from:"Glinsky, Eric"

RE: PoE Load Tester Recommendation

2021-09-09 Thread Glinsky, Eric

We use NetAlly LinkRunners here, the G2 most recently. 
https://www.netally.com/products/linkrunnerg2/

The G2 will load test up to 90W, the older AT2000 will do 30W. A nice bonus on 
the G2 is the PoE power will charge the device. The copper TDR test, tone 
generation, connectivity tests, and CDP/LLDP neighbor information are also very 
helpful in our daily operations.

I was going to write that I was never able to get a LinkRunner to pull any more 
than 15W from any of our Cisco switches, but then I realized that LLDP wasn't 
enabled on our switches, and after configuring "lldp run" globally on my PoE+ 
test switch, the G2 now pulls 25W as it should when set to Class 4 with LLDP 
enabled. Apparently it's disabled by default. Just something for Cisco shops to 
watch out for. I haven't had a chance to test on a UPOE switch yet.

If I choose any class above Class 4 (25.5W) in the G2, LLDP is no longer an 
option, and if hooked up to my PoE+ test switch, the G2 will only pull 13W and 
not try to maximize the power it can pull (25W). So, I just have to choose 
whichever class the switch is capable of for accurate testing, unless they 
improve this in software updates.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Tuesday, September 7, 2021 5:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] PoE Load Tester Recommendation

*Message sent from a system outside of UConn.*

Can anyone recommend a device to PoE load test network jacks? I have some jacks 
that pass the installer's Category Certification, but are not passing the 
appropriate PoE to bring the APs online. I would like to be able to load test 
for 802.3af, 802.3at, and 802.3bt (at both 60W and 90W), as appropriate. I 
assume I would need to be able to set the load to apply (in Watts) and see the 
voltage level at the Powered Device. The usual constraints apply. Cheaper, but 
reliable is best.
Thanks,
Brad


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco WLC 5508 software recommendations

2021-09-07 Thread Glinsky, Eric

So far so good with 8.5.171.0 on 8540s and a variety of APs.
Eric Glinsky
Network Administrator
University of Connecticut
ITS - Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Entwistle, Bruce
Sent: Tuesday, September 7, 2021 11:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC 5508 software recommendations

*Message sent from a system outside of UConn.*


We are looking to upgrade our pair of 5508 controllers from the current 
version, 8.5.151.0.  We cannot move beyond the 8.5 code as we are still using 
some older 3500 access points. I have seen many comments regarding versions of 
code to avoid, but was looking to see what versions the group has found to be 
stable and would recommend moving to.



Thank you

Bruce Entwistle

Network Manager

University of Redlands






**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Glinsky, Eric

I used AD CS in the past for a private CA, so assuming you have Windows servers 
at your disposal, you could do this quickly (depending how nimble your 
organization is) and get the new root ready now as Tim recommended.

An upside to AD CS is every domain-joined Windows machine will automatically 
trust the cert. I don't have personal experience with onboarding tools, so 
someone can correct me if I'm wrong, but I imagine this would result in those 
managed machines not needing to be re-enrolled with SecureW2, reducing support 
burden after the switch (but not eliminating it, of course, because BYOD/IOT).

Here's a doc from Microsoft on deploying server certificates for 802.1X. I 
don't know if it's best practice/most up to date after the Android 11 issues, 
but it should be a good starting point.

https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/deploy-server-certificates-for-802.1x-wired-and-wireless-deployments

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Tuesday, August 10, 2021 11:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

*Message sent from a system outside of UConn.*

Jonathan,

As I mentioned in my first reply, just use the certificate that is still valid 
on all nodes in your CPPM cluster for EAP. This will allow existing clients to 
still authenticate.

