and non-roaming, with 1 hour DHCP leases. If
> we shrank the lease time to 30 minutes, so that every 15 minutes we have
> DHCP renewals in the air (we don't use DHCP proxy on the controller- bit
> too many times by past bugs)- could that amount to a volume of low-value
> traffic in the air that could become problematic? What about lease times of
> 15 minutes? When does short = too short because of added overhead in the
> cells, APs, or controllers (3500s, 3600s, 5508s)? On latest code versions,
> is it ever of concern (beyond the DHCP servers’ ability to keep up)-
> especially given that the entire network that would feel the effect of
> shorter lease times itself has 15K clients on it?
> Before we try to do any structured analysis, just wondering if anyone has
> gone down the road of ever shrinking lease times (on an 802.1x WPA2
> network) and came to regret it for any reason in a Cisco WLC environment?
> We had guidance early (several years ago) on not to go “too short” on DHCP
> client lease times on Cisco controllers, but I can’t find the notes on what
> that meant.
>
>  Thanks-
>
> Lee Badman
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It's that time again... wireless printers/projectors- enterprise WLAN security?

[Coehoorn, Joel]

If you're talking campus-owned devices, I (thankfully) haven't had a need
to do this yet. Hopefully it stays that way, though I'm kind of expecting a
request for this for the Spring new student check-in line (I'll be watching
other responses for someone to suggest a model that works well).

If you're talking student devices, I still feel like the best answer is to
make available a strong printer gateway solution via a product like
PaperCut, and heavily promote this option while at the same time
discouraging students from bringing any printer at all, even the wired
variety.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Mon, Dec 2, 2013 at 11:37 AM, Frank Sweetser  wrote:

> I've noticed recently a few printers have actually shipped with zero
> hardwire connectivity of any kind - no ethernet, no USB, nothing.  This
> lends support to my ongoing theory that, for the most part, printer
> manufacturers view wireless not as a general networking connectivity, but
> as a drop-in replacement for those pesky USB cables that are never quite
> long enough.  I strongly suspect that until someone makes the rounds with a
> large bat with "ENTERPRISE WIFI" spelled out in nails on one end, the
> situation isn't likely to change.
>
> Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
> that
> Manager of Network Operations   |  is simple, elegant, and wrong.
> Worcester Polytechnic Institute |   - HL Mencken
>
>
> On 12/2/2013 11:23 AM, Lee H Badman wrote:
>
>> Hello to the group. Has been a while since I last looked and got
>> frustrated
>> _http://wirednot.wordpress.com/2013/03/01/hey-printer-
>> makers-you-realize-that-its-2013-right/_
>>
>> so throwing it out there in case anyone on the list has found devices that
>> have caught up with the times.
>> The question: has anyone found- and put into service- a business-grade
>> printer
>> with a wireless interface that will do 802.1x auth and WPA2 encryption (no
>> preshare security stuff)? Same same for projectors, but printers are the
>> more
>> interesting paradigm for my use case right now.
>> Thanks,
>> Lee Badman
>> Syracuse University
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.1x vs web-portal

[Coehoorn, Joel]

What I really want to provide is an HTTPS-like experience for my
users that just works: an SSL layer that doesn't care who you are, but
still provides meaningful encryption for the last 50 meters where your
traffic is moving through the air for anyone nearby to snoop.

I'm annoyed that so many encryption solutions are coupled to
authentication. The two don't need to be linked. You don't have to log into
an https site to get encrypted traffic, and you shouldn't have to log into
a wifi network to get encryption either.

My ideal scenario is that someday I'll be able to install the same wildcard
ssl certificate that we purchase for our web sites to each access point or
at a controller, change a setting for an SSID to use this certificate for
encryption, and as long the certificate is from a well-known/reputable
vendor, user devices will just work.

I include guest devices in this category. I want someone -- anyone, but
especially visiting admissions candidates --- to be able to turn on their
device for the first time and have the experience be easy: no capture, no
guest registration, no prompt to agree to terms of service, just choose the
SSID and they're online.

Sure, I could use a shared key scenario and just publish the key, but
that's not the same thing. If anyone knows the key, anyone can decrypt the
traffic, and it still requires an extra step to get online.

I honestly couldn't care less about the authentication part of this. I
don't need to know right away that it was Jane Smith's computer committing
whatever nefarious deed. The immediate reaction to that kind of thing is
the same regardless of the name of the person behind it. As long as I can
target a MAC address or have reasonably static IP addresses (I do), I'm
happy enough using a captive portal rule on a specific machine after the
fact to identify a user for those times when enforcement issues come up.
College-owned machines here do log user names all the time, so it's just
student-owned devices where this is necessary.

Sadly, I don't believe this kind of wifi exists today. Certificate-based 1x
comes close, but the need to install/configure devices with a supplicant
breaks it. I would settle for 1x, if I could count on it working for my
students. Personally, I place blame on the WiFi Alliance, certifying
devices that don't work for this feature as well as they should.

Currently, we're working to provide two WiFi options: one that's completely
open (and I mean completely), and one that uses 1x and prompts for a user's
Active Directory login. Anyone can walk on campus and get online at a basic
level. Really. I don't care. Guest (and even neighbor) use is a drop in the
bucket compared to what our regular students demand. But if you need
encryption you'd better hope the site or service supports https. We
encourage students to use the 1x SSID whenever they can, and try to educate
about the importance of encryption. *Most don't care*, and choose the open
network, but at least the option is open to them.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Nov 20, 2013 at 8:54 AM, Ian McDonald  wrote:

> Isn't that really a client supplicant issue though? You can send back a
> reason for authfailure, and then the client could prompt for a replacement
> password.
>
> --
> ian
> -Original Message-
> From: Fleming, Tony
> Sent:  20-11-2013, 14:22
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
>
> I can tell you we use dot1x here with AD credentials and it doesn't lend
> itself to a good end-user experience. Our security policy requires password
> expiration after 60 days. When a student's password expires we see an
> increase of wireless related complaints (typically blaming the
> performance/signal of the wireless network) not realizing their password
> has expired and new credentials need to be applied in their wireless
> profile.
> The other AD credential issue we have is related to lock-out. If a student
> mistypes his/her password to lock-out their account all of their devices
> stop connecting to the wireless network.
>
> Having said that, we are eyeing certificate based 802.1x. Not having a lot
> of experience with PKI we are trying to gauge the effort level of
> deployment.
> Not trying to highjack the thread here - but I am curious if anyone has
> some real world experience spinning-up a PKI (from scratch) using CloudPath
> with certificates. What is the effort level?
>
> Tony
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
> Sent: Wednesday, November 20, 2013 1:30 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] 802.1x vs web

Re: [WIRELESS-LAN] 802.11 2.4G and XBox

[Coehoorn, Joel]

Frank, how did you determine the defective device?


