Re: [WIRELESS-LAN] MPSK SSID Names

> On Jun 9, 2021, at 8:59 AM, Michael Dickson wrote: > > I'm curious if anyone is doing anything to prevent/discourage 802.1x capable > devices (laptops, tablets, smartphones) from connecting to the IoT network. > We would prefer these things stay on eduroam and currently use device >

Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

> On Apr 16, 2021, at 9:17 AM, Lee H Badman > <00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote: > > Exactly- hance the notion of simplifying… relying on application security, > 2FA etc for actual security while making simply connecting much, much easier. So with important

Re: [WIRELESS-LAN] Wireless Segmentation and NAC

> On Feb 1, 2021, at 7:26 PM, William Green wrote: > > I don't believe the network is the appropriate place for security to be > applied, but witnessing the carnage... I believe there is a careful > cost/benefit role. > > By n=1, I was clumsily referring to Terry Gray's Perimeter

Re: [WIRELESS-LAN] Wireless Segmentation and NAC

> On Jan 26, 2021, at 6:39 PM, William Green wrote: > > I've long been a proponent of Zero Trust (before it was called that). Yes the Jericho Forum and others were right about issues that are included in Zero Trust. Or at least one camp of Zero Trust. “Bekker says that the vendor landscape

Re: [WIRELESS-LAN] Wireless Segmentation and NAC

Now might be a good time to consider a Zero Trust Network Architecture. As mentioned on the page to download the NIST Zero Trust Network Architecture document "Zero trust focuses on protecting resources (assets, services, workflows, network accounts, etc.), not network segments, as the network

Re: [WIRELESS-LAN] MDNS Traffic - problem with wifi on campus

Are you sure that "No MAC protection” has disabled the lower data rates. Multicast is sent at the lowest data rate. So things that reduce multicast traffic or raise the rate of multicast traffic should help.

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156)

Not sure if these are WiFi friendly but my mom and her neighbors uses something similar to disguise the utility boxes in their yards. https://rocksfast.com/buy-online-deals/fake-rocks-boulders/utility-box-covers/ > On Aug 31, 2020, at 4:11 PM, Lee Weers wrote: > > About 2 years ago I

Re: [WIRELESS-LAN] AP Management Network Size

We take a more Zero Trust approach and don’t put APs on a separate Vlan. The APs are on the same Vlan as other devices in the building.. No problems in more than 14 years. We do give them private IPv4 numbers but they get public IPv6 numbers. > On Jun 17, 2020, at 2:56 PM, Jesse Thomas wrote:

Re: [WIRELESS-LAN] WLC interface groups?

On Aug 28, 2019, at 4:42 PM, Jake Snyder mailto:jsnyde...@gmail.com>> wrote: I’m a consultant and I HATE interface groups. It’s more complexity and more things to go wrong. Not a big enough address block? Re-subnet. If the switch can’t handle the arp entries, it can’t handle the arp

Re: [WIRELESS-LAN] wireless bridge for eduroam?

I have connected a Mikrotik using EAP-TLS. It appears to support PEAP also but I have not tested PEAP. On Jun 29, 2018, at 9:12 AM, Joseph Bernard mailto:j...@clemson.edu>> wrote: I haven’t looked in a few years, but is there a wireless ethernet bridge that support 802.1x/PEAP for

Re: [WIRELESS-LAN] PEAP vs TLS

> On Feb 23, 2018, at 10:58 AM, David Morton wrote: > > We currently use EAP-PEAP for our eduroam/802.1x, but are now considering > adding EAP-TLS to the mix. We have several potential PKIs that we could use, > but all of them will take some work to get them ready for a

Re: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

galaxy-s4-ipv6-borked/ I’m glad Samsung seems to have fixed the issue in S7 and later. > On 06/10/2017, 18:34, "The EDUCAUSE Wireless Issues Constituent Group > Listserv on behalf of Curtis, Bruce" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on > behalf of bruce.cur...@ndsu.edu

Re: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

This is an issue with the configuration on that particular WiFi network and not an architectural issue with IPv6. http://www.ibtimes.co.uk/why-your-smartphone-battery-being-drained-google-cisco-blame-ipv6-network-misconfiguration-1544393 IPv4 with NAT does have some architectural issues.