When that cert expires, you'll need to look at re-onboarding clients and at 
that point and I'd recommend moving to a PKI you control (even just a basic 
offline root using openssl). I'd recommend at least spinning up the root now 
and including it in the CAT tool config so new clients that connect will be 
ready for that change.

tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jonathan Miller mailto:jmill...@fandm.edu>>
Date: Tuesday, August 10, 2021 at 10:59
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root
You don't often get email from jmill...@fandm.edu. 
Learn why this is important
Thank you all for the informative replies.  As is probably obvious, when we 
initially rolled this out, we were completely unaware of the best practices, 
and are currently working to correct that and get our infrastructure where it 
should be.

We do not have an in-house PKI expert, but we are not completely unfamiliar 
with OpenSSL.  We do not currently have any internal CA as we've just used 
InCommon for all of our certificate needs.

If we want to do this right, my understanding is that the process is to:
1.  Create a Root CA with a long-lived certificate
2.  Create a certificate for our ClearPass servers, signed by that Root CA, 
making sure to include the attributes listed here:  
https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations
3.  Apply the certificate to ClearPass and distribute our new Root CA via CAT 
or other means

Would we be crazy to try to accomplish this inside of the 2 weeks that we have 
before students start to return to campus?  Any advice is appreciated, just 
trying to steer this boat away from the iceberg.

Thanks,

Jonathan Miller
Senior Network Analyst
Franklin and Marshall College


On Mon, Aug 9, 2021 at 12:12 PM Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>> wrote:
CA's have done nothing is fifteen plus years, so from a risk management 
perspective, the chance of them changing course now is rather low. As to future 
RFCs, even if that happened tomorrow, it could be a decade or more before there 
was broad support, and more importantly, we could think about enforcement.

Jeff


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Monday, August 09, 2021 8:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

CA policies really have nothing to do with implementations of other protocols. 
There have been many discussions about this on this list and others, and a 
future RFC will likely include further clarity. However, as I've said in the 
past, RFCs do not dictate CA/B policies.

If we're going to continue this discussion, we should fork a

RE: Multi sim 4G routers

2021-07-21 Thread Glinsky, Eric

We have a couple FortiGate 60Ds with built-in 4G modems in food trucks. They've 
been in place for years and I've never heard of any trouble with them. I'm not 
sure any FortiGates still come with built-in 4G, though. The 60F just says it 
supports connectivity to a USB modem. Maybe other firewall vendors commonly 
used by EDUs have something similar, maybe even with multi SIMs?

Out of curiosity, how remote is remote? Enough that you're unable to get 
Cable/DSL/Fiber connectivity there? Or are these outdoor spaces where they 
power up equipment as needed?

We have around 20 locations with a cable or DSL Internet connection with static 
IP, and a FortiGate 60 series with an IPSEC VPN back to campus. 
Post-installation issues are almost always ISP-related in various ways, not 
firewall/VPN-related.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Luke Whitworth
Sent: Wednesday, July 21, 2021 9:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Multi sim 4G routers

*Message sent from a system outside of UConn.*

Hi all,

We've got a requirement to support some learning spaces in remote locations.  
We use Aruba wireless so if we can have some remote APs there, we just need to 
work out how to backhaul them.  In the past I've resorted to a Raspberry Pi and 
a 4G USB dongle (as although some Aruba access points have USB modem support it 
was a nightmare that I gave up on).  However, for this people are wanting more 
bandwidth and resiliency, and a plug in and go solution.  I've found 
https://teltonika-networks.com/product/rutx09/,
 which seemingly ticks lots of boxes but I was wondering if anyone has any 
experience with products / vendors in this area that they'd be happy to share?  
Ideally we'd like multiple SIMs that we can load balance over, so we just plug 
in a few APs and live in hope that all users don't associate with just one AP!

Cheers,

Luke

Luke Whitworth
Network Specialist
Information Services
Building 63 (IT) G46, Cranfield University, Cranfield, Bedfordshire MK43 0AL
E: luke.whitwo...@cranfield.ac.uk
T: +44 (0) 1234 75 4007
W: 
www.cranfield.ac.uk

This email and any attachments to it may be confidential and are intended only 
for the named addressee. If you are not the named addressee, please accept our 
apology, notify the sender immediately and then delete the email. We request 
that you do not disclose, use, copy or distribute any information within it.