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Nov 1, 2013 at 11:58 AM, Frank Sweetser  wrote:

> The last time I found that situation, it turned out that the game device
> itself was defective, just not in a way that affected gameplay. None of the
> other units in the building were nearly as loud.
>
> The building in this case was a Greek house, so I simply informed them of
> the cause of their troubles and let them figure it out themselves.
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> Jonathan Brockmeier  wrote:
>>
>> We are seeing high channel utilization in one of our dorms and users are
>> complaining about slowness.  Looking at the channel utilization, it seem
>> that the XBox console-controllers are using quite a bit of the frequencies
>> (all three main channels) and a decent duty cycle (upto 50%.)
>>
>> In a residential student environment, is the only solution to suggest
>> they use 802.11 5G?
>>
>> Jonathan Brockmeier
>> Hope College
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless NAT & Tools for tracking DMCA reports

[Coehoorn, Joel]

We shape bittorrent connections, rather than outright block them. More than
that, we shape the entire connection for the internal IP behind the traffic
using a "penalty box" approach. All connections with bittorrent traffic are
sent to a common pool that caps combined use to at most 6% of our total
bandwidth. The 6% number was arrived at via trial and error, and it needs
to be adjusted from time to time. The result is that the internet works for
torrent users... but... it's... very... slow... The goal is to be similar
to an old dial-up connection. Ninety minutes later, the block expires and
things are fine for that connection again. If you have something that you
*really* need (or more often, want), and the only way to get it is via
torrent, you can do that... but there's a cost.

Needless to say, this is coupled with an informational campaign for new
students when they arrive, and reminders at the beginning of each term, and
additional reminders when users begin frequently showing up in the logs for
the feature. I've found this is *more* effective than an outright torrent
block.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Mon, Oct 7, 2013 at 10:26 AM, Michael Horne wrote:

> Here at Olin College.
>
> ** **
>
> We have bittorrent blocked via the application on our Palo Alto firewalls.
> So it is just the P2P application “bittorrent”.
>
> We also use a Procera for bandwidth management and do not have an issue
> with games that use the tech as they are defined differently in both
> applications appliances.
>
> So far so good, had a couple of students ask about it but once informed to
> the why (DMCA & RIAA) complaints. Have not heard much more over it in the
> years time since we blocked bittorrent out right.
>
> ** **
>
> Student resident halls get to use 40% of the overall bandwidth for
> residential wired connections.
>
> Wireless is also restricted but only for high bandwidth applications like
> steam downloads. Not unusable but enough to get the job done without
> killing wireless for the entire community.
>
> ** **
>
> ** **
>
> Michael Horne
>
> Network Engineer
>
> Olin College of Engineering
>
> 1000 Olin Way, Milas Hall, Suite LL18
>
> Needham, MA 02492
>
> 1-781-292-2438
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Voll, Toivo
>
> *Sent:* Monday, October 07, 2013 11:11 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wireless NAT & Tools for tracking DMCA
> reports
>
> ** **
>
> For those institutions that are blocking P2P – do you have resident
> students/staff/faculty, and how are they taking it? There seem to be are a
> fair bit of applications that use P2P protocols, such as Blizzard’s update
> service, and I just ran into ASUS distributing driver downloads that way
> (as an alternative option to direct download). What other, if any,
> restrictions do you place on residential Internet use?
>
> ** **
>
> --
>
> Toivo Voll
>
> Network Engineer
>
> Information Technology Communications
>
> University of South Florida
>
> ** **
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *On Behalf Of *Lee H Badman
> *Sent:* Wednesday, October 02, 2013 2:02 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wireless NAT & Tools for tracking DMCA
> reports
>
> ** **
>
> Block all P2P. Helps out greatlyJ
>
> ** **
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Alternatives to Bonjour

[Coehoorn, Joel]

There are a few:

Miracast, Wi Di, Wifi Direct all come to mind.

It's betamax vs vhs or hd-dvd vs blu-ray all over again, and it's even more
complicated because using any of those with an Apple product just won't
happen. I suspect hell will freeze over before Apple supports any of them
for mirroring iPads, and that seems to be what's driving this.



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Aug 28, 2013 at 12:18 PM, Chanowski, John <
john.chanow...@utoledo.edu> wrote:

>  Does anyone know of an apparatus/application that allows
> mirroring/streaming to a TV screen wirelessly that does not depend on
> Bonjour or equivalent protocols and instead relies on more enterprise
> friendly protocols? Does anyone know if anything like this is being
> developed?
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] [Off-Topic] Computer Labs

[Coehoorn, Joel]

Labs aren't going away entirely, but the last time we renovated a lab space
we didn't put in any computers. We added tables with power modules in the
surface for kids to plug in their own laptops, and printers connected via a
PaperCut page where students can upload documents to print. The students
absolutely love this.  I'm hoping to add a terminal services install to set
up a "virtual lab" that will allow students using these spaces to have
access to college-specific applications. I see us adding more spaces like
this in the future.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Aug 23, 2013 at 8:04 AM, Hall, Rand  wrote:

> In a day when all students have a computer, we're still providing plenty
> of labs. Students want them because, "we know the college computers will
> work when we need to write a paper." It's almost like they treat their PCs
> like disposable burners or something :-)
>
>
> Rand
>
> Rand P. Hall
> Director, Network Services askIT!
> Merrimack College
> 978-837-3532
> rand.h...@merrimack.edu
>
> If I had an hour to save the world, I would spend 59 minutes defining the
> problem and one minute finding solutions. – Einstein
>
>
> On Wed, Aug 21, 2013 at 4:56 PM, Eric T. Barnett wrote:
>
>> We have a new Liberal Arts building that is currently in construction.
>> The floor plans aren't quite nailed down yet but there was something on the
>> current plans that made me wonder. There's no less than six computer labs
>> in the building. Seeing that we make all of our Freshmen buy iPads and that
>> laptops are super cheap nowadays, I was wondering just how useful computer
>> labs are now/will be in the next two years or so. Getting rid of most or
>> all of those labs would cut down on costs considerably. I've heard of some
>> colleges dumping computer labs as they seem to be needed less and less as
>> users have more and more tech available cheaply. What's your take?
>>
>> Regards,
>>
>> Eric Barnett
>> Senior Network Engineer/Wireless Administrator
>> Information and Technology Services
>> Arkansas State University
>> (870) 680-4243
>> http://wireless.astate.edu
>>
>>
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLAN engineer responsibilities

[Coehoorn, Joel]

Don't forget reporting.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Tue, Jul 30, 2013 at 2:10 PM, Nathan Hay  wrote:

> I have and do support specialized wireless devices, often times extending
> beyond the wireless part, all the way to the complete device.  Previously I
> supported medical simulation equipment, currently I support Symbol/Motorola
> barcode scan guns all the way to the management/inventory/repair of the
> devices and the configuration of the application we use on them.
>
> Beyond design, I manage our wireless physical installs (and sometimes do
> them myself).
>
> Hope that helps.
>
> Nathan Hay
> Network Engineer | NOC
> WinWholesale Inc.
> 888-225-5947
>
>
>
> From:   "Wright, Don" 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU,
> Date:   07/30/2013 03:02 PM
> Subject:[WIRELESS-LAN] WLAN engineer responsibilities
> Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv
> 
>
>
>
>  If some of you are fortunate enough to have a FTE wlan
> specialist/engineer (we don't), I'm curious as to what duties typically
> fall under their responsibility.  I'm thinking along the lines of the
> following:
>
> Wireless network and infrastructure design
> Security design and IDS configuration and monitoring
> Escalation support for technical issues
> New version and feature testing and validation
> Visual floor plan updates
> Access point design and placement for new and updated buildings
>
>I'm sure this just scratches the surface for some wlan engineers out
> there, so what other wlan related tasks and responsibilities typically land
> in your lap?
>
> Thanks in advance.
> Don Wright
> Brown University
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
> *
> This email message and any attachments is for use only by the named
> addressee(s) and may contain confidential, privileged and/or proprietary
> information.  If you have received this message in error, please
> immediately notify the sender and delete and destroy the message and all
> copies.  All unauthorized direct or indirect use or disclosure of this
> message is strictly prohibited.  No right to confidentiality or privilege
> is waived or lost by any error in transmission.
>
> *
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Powerline ethernet as uplink to an outdoor access point