Re: [WIRELESS-LAN] multicast enabled on your wireless network?

> On Aug 16, 2017, at 5:33 PM, Johnson, Christopher wrote: > > Hi Tariq, > > I think it’s going to vary from vendor to vendor and what it means to have > “multicast enabled” - and how each vendor handles multicast traffic – and the > type of multicast traffic (Whether

Re: [WIRELESS-LAN] Cisco FlexConnect for large deployment

We have used flex connect in our Residence life buildings for many years (even back when it was called HREAP). About 4,300 students and around 500 APs. There have been some bugs which were annoying but usually there were workarounds. If you roam between Residence Life buildings the IPs

Re: [WIRELESS-LAN] Learning Catalytics App

. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis, Bruce Sent: Tuesday, May 27, 2014 5:29 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Learning Catalytics App On May

Re: [WIRELESS-LAN] Learning Catalytics App

On May 27, 2014, at 8:43 AM, Hector J Rios hr...@lsu.edu wrote: I was approached by one of our faculty to let me know that they are considering switching from their current “classroom clickers” technology (student response systems) to a web application called “learning catalytics”

Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

On Mar 27, 2014, at 12:25 AM, Tristan Gulyas tristan.gul...@monash.edu wrote: Hi all, We’ve seen several occurrences of an issue where wireless clients would not accept an IP address from our DHCP server after authenticating. This seems to be limited to Broadcom devices running either

Re: [WIRELESS-LAN] Guest Network Access Policy

On Jan 16, 2014, at 3:55 PM, Alexander, David alexa...@ohio.edu wrote: 1) Do you allow guests on your wireless network? Yes. a. If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)? Use eduroam

Re: [WIRELESS-LAN] 802.1x vs web-portal

I have been to hotels that use WPA2 for their wifi. You get an id and password at checkin, sometimes the id and password is tied to the room and not unique for every customer over time. While you can’t quite get the eduroam experience without a valid userid and password you could

Re: [WIRELESS-LAN] 802.11k

config wlan assisted-roaming prediction {enable | disable} wlan-id Mike Albano Network Engineer UNLV We enabled 802.11k in September and haven’t run into any problems that we can attribute to 802.11k. Begin forwarded message: From: Curtis, Bruce bruce.cur...@ndsu.edu Subject: Re

Re: [WIRELESS-LAN] 802.1x vs web-portal

On Nov 20, 2013, at 10:46 AM, Curtis K. Larsen (UIT-Network) curtis.k.lar...@utah.edu wrote: I wonder if this might be closer to what you are looking for: http://theruckusroom.typepad.com/files/dynamic-psk-fs.pdf It definitely looks interesting. -Curtis Larsen Aerohive also has

Re: [WIRELESS-LAN] 802.1x vs web-portal

On Nov 19, 2013, at 3:05 PM, Peter P Morrissey ppmor...@syr.edu wrote: Can anyone name an application that does not have strong encryption? Search engines such as Google and Bing only encrypt data if you log into the service. Even when logged into YouTube the video stream does not appear

Re: [WIRELESS-LAN] Cisco Client Load Balancing

This recommendation is specific to Cisco Wireless IP Phones but if Aggressive load balancing can cause a problem with an IP Phone it likely could cause the exact same problem with Skype. • Aggressive load balancing must be disabled for each controller. Otherwise, the initial roam

Re: [WIRELESS-LAN] Favorite wireless tweaks?

, 2013 at 5:57 PM, Curtis, Bruce bruce.cur...@ndsu.edu wrote: On Sep 16, 2013, at 4:32 PM, Eric T. Barnett ebarn...@astate.edu wrote: So I’m finally “caught up” a bit with the insanity that’s usually the first couple of weeks of school starting and I’m looking into trying some new things

Re: [WIRELESS-LAN] Dual Band Mac laptops...

What power are the 2.4 and 5 GHz radios set to on the AP in the room? If the clients see a higher power signal from 5 GHz they might be more likely to connect to the 5 GHz radio. With the extra channels you can set the power for the 5 GHz to 1 and still not worry about interfering with a

Re: [WIRELESS-LAN] Favorite wireless tweaks?