Any opinions expressed are not necessarily the corporate view of Cranfield 
University. This email is not intended to be contractually binding unless 
specifically stated and the sender is an authorised University signatory.

Whilst we have taken steps to ensure that this email and all attachments are 
free from any virus, we advise that, in keeping with good computing practice, 
the recipient should ensure they are actually virus free.


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Experience with Directional External Antennas on Cisco

2021-06-03 Thread Glinsky, Eric

Ventev here:

https://ventevinfra.com/

We used a mix of different types of Ventev and Cisco ones for our sports arena 
and they've all been fine. If I recall, the designer would have preferred 
Ventev over the Cisco ones for a slightly smaller form factor for the same 
functionality and lower price, though price wasn't a factor in that case.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kris Vangeel
Sent: Thursday, June 3, 2021 7:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Experience with Directional External Antennas on Cisco

*Message sent from a system outside of UConn.*

Which directional antenna brands (patch and high density patch) do you use on 
Cisco APs and what are your experiences them  (good or bad) ?

(We mainly used 2802 APs until recently and have moved towards 9120 APs as our 
standard AP)

Thanks a lot

Kris Vangeel
University of Leuven

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: A quick roundup of clients per standard in universities

2021-03-08 Thread Glinsky, Eric

Hi Manon,

I wanted to point out that the numbers I provide don't reflect on client 
capability, just what protocol they actually connect with. For example, 
inevitably we have some AX-capable clients on campus, but we don't have any AX 
APs deployed, so I had to put in 0 for AX clients. We do still have areas with 
N-only APs deployed. There could be areas with coverage issues where an 
AC-capable client might be reduced to N on 2.4 GHz. So our client balance is 
overwhelmingly N, even though I'm sure we'd see many more AC and AX clients if 
we had the infrastructure and coverage for it everywhere.

It'll be interesting to see how our balance compares to the resulting data from 
the survey.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Manon Lessard
Sent: Monday, March 8, 2021 9:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] A quick roundup of clients per standard in universities

*Message sent from a system outside of UConn.*

Good morning everyone

I am working on a paper for a uni class I am currently taking, and I am 
wondering about the client mix in other universities.
Of course, some of us have few students on campus because of Covid, but 
nevertheless I would appreciate your input as to what the client mix looks like 
in your institution. If you do not mind helping me gathering data, please fill 
my little survey 
here

Thank you for your time and contribution!

Manon Lessard
Chargée de programmation et d'analyse
CCNP, CWNE #275
Direction des technologies de l'information
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada
418 656-2131, poste 412853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca
www.dti.ulaval.ca
Avis relatif à la confidentialité | Notice of 
Confidentiality



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Outdoor WLANs?

2021-02-18 Thread Glinsky, Eric

We broadcast the usual 3 SSIDs (branded, guest, eduroam) in the few locations 
we have outdoor WiFi for general use. We’ve also started setting up outdoor APs 
for athletic venues for ticket scanners. In one area, we added the ticket 
scanning SSID to the others. In other, predictably more crowded areas, like 
ticket booths adjacent to outdoor bleachers, we’ve been dedicating one AP to 
ticket scanning.

Eric Glinsky
Network Administrator
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Mike Atkins 
Sent: Thursday, February 18, 2021 5:53:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Outdoor WLANs?


*Message sent from a system outside of UConn.*


For those of you running outdoor Wi-Fi covering public space, do you broadcast 
the same WLANs as in building?  Do you have a specific strategy for why or why 
not?