[Coehoorn, Joel]

I looked into this about a year ago, and found that it would not work on
our campus, but the way our lights are set up the lines to the lights are
not hot when the lights are off. There is no switch in our lights: if
there's power, the light is on. If there's no power, the light is off. I
could put a powerline adapter in, but it would only work from late evening
to early morning. But that's just how our lights are set up, and ymmv


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Tue, May 28, 2013 at 4:49 AM, Harry Rauch  wrote:

> We used such a connection for a short term linkage - less than six months
> - and it worked well. The limitation was the speed of the powerline linkage.
>
>
>
> On Mon, May 27, 2013 at 4:11 PM, Adam Forsyth  wrote:
>
>> Has anyone tried to use a powerline ethernet product as a backhaul to an
>> outdoor wireless access point?  The thought crossed my mind today that that
>> might be a possibility.  The remote AP can be powered by a light pole and
>> electrical service to that light comes from a breaker inside one of our
>> buildings.  If the uplink came from the same place the power does, that
>> would make the installation a lot simpler I think.  Now that I've had the
>> idea, I wonder...is this a good idea or a bad idea?
>> --
>> *Adam Forsyth*
>> Director of Network and Systems
>> Luther College
>> Library and Information Services
>> *
>> 700 College Drive
>> Decorah, IA 52101
>> 563-387-1402
>> *
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>
>
> --
> Harry Rauch
> Network Analyst
> Eckerd College
> 4200 - 54th Ave So
> St. Petersburg, FL 33711
> 727-864-8318
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless in Residence Halls

[Coehoorn, Joel]

We're looking into a wall-box form factor for our access points. Something
along the lines of one of these:

http://www.ruckuswireless.com/products/zoneflex-indoor/7025
http://www.extremenetworks.com/products/altitude-4511.aspx
http://www.panoptictechnology.com/smart-room-network-jacks/

They're designed to fit into a traditional electrical wall box (like the
one that's probably already there for an existing network drop) and they
provide a passthrough port, so a student can still plug in a wired device
like an xbox without messing the functional parts of the AP. The student
may not even know there's an access point there.

This won't work for everyone, since the big Aruba/Cisco players don't have
this form factor. We're small enough we don't even have a controller and
use fat APs. But I thought this was still worth mentioning for those with
mixed environments or anyone using Ruckus or Extreme.. As a side note: is
anyone else eager for a common AP/Controller interaction standard, to be
able to bring one vendor's access points to another's controller?



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*




On Wed, Dec 19, 2012 at 10:16 AM, Lee H Badman  wrote:

> To that point- I have had to hit manual override on the fabled RRM
> algorithm in spots where the APs influence each other to the detriment of
> the clients. Typically amounts to setting a new min power level that the
> APs are not allowed to go below, and occasionally going old-school setting
> fixed power. I find the auto power/channel thing to be good, but not above
> reproach.
>
>
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of phanset
> Sent: Wednesday, December 19, 2012 11:10 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Wireless in Residence Halls
>
> David,
>
> Let me add that we cover between 5 to 6 students per AP (we stagger APs
> between floors), and when an AP goes down,
> we rarely receive a complaint since there is enough overlap between APs.
> So we can take some time to fix the problem (referring to the room access
> issue).
>
> As Larry mentioned, we used to have many complaints with our hallway 2.4
> GHz design, we have almost none with our bedroom 5 GHz design.
> The cost is different of course!
>
> BTW, good luck to have a decent coverage at 5 GHz if you plan to cover
> from the hallway. The attenuation is atrocious!
> It is hard to reach the room, and APs "see" each other in the hallway
> forcing the RADIO algorithm to reduce power.
> (at least with the kind of buildings that we have at UTK)
>
> Best,
>
> Season's Greetings,
>
> Philippe
> www.eduroamus.org
>
> On Dec 19, 2012, at 10:30 AM, "Jennings, Larry W" 
> wrote:
>
> > David,
> > During the spring and summer of 2012, the University of Tennessee
> Knoxville campus upgraded wireless in the dorms.  We had b/g AP's in the
> dorm hallways and the wireless complaints were a constant reminder that we
> had to do something.  We removed the AP's from the hallways and placed AP's
> in some of the dorm rooms, taking one of the wired ports for an AP.
>  Overall, we went from around 600 AP's to 1600 AP's and to 802.11n
> throughout in the process.  We've had very few calls where students have
> messed with the AP's.  For rooms that we had to use one of the wired ports,
> we allow a small switch to be installed upon request.  But we haven't seen
> many requests for that.
> >
> >
> > lj
> >
> >
> > Larry Jennings
> > IT Manager - Network Services
> > The University of Tennessee
> > 2309 Kingston Pike Bldg.
> > Knoxville, TN 37996
> > Phone: 865.974.1619
> > Email: ljenn...@utk.edu
> > SIP: ljenn...@utk.edu
> >
> >
> >
> > -Original Message-
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Robertson
> > Sent: Wednesday, December 19, 2012 8:37 AM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: [WIRELESS-LAN] Wireless in Residence Halls
> >
> > We are looking at how we install wireless in our Residence Halls for
> coverage.  Currently we only place access points in the hallways, but are
> looking at moving them into the rooms for better coverage. We were
> wondering if anyone else has put the access points in the rooms and if they
> have seen a reduction in wireless complaint or if there have been issues
> with students playing with or disconnecting the access points.
> >
> > David R.
> >
> > --
> > David Robertson
> > Service Delivery Manager
> > Network Engineering Technology
> > George Mason University
> > Voice: 703-993-2443
> > Fax: 703-993-3505
> >
> > **
> > Participation and subscription information for this EDUCAUSE Constit

Re: [WIRELESS-LAN] Apple TV's (Again).

[Coehoorn, Joel]

The solution at York College for AirPlay was to publish software that
supports AirPlay mirroring to the classroom computers. This won't work for
everyone, because it requires the ability to make sure an iPad is on the
same subnet as the wired machine in the classroom, but at least we have
more control over the computer. We've been very happy with the result so
far. If anyone's interested, we used AirServer (www.airserverapp.com). At
only $4 per machine, it's also way more cost effective than an AppleTV.