On Sep 16, 2013, at 4:32 PM, Eric T. Barnett ebarn...@astate.edu wrote: So I’m finally “caught up” a bit with the insanity that’s usually the first couple of weeks of school starting and I’m looking into trying some new things to make things run a bit better around here. I’m running 425 APs

Re: [WIRELESS-LAN] FreeRADIUS performance question

On Aug 22, 2012, at 6:31 PM, Gogan, James P wrote: A question for folks with relatively large 802.1x (greater than 15,000 unique clients) wi-fi deployment (EAP-TTLS) with a FreeRADIUS infrastructure using Kerberos as the backend authentication ….. - how many FreeRADIUS servers do you

Re: [WIRELESS-LAN] IPv6 only SSID with Cisco

On Jun 8, 2012, at 8:35 AM, Dan Brisson wrote: I searched back through the archives but haven't stumbled on to anything regarding this topic, and now that World IPv6 Launch day is behind us, I'm curious if anyone has setup a v6 only SSID in a Cisco WLC environment. It seems like a good

Re: [WIRELESS-LAN] IPv6 only SSID with Cisco

until after we upgrade our hardware. Wish we could run RA Guard now but until we can it has helped to set the RA Router Advertisement to high on the IPv6 interfaces for our router with ipv6 nd router-preference High On Jun 8, 2012, at 9:27 AM, Curtis, Bruce wrote: On Jun 8

Re: [WIRELESS-LAN] DHCP address assignment required

On Jun 5, 2012, at 3:50 PM, Christina Klam wrote: I have been working with Cisco on an intermittent issue with some Android devices not being able to get a DHCP address or keep their connection once they get an IP. At their suggestion, I changed the QoS to Silver from Gold. That helped. But,

Re: [WIRELESS-LAN] shared lab devices using enterprise WPA2

On Sep 27, 2011, at 3:55 PM, William John Bigelow wrote: Anyone have thoughts on how shared laptops or laptop lab devices should be handled using enterprise WPA2/802.1x? Our cluster folks wanted to be able to manage the laptops when they were powered on but nobody was logged into them.

Re: [WIRELESS-LAN] option 43 for finding master controller

We put APs in classes by matching their vendor class. set vendor_class = option vendor-class-identifier; if substring (option vendor-class-identifier, 0 , 14) = Cisco AP c1130 { vendor-option-space CiscoAP; } if substring (option vendor-class-identifier, 0 , 14) = Cisco

Re: [WIRELESS-LAN] 802.1x and password change policy...

/ Do you have a PKI for other purposes as well? We use certs for web servers of course but are considering using the client side certs for more than wireless. Philippe On Feb 25, 2011, at 3:35 PM, Curtis, Bruce wrote: On Feb 14, 2011, at 12:28 PM, Hanset, Philippe C wrote: All

Re: [WIRELESS-LAN] WiFi blockers in classrooms

On Nov 19, 2010, at 10:35 AM, Greg Schaffer wrote: Finally, with regards to WiFi blocking, I don't think the simplest solution has been offered yet. If the wireless is accessed via credentials, create an LDAP/AD/Radius interface that can disable those accounts during a specified class

Re: [WIRELESS-LAN] WiFi blockers in classrooms

is an instructor issue, and yes it does nothing to address 3/4G. But it's an interesting academic exercise...if you'll pardon the pun :) Greg On Fri, Nov 19, 2010 at 12:13 PM, Curtis, Bruce bruce.cur...@ndsu.edu wrote: On Nov 19, 2010, at 10:35 AM, Greg Schaffer wrote: Finally

Re: [WIRELESS-LAN] Android devices and DHCP issue

On Nov 16, 2010, at 2:10 PM, Gogan, James P wrote: Was wondering how many other folks have run into the Android device/DHCP issue well summarized by the Princeton folks (http://www.net.princeton.edu/android/android-stops-renewing-lease-keeps-using-IP-address-11236.html) and what folks

Re: [WIRELESS-LAN] Android 2.2 disappointing on the secure WLAN- is it just us?

On Sep 29, 2010, at 12:55 PM, Lee H Badman wrote: We have three cases of Droid smartphones that worked wonderfully on our 802.1x/WPA2 WLAN on Android 2.1 operating system. Since going to 2.2 with the devices, getting them to connect to the secure wireless network is almost impossible.