TLDR:
Being a Northern Indiana campus, the demand for outdoor Wi-Fi during the school 
year has been fairly low.  Last year has changed this for all of us.  We face 
the same challenges as everyone else with cost/aesthetics vs return on 
investment.  We are looking to provide some legit coverage this year and get 
out of the "temporary" outdoor setups.  We are a two SSID campus with eduroam 
being our dot1X secure network and ND-guest being open unauthenticated Internet 
access only "guest" network. The question came up out of a discussion related 
to ensuring performance for faculty/staff/students in the public outdoor spaces 
but my other concern is for our Information Security group.  An open guest 
network might be okay in a building where we can track your device down fairly 
quickly but outdoors might complicate this.  I think the campus user 
expectation is both SSID's everywhere.  Trying to get some thoughts from around 
the block.


--








Mike Atkins

Infrastructure Architect

Office of Information Technology

University of Notre Dame

Phone: 574-631-7210





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco Trainings on converting WLC Air-OS to IOS-XE

2021-02-05 Thread Glinsky, Eric

I attended the first one the other day and found it surprisingly helpful for a 
first session. Looking forward to the others.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Christina Klam
Sent: Friday, February 5, 2021 10:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Trainings on converting WLC Air-OS to IOS-XE

*Message sent from a system outside of UConn.*

All,
Cisco must have heard our concerns.   I just got an email about a set of 
trainings for transitioning to 9800s.
https://web.cvent.com/event/bcba04b5-6a9b-4a17-ac1e-ae718fd184bd/websitePage:53f5a941-4c4c-4a6f-8787-38f44a092bb4

Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
(m) +1 609-751-7899
(o) +1 609-734-8154
ck...@ias.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Android 11 and Cert Verification

2021-01-14 Thread Glinsky, Eric

Is anyone starting to get complaints of not being able to connect to 802.1x/EAP 
since December’s Android updates mentioned below? I can’t seem to find any 
official information about this, just from the Reddit post below and a few 
other sources including this SecureW2 blog:
https://www.securew2.com/blog/android-11-server-certificate-validation-error-solution/

https://httptoolkit.tech/blog/android-11-trust-ca-certificates/

We had a user reset their account password today, and after forgetting the 
network, they are no longer able to connect with their Pixel 3 XL. I was told 
by one of our students who went to assist this user that the menu to “Do Not 
Validate” is greyed out for the CA certificate. A student from the helpdesk 
forgot the network from their own Pixel and now cannot reconnect; a domain is 
required. They sent the following screenshot.
[cid:image001.png@01D6EA94.F78905E0]


From: The EDUCAUSE Wireless Issues Community Group Listserv <[log in to 
unmask]>
Date: Tuesday, October 13, 2020 at 14:27
To: [log in to 
unmask]
 <[log in to 
unmask]>
Subject: Re: [WIRELESS-LAN] Android 11 and Cert Verification
Tim, et al,

So the issue with advance certificate onboarding is that it requires a process 
in advance that most students would have issues with. Issuing certs in advance 
is more of a process for company-owned devices.  It doesn’t work well with BYOD 
clients that have dynamic VLAN placement based on returned filter-IDs from a 
RADIUS/NPS server.

Most vendors walk you through a quick and dirty setup of NPS for 802.1x auth 
and VLAN placement, and therefore, they are interested in simple auth at the 
expense of security.  However, with Android 11 (and possibly a bit further 
back), that bypass of “don’t validate”, etc, isn’t an option.

To have a proper cert setup get pushed out to the client, there needs to be a 
more complex setup on the backend than is originally thought.

My server and AD team is actively working on this.  This article is a good 
place to start, and it has links to other portions of the setup.  I hope this 
helps.  I’ll try to let everyone know how it works out when we are done.

https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-cert-requirements


__
__



Fishel Erps,
Sr. Network & Infrastructure Engineer
School of Visual Arts


136 W 21st St., 8th Floor


New York, NY, 10011


LL: 212-592-2416
E:  [log in to 
unmask]
___

Please excuse any typographical
errors as this e-mail has been sent
from my mobile device
___






On Oct 13, 2020, at 14:00, Tim Cappalli <[log in to 
unmask]>
 wrote:

Just do a quick Google search and you’ll see how many situations instruct users 
to not validate the server identity (across many operating systems).