On Wednesday, December 5, 2012, Chris Murphy wrote:

> I'n with Neil, in many ways just being able to specify the hostname or IP
> address of a Apple TV or a printer would be a fine solution, and possibly
> preferable to some sort of Bonjour workaround.
>
> -Chris
>
> On Dec 5, 2012, at 3:29 PM, "Johnson, Neil M" 
> wrote:
>
>
>  I've been following the traffic over on the mdnsext mailing list and
> there hasn't been any significant traffic since 11-15-2012.
>
>  While I'm all for going through the standards process to establish a
> long-term permanent fix for Bonjour/AirPlay in Enterprise environments, it
> will be probably take several months to years (if there is a solution that
> meets everyone's needs) before there is one and I need something I can use
> now (or at least in the next 3-6 months).
>
>  Simply having a way to enter the DNS name or IP address of the target
> Apple TV device seems the simplest solution.
>
>  Do we need to push Apple again as group to come up with an interim
> solution ?
>
>  -Neil
>
>
>   --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
>** Participation and subscription information for this
> EDUCAUSE Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>  ==
> Chris Murphy
> Sr. Manager, Network Operations and Unified Communications
> MIT Information Services & Technology
> Room W92-190
> 77 Massachusetts Avenue
> Cambridge, MA  02139
> ch...@mit.edu
> 617-253-4105
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless Projectors - Classroom Technologies

[Coehoorn, Joel]

We just completed the setup and testing to start rolling Apple's AirPlay
mirroring into every classroom, using software called AirServer. Total
purchase costs works out to $3 per classroom. That's not a typo. This will
allow you to share your screen to the projector from iPad, iPhone, or
recent Mac out of the box, and with extra software on PC (AirParrot, $10)
or Android tablet (we haven't tested this case, but reportedly
doubleTwist+AirTwist
works) can use the system as well.

To trick to making this work was that we went to a zone wifi strategy this
summer. All APs in a building -- or wing/floor when needed, or clusters of
buildings when possible, based on the number of clients typical for a given
area -- now use a common SSID for the zone that maps to a specific vlan for
that zone. Each zone runs almost like a large home network... which is
exactly what Apple protocols like AirPlay expect. So far this is working
well for us. The downside is no more cross-campus roaming, but this has
been a blessing some ways. For example, we extended this to include
residence halls, and students seem to really like how it makes it easier to
do things like sync their iPod from their main iTunes over wireless.

Part of the testing and setup was to make sure faculty would have access to
the appropriate network and application resources they need from that vlan,
without unduly leaking things to students that would not be appropriate. In
fact, that's a big part of the reason we're just starting to roll out now,
instead of having it ready at the start of term; this is something you
can't rush. There were a few things we found that were only be accessible
from administrative vlans, which included classrooms, and we had to take
the time to see either if it was really needed, if there was an easy
work-around, or if we could allow the service on a vlan shared with
students in a safe way.

Now that testing and setup are done at the network level, we will place
each Windows-based classroom PC on the vlan for the zone covering it's
room, install the software, and that's it. The workflow for an instructor
is to log in to the computer and start the AirServer software (necessary
because a pure service can't take over the screen for sharing). The
software is set to broadcast the classroom name as available for
mirroring. An AirPlay-capable device (which again, includes most anything)
can now mirror their display to the projector over the air. We make fairly
it easy to get a guest account that will work in a classroom, so
visitor/guest lecturer access should not be a problem, especially as it
would have been even worse before these changes.

What we really liked is that there's also nothing to change as far as
projector or sound inputs. Everything runs through the classroom PC now
(even our supported method of DVD playback, for example, is to use the PC),
and that makes it very easy on the instructor. No buttons to push or check,
no expensive/fancy control panel to learn... just turn on the projector and
log in to the PC.

I know this leaves PCs and android as 2nd class citizens to some extent,
but we don't see this as a large problem because there's already a PC there
in the room and, again, we make it pretty easy to get a guest account for
the classroom machines. Also, it was mainly Mac and iPad users asking for
this ability in the first place.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Fri, Sep 14, 2012 at 3:04 PM, John Duran  wrote:

> 
>
> All,
>
> We are interested in determining what other institutions are doing in the
> wireless projector space for classroom technologies. Some key items we are
> looking for are:
>
> 1) What products/projectors are you using?
>
> 2) Are you using a dedicated wireless SSID for classroom technologies?
>
> 3) How has your overall experience been given some of the
> constraints/challenges with RF management and was the service impacted in a
> way where classroom instruction was disrupted?
>
>
>
> Thank you for any feedback you may provide.
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless AP Tripods

[Coehoorn, Joel]

Look in the audio/visual department for camera/speaker/lighting mounts.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Thu, Aug 9, 2012 at 4:05 PM, Reams, Lane wrote:

> I was looking to purchase some tripods to mount APs, similar to the ones
> used at CiscoLive.  Anyone know where I can find these?
>
> ** **
>
> [image: Description: Description:
> http://lh3.ggpht.com/_WD-mUdH9mlk/TDDeTbj5dNI/BSk/-b3btEuc0iY/s288/IMG_0377.JPG]
> 
>
> ** **
>
> Lane Reams
>
> Manager Network Design & Engineering
>
> Network Computing Services
>
> Informatics Center
>
> Vanderbilt University Medical Center
>
> (615) 936-2677 (office)
>
> ncs.mc.vanderbilt.edu
>
> ** **
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

<>

Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.)

[Coehoorn, Joel]

That is worth mentioning: I'll be disappointed if this petition is limited
to AirPlay. The real target here is Bonjour. It's required for an iOS
device to use wifi to sync to iTunes. Time Capsule uses it. It is rapidly
becoming the cornerstone of Apple's networking story.

In fairness, if we give Apple the benefit of the doubt on the
"experimental" part of the mDNS description, then "small networks without
DNS servers" perfectly describes the typical Apple deployment environment.
Move beyond that, though, and the experiment has failed. Spectacularly.

Just be careful what you ask for. Apple's likely response is to release a
new line of AirPort access points for enterprise that work with Bonjour and
make Cisco's pricing look like D-Link.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Fri, Jul 6, 2012 at 10:08 AM, David Gillett wrote:

>For me, the key point is "enterprise networks".  When Bonjour first
> came to my attention, it was officially described as "An experimental
> protocol for small networks without DNS servers."
>   Apparently, Apple's thinking is that if you use their products, your
> network MUST qualify.  I believe THAT is the attitude that needs to be
> changed.
>
> David Gillett
>
>  --
> *From:* Johnson, Neil M [neil-john...@uiowa.edu]
> *Sent:* Friday, July 06, 2012 7:55 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You
> knew it was coming...Airplay/Apple TV support for instructors.)
>
>How about:
>
>   Whereas, we the undersigned academic and research institutions are receiving
> numerous requests from our faculty, staff, and students for the ability to
> utilize Airplay technology in classrooms, conference rooms, and other
> locations, hereby solemnly request that Apple provide support for Airplay
> technology in enterprise networks.
>
>
>  Specifically, we request the following (in order of priority):
>
>- That Apple establish a way for the Apple TV (and other Airplay
>enabled devices) to be easily accessible across multiple IPv4 and IPv6
>subnets.
>- That Apple establish a way for the Apple TV (and other Airplay
>enabled devices) to be easily statically configured to be accessible across
>multiple IPv4 and IPv6 subnets.
>- That the Apple TV support Enterprise Wireless Encryption and
>Authentication (WPA2-Enterprise)
>- That authentication to the Apple TV be able to utilize enterprise
>authentication services (LDAP and/or AD)
>
>
>  Any enterprise Airplay solution needs to meet the following criteria:
>
>- It must scale to 100's-1000's of Airplay enabled devices.
>- It must work with wired and wireless networks from different vendors.
>- It must not significantly negatively impact network traffic (wired
>and wireless).
>- It must be easily manageable at scale.
>- If it requires a separate hardware solution, the solution's hardware
>must be enterprise grade (rack mountable, dual power supplies, etc.)
>- It must be provided at a reasonable cost
>
>  Failure to provide this support severely limits the usefulness (and 
> desirability)
> of Apple products in our institutions.
>
>
>
> At your earliest convenience please provide us with a roadmap for support of
> Airplay and related technologies in enterprise wireless environments.
>
>
>
> Thank you.
>
>   --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
>--
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
>
>   From: Ian McDonald 
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Date: Friday, July 6, 2012 9:32 AM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You
> knew it was coming...Airplay/Apple TV support for instructors.)
>
>   It must run on a standard size rack-mountable server class piece of
> hardware!
>
>
>
> I’m not big on “discovery”, I’d much rather some central registration &
> arbiter system through which the traffic flowed, and probably a separate
> “Airplay Enterprise” software implementation.
>
> We don’t want to have to allow inter-client communications on either our
> wireless or wired networks.
>
>
>
> In general though, I’d like to see it looking like it’s a deployable and
> manageable solution, not something that might work (if you’re lucky) in
> your house.
>
>
>
> My 0.02 J
>
>
>
> --
>
> ian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *On Behalf Of *Johnson, Neil M
> *Sent:* 06 July 2012 15:26
> *To:* WIRELESS-LAN@LISTSERV.EDUCAU

Re: [WIRELESS-LAN] 4-channels in 2.4 GHz

[Coehoorn, Joel]

Phillippe, this is something I would **love** to be shown to be wrong
about.

I think all of us could benefit from a 4th channel (I know I would), if it
comes with clear guidelines for when and how to use it in a way that will
increase rather than decrease throughput. Right now, the best guidelines we
have say, "Stick with 1,6, and 11." Deviation from that is more likely than
not to result in pain.

Perhaps what is needed is more successful 4 channel implementations for
study, but I think we're likely to see mainstream 5ghz make this all
obsolete by then.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Tue, May 8, 2012 at 2:19 PM, Hanset, Philippe C  wrote:

>
>  On May 8, 2012, at 3:00 PM, Coehoorn, Joel wrote:
>
>  The short answer is "no". It comes down to the skirts again. Most
> low-end tools to measure wireless coverage do a poor job of showing this,
> but my understanding is that wifi RF is such that the skirts "flare out"
> quickly, and you have nearly all of the signal overlap even at fairly low
> power levels. These wide skirts makes it impractical to try for four
> channels... you're almost as bad off as if you tried to use all eleven.
>
>
> Joel,
>
>  You forgot the "black magic" part of wireless ;-)
> We didn't go with theory back in 2000, but with measurements.
> In a large auditorium  with 100+ users and 4 APs, we were getting better
> throughput with 1-4-8-11
> than with 1-6-11-1. We didn't play with smaller cells.
>
>  Philippe
>
>  Philippe Hanset
> Univ. of TN, Knoxville
> www.eduroamus.org
>
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 4-channels in 2.4 GHz

[Coehoorn, Joel]

I looked into this about 18 months ago for our campus. It never made it to
the point of a trial: I learned enough to stop the project before it made
it that far, and I think I can summarize here what I found.

I'll start by going back to basics: we all know that wireless channels
overlap. A graph of signal from a wireless access point typically takes the
shape of a parabola, or cone, with the open end pointed down and centered
on the channel used by the access point. An example can be found at the
following link found via quick Google Images search:

http://www.bestandroidappsreview.com/wp-content/uploads/2010/04/Top-Android-App-WiFi-Analyzer-Signal-Graph.png

That image (from an app I'd used with great success on iOS before it was
pulled from the Apple App Store for using undocumented APIs) clearly shows
overlapping signals. The wider portion as a signal flares out towards the
bottom is often referred to as a signal's "skirt"... this term "skirt" will
be important later. The common best practice to avoid overlap (and thus
avoid interference and improve performance) is to only use channels 1,6,
and 11.  That much I think everyone here understands very well.

Now let's move on to a 4-channel scenario. If you put four access points
right up next to each other on channels 1,4,8,and 11, you *will* have
interference. Channel 1 signals will collide with Channel 4, 4 will collide
with 1 and 8, 8 will collide 4 and 11, and 11 will collide with 8,
resulting in reduced performance throughout the spectrum. This is also not
in question.

But what if you separate these four access points... put some distance
between them? Simplistic graphs such as from my earlier link imply that as
the power level of the signal falls over distance you will have a shorter
and therefore narrower "skirt". Could careful planning allow you to place
access points so that channel 1 APs are never near channel 4 APs, 4 APs are
never near 1s or 8s, 8s are never near 4s or 11s, and 11s are never near
8s, and in this way increase AP density beyond what you could do with only
three channels, all while still avoiding interference?

The short answer is "no". It comes down to the skirts again. Most low-end
tools to measure wireless coverage do a poor job of showing this, but my
understanding is that wifi RF is such that the skirts "flare out" quickly,
and you have nearly all of the signal overlap even at fairly low power
levels. These wide skirts makes it impractical to try for four channels...
you're almost as bad off as if you tried to use all eleven.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Tue, May 8, 2012 at 11:01 AM, David Gillett wrote:

> **
>   Our pilot deployment included four APs in a single fairly-small
> building.  If I recall correctly, I put the two in the middle of the
> building on channels 1 and 11, with the two further out, one on ch8
> (nearest the AP on ch1) and one on ch4 (nearest the AP on ch11).  I'm
> pretty sure these were only doing 802.11b, so even where the interference
> was low, the performance was modest, and nobody yet expected anything
> better  Essentially, I tried to take advantage of physical separation
> where I couldn't rely on channel separation.
>
>   (These days, we use Aruba, and generally let it try to find a selection
> of channels for minimal interference.)
>
> David Gillett, CISSP CCNP
>
>
>  --
> *From:* Lee H Badman [mailto:lhbad...@syr.edu]
> *Sent:* Tuesday, May 08, 2012 07:34
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] 4-channels in 2.4 GHz
>
>  With no intent to open a conversational can 'o worms, I'm curious if
> anyone is running a 4-channel plan on their production WLANs, that is
> willing to share their opinions and experiences on the topic.
>
> Thanks-
>
> Lee
>
>  Lee H. Badman
> Wireless/Network Engineer, ITS
> Adjunct Instructor, iSchool
> Syracuse University
> 315.443.3003
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Very high number of wireless devices returning from break

[Coehoorn, Joel]

It's possible that since you are on a new version of the software, and the
current numbers have been verified, that the old version of the software
was under-reporting.

But more likely it's a real increase. I could be new toys for Christmas,
and it could be the old software didn't work as well for certain classes of
device (possibly related to authentication), such that you're just now
seeing a lot of them.

Either way, I wouldn't worry so much about the number of devices, as it's
still the same number of students using them. If the same student has a
laptop, wifi smartphone, iPad, and wifi gaming console, they're only likely
to be using one of those at a time. So instead, focus on how these devices
translate into air time use.

On Thursday, January 26, 2012, Nick Kartsioukas <
lists.educause.wirel...@change.nightwind.net> wrote:
> We've seen an increase in number of devices associating as well.
> Nothing nearly as impressive as everyone else's numbers in terms of
> total quantity, but the jump for us from peaks of 300 associated to over
> 400 associated clients is definitely noticeable.
> --
> Nick Kartsioukas
> Cuesta College Computer Services
> 805-546-3248
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
>

-- 



  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.

[Coehoorn, Joel]

York College is installing an AppleTV in every networked classroom over the
next year.  This is in support of a 1:1 iPod Touch program we use.  We're
tiny relative to U of Iowa, but if any of this helps, here's how we're
making it happen:

Classroom buildings are set so that users in the same building should be on
the same subnet. We're small enough this is not a problem for us.

Where possible, we're using a wired connection to the AppleTV  and setting
it to the same vlan as the wired network.  Right, that's only two rooms,
but the thought of streaming video up to the access point and back to the
AppleTV for a single device makes me cringe.

Most of our classrooms are in older buildings. There's only one wired
network drop to the room, and adding more will be problematic. To alleviate
this, we're looking into small switches in rooms, to support the instructor
PC, a wireless access point, a byod network port, the AppleTV, and a
projector connection, and in a few cases a printer all of the same original
drop. At (count 'em) up to 6 devices per room plus the uplink, we think
that will be the better way to go.

Multicast is enabled within each subnet. This is for every subnet across
the board. Again, we try to keep it to exactly one subnet per building, and
as an admin when I enter a building I know which subnet I should get. This
is great for students, because their Apple toys all tend to work the way
they want, but the amount of traffic across campus (especially on
inter-building fiber links) is still reasonable. This is done mainly
because of our 1:1 iPod Touch program... it just wouldn't do to have those
and not be able to use them well, and even PC users will have iTunes. As a
much larger institution, Iowa may need to think about dividing building
into wings or floors, as well.

Make sure to set the AppleTVs to never sleep, and name them after the
classroom.

Make sure to education faculty on how to switch inputs between the computer
and AppleTV. Even faculty who never use the AppleTV will need to know how
to switch a projector back to the computer input after the prior faculty
member left it set to AppleTV.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Fri, Dec 16, 2011 at 11:50 AM, Jeff Kell  wrote:

> On 12/16/2011 12:47 PM, Lee H Badman wrote:
> > This is where I daydream about the likes of several Apple engineers
> reading this list, thinking "Gee, maybe we should consider how to make our
> toys work in the actual enterprise. It seems that these higher ed folks
> have real networks that we don't always play well with at times."
> >
> > BYOD- bring your own dilemma.
>
> Yes, we try to counter Bonjour and Rendezvous with Au Revoir :)
>
> Jeff
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] College deals with wireless issues

[Coehoorn, Joel]

> If we could provide great / sufficient / pervasive "non-wired" coverage
using
> $40 AP instead of $400 Cisco AP, resident might not want to bring in their
> own $40 AP.

Actually, you can do that. Those cheap $40 access points can be easily
reconfigured to act as a thick access point by just turning off dhcp,
setting a static IP in the correct range, and connecting your uplink line
to a LAN port rather than the WAN port.  Spend about $100 on a
nice buffalo that supports dd-wrt with a customized config file ready to
load, and you can get something close to a vendor system for less than 1/4
the price.

Of course, that means doing a lot of leg work yourself: configuring access
points, setting up subnets/zones, multiple ssids, security, and every
change means a manual deployment to individual access points. I'd love to
see a feature added to dd-wrt that allows polling a config server for those.

But the really big thing you give up here is the reporting. You can make up
for some of that with existing syslog or gateway reporting tools, but some
of the information you'd get from a controller-based solution is just not
replaceable.

Joel Coehoorn
IT Director
402.363.5603



On Fri, Nov 11, 2011 at 10:11 AM, leo song  wrote:

> **
> If we could provide great / sufficient / pervasive "non-wired" coverage
> using $40 AP instead of $400 Cisco AP, resident might not want to bring in
> their own $40 AP.
>
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Access points with very low performance when multiple users connect their computers at the same time.

[Coehoorn, Joel]

Your problem is probably air time density.

The issue is that you only have 3 non-overlapping channels to work with in
the 2.4Ghz space, most users won't have 5Ghz-capable laptops, each channel
only supports about 25 clients from a practical standpoint, each access
point is likely only listening on one specific channel, and you have up to
400 users trying to connect all at about the same time.  That's just not
going to work.  Things get better a few minutes after a class starts
because some students will just give up, and most others will settle down
to only use air time only in short bursts, as they load and then pause to
read pages.

The typical solution is turning down the transmit power, such that signal
for each access point does not leave it's own classroom, and then add
access points to each classroom such that you're listening on more of the
available channels within the rooms. The goal is to reduce the cell size
(and therefore number of clients) served by each access point, and increase
the available channels. You can do this by adding access points, or by
getting single access points with multiple independent radios that are
capable of using the additional channels simultaneously.

Even here, you'll likely still have issues as many of the laptops will not
turn down power to their own radios and still clutter up the air space.  It
would be like trying to listen to the professor if most students in the
classroom were also having conversations among each other at their normal
speaking volume.

As for distributing traffic, there are different load-balancing options out
there depending on your vendor.  But even with generic thick access points
you'll see quite of bit of load balancing happens naturally, without you
having to do anything special so encourage it.  You ought to be able to
just add the access points without needing to do much of anything for load
balancing.

Joel Coehoorn
IT Director
York College
402.363.5603



On Thu, Nov 10, 2011 at 11:09 AM, Ethan Sommer  wrote:

>  With almost any manufacturer you can set a max number of clients per
> radio. You could set the max per radio to 25ish and put (capacity of
> classroom/25) APs per classroom.
>
>
>
> On 11/10/2011 10:54 AM, Luis Fernando Valverde wrote:
>
> Hello,
>
> we have four adjacent classrooms (two in front of two and 5 meters between
> each one) with capacity to 80-100 students each one.Each classroom has
> its own Cisco Aironet 1240 AG Access Point.
>
> When all the students inside the classroom connect their computers to the
> wireless network, response time behaves very slowly for several minutes,
> until the traffic network stabilizes and reaches a better performance.   We
> have tested other AP including Ruckus (802.11 b/g/n) and the problem
> remains.
>
> We could install two AP by classroom, but we would need to distribute the
> connections between each one.  Does someone know a solution without having
> to use different SSIDs to distribute traffic among multiple access points?
> Does someone have any suggestion to solve this issue, including other
> access point manufacturer?
>
> Any comment is welcome.
>
> Thanks,
>
> ---
> Luis Fernando Valverde
> Director de Tecnología de Información y Comunicaciones
> INCAE Business School
> Tel: 506+ 24 37 23 38
> www.incae.edu
>
> 
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
> --
> Ethan Sommer
> Associate Director of Core Services
> Gustavus Technology Services
> somm...@gustavus.edu
> 507-933-7042
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Disappointing numbers of 5ghz clients

[Coehoorn, Joel]

There was another thread on this same listserv -a month or two back
basically complaining about the lack of consumer laptops with 5ghz radios.
 When your average student or parent goes to buy a laptop for college,
pretty much everything they see is still 2.4Ghz. Even if they're looking for
5Ghz (and few do), most laptops just advertise for b/g/n and don't otherwise
tell you what spectrum it will use. The result is exactly what you're
seeing: the cleaner 5Ghz band is barely used, and students complain about
throughput on 2.4Ghz. Hopefully by next year's buying season we're seeing
more 5Ghz laptops in the market, but even then it will take a while before
your upperclassmen have the technology.