It is (and has always been) the #1 problem with legacy credentials/auth methods 
with tunneled EAP.

tim

From: The EDUCAUSE Wireless Issues Community Group Listserv <[log in to 
unmask]>
Date: Tuesday, October 13, 2020 at

RE: [WIRELESS-LAN] Cisco WLC 9800 Gotchas

2020-12-10 Thread Glinsky, Eric

Hi Jesse,

Good to know about activating LAN ports on the 9105s, thanks. We’ll be facing 
that issue soon when we start testing them.

I do see a way to enable and specify VLANs for LAN ports in Prime. Your mileage 
may vary; this doesn’t seem to work with an 1815W, probably only did on 702W, 
but maybe the 9105AXW is different?

In version 3.7 at least, go to the Menu > Configuration > Templates > 
Lightweight Access Points, then you can create a new template. Under AP 
Parameters, look for the AP LAN Port Configuration section. The changes made 
here reflect on the AP in the WLC GUI at Interfaces > LAN Ports > LAN Override, 
though that’s only to enable the ports; the VLAN IDs don’t show up there on 
1815Ws but do on 702Ws. Maybe there’s some combination of AP group/FlexConnect 
mode/VLAN tagging settings that would make it work on 1815W and/or 9105AXW?
Between utilizing those templates and CSV uploads of MAC-to-AP name 
assignments, we never have to use scripts/CLI to configure our APs. We use the 
templates to change AP group, enable FlexConnect mode and VLAN support, assign 
controllers, disable certain 2.4Gradios, assign WLCs, etc. I’d be happy to 
discuss on- or off-list if anyone wants to know specifics, since using the 
templates to make so many changes on the 1815Ws with the FlexConnect config 
gets flakey if you don’t stagger changes and make them in the right order.
Eric Glinsky
Network Administrator
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jesse Thomas
Sent: Thursday, December 10, 2020 12:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC 9800 Gotchas

*Message sent from a system outside of UConn.*

Hi Everyone,

We are boldly moving forward with a deployment of two 9800-40s (HA pair) and 
about 400 of the new 9105AXW access points. We have encountered a couple of 
minor issues thus far and I am curious if anyone in the group has also 
experienced them and perhaps has some recommendations for workarounds.

1. Oddly, there does not appear to be a way to enable the LAN ports on the 
access points via a policy or tag within the RLAN configuration. We have 
confirmed this behavior with TAC and filed for an enhancement request. Our 
current plan is to export a list of all APs and then do a bulk configuration 
via the CLI.

2. We intend to manage this new setup via Prime Infrastructure and potentially 
move to DNAC once we retire our older equipment that is not supported on the 
new platform. However, there does not seem to be a straightforward way to apply 
existing tags/policies created on the WLC to APs within Prime, and 
documentation is sparse in this area.

Thanks for any insights you can provide on these topics.

Regards,


--
Jesse Thomas
Network & Systems Administrator
Hamilton College
315-859-4211

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Fast transition roaming

2020-12-04 Thread Glinsky, Eric

Thanks, Jenn, I had forgotten about Mike Albano's list and have bookmarked it 
for future reference!

As an aside, I remember some of you mentioning utilizing two different SSIDs to 
improve client experience. For example, your branded SSID would be 5 GHz only, 
and eduroam would be dual-band for legacy clients. For any of you who do this, 
do you also have 802.11r and .11k enabled on one but not the other? And does 
having the separate SSIDs cause a lot of confusion and help desk calls?