Joel Coehoorn
IT Director
402.363.5603



On Sun, Sep 25, 2011 at 9:05 AM, Jennifer Francis Wilson <
jfwils...@uclan.ac.uk> wrote:

> Anyone happy with the numbers of 5ghz clients connecting to their networks,
> compared to 2.4ghz clients?
>
> I'm only seeing around 25% of clients on 5ghz, despite having a decent
> density of dual radio 2.4/5ghz APs with band select switched on.
>
> A reasonable percentage of the 5ghz clients are from laptops we loan out
> which we know connect to 5ghz most of the time.
>
> Most clients seem to either not be 5ghz capable or their wireless
> NICs/drivers aren't choosing the 5ghz signal.
>
> (we have 802.11n on both 2.4 and 5ghz, with 20mhz channels on 5ghz and use
> the same ssids on both bands)
>
> Jen.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless in dorms

[Coehoorn, Joel]

That Altitude 4511 product looked interesting. I'm curious to know the
per-unit price on those, as quick google and amazon searches didn't bring
anything up in that regard. I'd also like to see one with a pass-through
port, so I can put one over an existing port in a student's room or
classroom and still connect the existing wired device at the same location.

We also were unable to find the budget for a traditional controller-based
system, but we managed to do pretty well for ourselves using APs from
Engenius (ECB-9500).  They run under $100 each, vs $400, $600, or more for
"enterprise" level access points, and we run them without a controller,
instead using existing infrastructure.  The cheaper APs plus no controller
put us in at about 1/10 what were quoted for a traditional Aruba or Cisco
system.

Of course, at that price we made a few compromises:

   - Reporting. This is huge. I don't get to know who's using what spectrum,
   and I often have to wait for students to tell me an access point isn't
   working in an area before I know about, rather than being proactive about
   it. We work around this because we have good er
   - Multiple SSIDs per access point. Our system actually will support this,
   but we haven't had the time to set it up yet.  We do have some basic
   divisions by geographical area on campus to split up broadcast domains, but
   that's it.
   - Fixed cell sizes (limited air space). My understanding is that more
   advanced systems can be set to automatically turn down transmission power
   based on the power from the neighboring access points, and thereby reduce
   the amount of airspace used by each client. We get by because we're small.
   Hand in hand with this is the need to manually tune channels. The access
   points we have support DD-WRT, which would allow us to tune this manually,
   but that would also mean buying and deploying more access points that we
   don't have budget for.
   - Limited to 50 access points for radius purposes with Windows Standard
   Server. Of course, we need more than 50 access points and so had to open up
   our dorm wifi (no encryption there at all :( ). Our administrative and
   classroom buildings are encrypted, though; we're small enough to be able to
   do it that way.  I'm working right now on a FreeRADIUS implementation that
   should fix this for us soon, but honestly our students **really like** the
   open wifi. We haven't had problems with campus neighbors and others leeching
   bandwidth, I have zero reports of abuse from tools like firesheep, and so
   while this is something I'm working on I'm not as rushed about it as I
   should be.

We're up to 78 access points now. Add in wiring some PoE injectors, and we
still spent less than $10,000 to unwire the whole campus.

Joel Coehoorn
York College IT Director
402.363.5603



On Mon, Sep 19, 2011 at 2:17 PM, Garry Peirce  wrote:

> 2 cents from someone in a similar boat.
>
> ** **
>
> Unfortunately, some of our campuses have been unable to support ubiquitous
> wireless in dorms due to cost.
>
> In some cases they have only common areas covered.
>
> That being the case , with wireless being the preferred access method along
> with a lack of local campus policy in this regard they’ve understandably
> connected SOHO wireless routers.
>
> ** **
>
> Some our of ResHalls caused us significant problems on the wired side at
> the start of this semester.
>
> Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we
> weren’t able to corral an issue until implementing blocking of unknown
> unicast (cisco UUFB) on the ResHall subnets.  This being a wireless forum,
> I’ll omit the details but in a nutshell, the issues were ICMP
> redirect/ARP-amplification related and would intermittently peg the
> attaching campus router’s CPU.
>
> I think efforts to search&fix offending devices or train students is
> entering a never ending battle.
>
> ** **
>
> As cheaper devices will not have A radios (not that many clients will
> either….) co-channel interference is likely common.
>
> Add in interference , ex. assuming a fair # of microwave ovens, and I’d
> think their wireless experience is less than spectacular with no one to
> reach out to for insight/support.
>
> ** **
>
> I feel such devices in ResHalls  add an unmanaged infrastructure that not
> only underserves the users but may also have consequences for the managed
> infrastructure it connects to.   I suppose by allowing them to use such
> devices, one can remove themselves from wireless infrastructure/client
> support, but I’d rather be in a position where we could supply the needed
> wireless service in a managed way and avoid their need to use them.
>
> ** **
>
> ** **
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ray DeJean
> *Sent:* Monday, September 19, 2011 11:04 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.

Re: [WIRELESS-LAN] Alternative POE injector for Ubiquiti wireless gear

[Coehoorn, Joel]

A quick check on Amazon shows they list for a mere $17 each:
http://www.amazon.com/Ubiquiti-POE-24-Power-Over-Ethernet/dp/B004EFHN66/ref=sr_1_8?ie=UTF8&qid=1311170318&sr=8-8

At that price, your solution might just be to get a stock of them so you can
switch them out quickly, and keep RMAing them.  Do that enough and the
company will get tired of fixing them and find a way to get you good stuff.


Joel Coehoorn
IT Director
402.363.5603



On Wed, Jul 20, 2011 at 8:35 AM, James F Eyrich  wrote:

> Laird
>
>
> On 7/20/2011 8:16 AM, Nathan Hay wrote:
>
>> We have several point-to-point wireless links on our campus using Ubiquiti
>> Bullet wireless access points.  These use a non-standard 24 V POE injector
>> to power them.
>>
>> Less than a year after the install, almost all our POE injectors died.
>>  We've been RMAing them, but it takes a long time and now the RMA units are
>> dying on me after just a few weeks.
>>
>> Has anyone found a replacement injector from another company to use with
>> the Ubiquiti Bullets?
>>
>> Thanks,
>>
>> Nathan
>>
>> Nathan P. Hay
>> Network Engineer | Information Technology
>> Cedarville University | www.cedarville.edu
>> 937-766-7905
>> twitter:  @nathanphay
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at 
>> http://www.educause.edu/**groups/
>> .
>>
>
> --
> James Eyrich
> Team Lead Network Design
> Wireless Service Manager
> CITES - Networking - Network Design and Support - Network Design Group
> University of Illinois
>
> eyr...@illinois.edu
> 217-265-6867
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at 
> http://www.educause.edu/**groups/
> .
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iOS devices on wireless

[Coehoorn, Joel]

The issue here is that students are here to do academic work, and the
network needs to support that first.  But I think that while they are doing
that academic work they are still... here.  This is their home, and we can't
forget that. If it were just another corporate network we would do things
like block all ports except 80 and a few friends and be done with it.