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jennifer Minella
Sent: Friday, December 4, 2020 9:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Fast transition roaming

*Message sent from a system outside of UConn.*

Eric,
Admittedly I'm skimming here, but wanted to just throw in the note that 
ultimately it's up to whether the client supports the various roaming 
protocols. Not all do, and there's no (IMO) intuitive line there, no pattern or 
specific date, etc. at which point you can easily say "this client would 
support xyz". I'm not cool enough to remember all the details of what all 
clients support. There's some info at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclients.mikealbano.com%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=wl9VhsiKHstLHqEDziQNIUSMtjBQ5Wcm9eBLdQmqdo4%3Dreserved=0
 I refer to regularly - if you pop that out it has the 11v protocol but it 
doesn't look it lists 11k or 11r unfortunately. Someone else here may have 
another resource that's better for roaming info.

+1 on CTS (Clear to Send) podcast links Jethro sent, great peeps and info!

Hope that helps a tiny bit!
-jj

___
Jennifer Minella, CISSP, HP MASE
VP of Engineering & Security
Carolina Advanced Digital, Inc.
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cadinc.com%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=9fpv9jLgkJmtak8%2Bl5Xb1U50ID%2BYIUw7mQob6u97%2FcA%3Dreserved=0
j...@cadinc.com
919.460.1313 Main Office
919.539.2726 Mobile/text

-Original Message-
From: Jethro R Binks 
Sent: Thursday, December 3, 2020 5:08 AM
Subject: Re: Fast transition roaming

Clear To Send podcast had several episodes/posts covering these (and v):

https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2F802-11k-802-11v%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=MgfN30CW%2BMjDEFDGt9RAdRY6rCMusq39BHy3RYLsvBE%3Dreserved=0

https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Fcts-206-a-look-into-802-11k%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=hcsf93lzXN738vg3kntzsSaYM0pLRhk%2F2hWmFjAtdPA%3Dreserved=0

https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Fcts-211-a-look-into-802-11v%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=fKYSN1qmfcnVDN%2BZCg0i5QwhE%2FXRcVQsEpmBTQ223ps%3Dreserved=0

https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Ffast-bss-transition-802-11r%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C0c401a08d4a24219671c08d89861b196%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C0%7C637426892645029925%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=TIbYcG5zY85MDmbkgFl4UNrQOc5zxv%2BdnvLdg%2Fu86wU%3Dreserved=0

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in Scotland, 
number SC015263.

On Wed, 2 Dec 2020, Glinsky, Eric wrote:

> Hi everyone,
>
> We are reviewing our WLAN-level settings and are curious about what others 
> institutions are doing for fast transition.
>
>
> 1.  Do you use 802.11r?
>
> 2.  How about .11k?
>
> 3.  If you do, did you notice improvements in device roaming, whether 
> they are stationary or movin

RE: [WIRELESS-LAN] Fast transition roaming

2020-12-03 Thread Glinsky, Eric

Thank you for those links, Jethro, good information. Also thanks to Dennis and 
Peter for sharing your experiences.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jethro R Binks
Sent: Thursday, December 3, 2020 5:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Fast transition roaming

*Message sent from a system outside of UConn.*


Clear To Send podcast had several episodes/posts covering these (and v):

  
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2F802-11k-802-11v%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C1feed67793e64b2f231308d897736032%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C637425869512282702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=oW1GvMISg5DEQ4IdJqZY3GiM0K%2Fb5CrmLVK9EN269Cg%3Dreserved=0

  
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Fcts-206-a-look-into-802-11k%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C1feed67793e64b2f231308d897736032%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C637425869512282702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=4oD%2BlXewkCRAJ4qxE1z4inL17RdJXDHhmhfmH81HJjQ%3Dreserved=0

  
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Fcts-211-a-look-into-802-11v%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C1feed67793e64b2f231308d897736032%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C637425869512282702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=YtH1gEeSgkxUQD0y0meNwsWVUKvh4UrNeF9zhAqLeIw%3Dreserved=0

  
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cleartosend.net%2Ffast-bss-transition-802-11r%2Fdata=04%7C01%7Ceg%40UCONN.EDU%7C1feed67793e64b2f231308d897736032%7C17f1a87e2a254eaab9df9d439034b080%7C0%7C1%7C637425869512282702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=UHq10O2KJwYj9%2FIiC5GAOeVW2gyrjIqI0juFjM%2F2Ev8%3Dreserved=0


Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in Scotland, 
number SC015263.