To those who feel like grouping by residential area can't be done, I say you
haven't tried hard enough.  We're small enough here that it's not a problem
for me personally, but I have visited much larger campuses where this
problem is solved.  If residence halls themselves are too large, group it by
floor or wing.  It does require more work up front getting the settings
right for features like vlan tunnelling with roaming, but once you've got it
done right the first time it doesn't take anything more keeping it there.  I
sympathize with those trying to avoid NAT.  That makes this much harder, but
I think it is still doable. It may be that you need a separate SSID that
serves out non-routable IPs to those wanting to use bonjour.

And as for bonjour/mDNS itself -- my opinion is that it's a great streaming
pile of a protocol that Apple never should have put into production, but
they did and so now I get to support it, at least in the sense where it's
not specifically forbidden.

Joel Coehoorn
IT Director
York College Nebraska
402.363.5603



On Fri, Jun 24, 2011 at 9:05 AM, Johnson, Neil M wrote:

> Even on on our wired side we have multiple L2 networks in the same dorm
> building. Our dorms are substantially bigger (800+ residents). When you
> only have two /16's for the entire campus and a desire not to do NAT, you
> have to make compromises.
>
> In addition, most of our dorms are right next to other academic buildings,
> so we have intra-building roaming to worry about. That can result in more
> complaints about connectivity issues than complaints about Bonjour not
> working.
>
> We have had some people expect to have Bonjour work between wired and
> wireless networks and have had to explain how that wasn't going to happen.
>
> -Neil
>
> --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
>
>
>
>
>
> On 6/23/11 1:53 PM, "Jeffrey Sessler"  wrote:
>
> >Bruce,
> >
> >I'm not sure I'm advocating large wireless networks at all... At the
> >minimum, ensuring a given user's devices are all in the same L2 network
> >doesn't change your desire to use smaller /23 subnets, it only requires
> >additional back-end support to ensure those devices are placed together.
> >Probably more work for IT staff, and potentially less efficient IP pool
> >use, but I'd argue it will provide a better customer experience.
> >
> >Even the desire to group devices within a given residential hall together
> >doesn't mandate a change in the size of your subnets, although I suspect
> >that would depend more on the size of your housing units. Our residential
> >halls are 80-100 beds, so an easy fit within smaller subnets.
> >
> >Jeff
> >
>  "Osborne, Bruce W"  6/23/2011 5:32 AM >>>
> >Jeff,
> >
> >Large wireless subnets increase airtime consumed by broadcast traffic.
> >That is why we use a VLan pool of /23 subnets.
> >
> >The clients are distributed automatically based on a hash of the mac
> >address & the number of subnets in the pool, so we cannot easily control
> >which subnet a user gets.
> >
> >Changing the number of subnets in the pool recalculates everybody's
> >subnet too, so we make sure we have plenty of capacity.
> >
> >
> >Bruce Osborne
> >Wireless Network Engineer
> >IT Network Services
> >
> >(434) 592-4229
> >
> >LIBERTY UNIVERSITY
> >40 Years of Training Champions for Christ: 1971-2011
> >
> >
> >-Original Message-
> >From: Jeffrey Sessler [mailto:j...@scrippscollege.edu]
> >Sent: Wednesday, June 22, 2011 4:30 PM
> >Subject: Re: iOS devices on wireless
> >
> >Bruce,
> >
> >You could, by any number of technical solutions, ensure that students
> >within a given residential space were all on the same L2 network. That is
> >to say, if a given residence hall is made up of 200 students, then it's
> >not technically difficult to ensure all the residential wireless devices
> >within that area are placed in the same VLAN. Or, at a minimum, to ensure
> >that a user's device(s) will always be in the same L2 network so that
> >they can see each other. If one can't do that, then I wouldn't consider
> >the wireless solution to be very flexible, especially given the trend in
> >devices wanting/needing to talk to each other.
> >
> >On my campus, students spend four years of their life in what we consider
> >a residential setting, and it seems only logical to me that the
> >experience should, to the extent possible, mimic home life. That is, it's
> >reasonable to me to expect a student's wireless devices to see each
> >other, and that they should be able to shar

Re: [WIRELESS-LAN] High client density WiFi?

[Coehoorn, Joel]

> Depends really what they're trying to do with the connectivity. The
> odd bit of web/email ought to be OK, but interactive 3D video might
> not if all of them were doing it at once :)

+1 for that.  We're a very small school with about 450 students, a 1:1 iPod
Touch program, and mandatory daily chapel.  That means typically around 400
wifi devices in the same room at the same time sitting in students pockets
every morning, most of them still 802.11g.  We serve it all off a single
access point.  The key is that students are really not supposed to be
checking the devices during chapel, and so it's almost all just background
traffic like push notifications.  This would fall apart in a heartbeat if
they tried doing anything more complicated.  This summer we'll be adding a
few access points to the space for when it sees use for other purposes.


Joel Coehoorn
IT Director
402.363.5603



On Thu, Apr 21, 2011 at 10:31 AM, Ian McDonald  wrote:

> We've been asked to do this before, in a large lecture theatre. In the
> event, not that many people tried to use it.
>
> We deployed 4 on 2.4Ghz G on 1,5,9,13 and then 8 Aps on 5G, auto channel
> assignment.
> I'm pretty sure you could simply tell your N access points that 2.4G was
> "right out" and do similar.
>
> FWIW, we have large theatres (mostly 350/300 or so), and we provide
> connectivity in them using wireless (normally 4 1142N's in the ceiling) and
> it appears to work OK, and we don't get whinging.
> Depends really what they're trying to do with the connectivity. The odd bit
> of web/email ought to be OK, but interactive 3D video might not if all of
> them were doing it at once :)
>
>
> Thanks
>
> --
> ian
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Palmer J.D.F.
> Sent: 21 April 2011 16:12
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] High client density WiFi?
>
> Hello,
>
> I've been posed a tricky question by someone on a planning committee for a
> new campus building.
> "...is it actually feasible for 500 simultaneous WiFi connections in a
> lecture room?"
>
> I was hoping that there would be someone that might have experience of
> answering (or providing a solution to) such a question who could offer some
> input as to whether this is possible, or how close to the figure of
> 500 could we realistically achieve with the technology currently available?
>
> We are Cisco a site so ideally any solution would need to be one Cisco is
> capable of delivering, but if there are other vendors that are proven to be
> able to provide this kind of coverage to good effect, then I'd be glad to
> hear of your experiences.
>
> All the best,
> Jezz Palmer.
>
> -
> Jezz Palmer
> Library & Information Services
> Swansea University
> Singleton Park
> Swansea
> SA2 8PP
> -
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.