On Wed, 2 Dec 2020, Glinsky, Eric wrote:

> Hi everyone,
>
> We are reviewing our WLAN-level settings and are curious about what others 
> institutions are doing for fast transition.
>
>
> 1.  Do you use 802.11r?
>
> 2.  How about .11k?
>
> 3.  If you do, did you notice improvements in device roaming, whether 
> they are stationary or moving?
>
> 4.  Were there any implementation pains?
>
> 5.  Would you mind sharing exactly which settings you use; in Cisco 
> terms, Fast Transition enabled or adaptive; over the DS checked or not; FT 
> 802.1x/FT psk or no; 11k neighbor list enabled or not
>
> 6.  If you do not use 802.11k and/or 802.11r, why not?
>
> We don't have 801.11r or 802.11k enabled at this point and are leery of 
> enabling it due to potential compatibility issues, though it could certainly 
> improve the client experience if it works.
> I looked through the archives and this hasn't been discussed for at least a 
> couple years, and it seemed like more of a Cisco code issue at that time, so 
> looking forward to hearing about your experiences now with the last code, 
> drivers, devices, etc.
>
> I found an interesting blog on various FT settings with Cisco, which leads me 
> to believe that if we were to enable 802.11r on our Cisco controller, we 
> would set it to Enabled, and check off both 802.1x and FT 802.1x for 
> compatibility. Interestingly, the Adaptive setting is specific to Cisco-Apple.
>
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmac-
> wifi.com%2Fciscos-802-11r-ft-settings-adaptive-mode-explained%2Fd
> ata=04%7C01%7Ceg%40UCONN.EDU%7C1feed67793e64b2f231308d897736032%7C17f1
> a87e2a254eaab9df9d439034b080%7C0%7C1%7C637425869512282702%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
> I6Mn0%3D%7C1000sdata=u1lPomurpvpYNZvWddZO%2BPQfsUXkAx8xX7SbaLljm3
> I%3Dreserved=0
>
> Also the Cisco Best Practices for iOS Devices guide has a couple sections on 
> 802.11r and Adaptive 802.11r. One takeaway from that is it's best for 
> high-density, enterprise environments to use over-the-air FT (i.e. over the 
> over-the-distribution system unchecked).
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fwireless%2Fcontroller%2Fte
> chnotes%2F8-6%2FEnterprise_Best_Practices_for_iOS_devices_and_Mac_comp
> uters_on_Cisco_Wireless_LAN.pd

Fast transition roaming

2020-12-02 Thread Glinsky, Eric

Hi everyone,

We are reviewing our WLAN-level settings and are curious about what others
institutions are doing for fast transition.

1. Do you use 802.11r?

2. How about .11k?

3. If you do, did you notice improvements in device roaming, whether they
are stationary or moving?

4. Were there any implementation pains?

5. Would you mind sharing exactly which settings you use; in Cisco terms,
Fast Transition enabled or adaptive; over the DS checked or not; FT 802.1x/FT
psk or no; 11k neighbor list enabled or not

6. If you do not use 802.11k and/or 802.11r, why not?

We don't have 801.11r or 802.11k enabled at this point and are leery of
enabling it due to potential compatibility issues, though it could certainly
improve the client experience if it works.
I looked through the archives and this hasn't been discussed for at least a
couple years, and it seemed like more of a Cisco code issue at that time, so
looking forward to hearing about your experiences now with the last code,
drivers, devices, etc.

I found an interesting blog on various FT settings with Cisco, which leads me
to believe that if we were to enable 802.11r on our Cisco controller, we would
set it to Enabled, and check off both 802.1x and FT 802.1x for compatibility.
Interestingly, the Adaptive setting is specific to Cisco-Apple.

https://mac-wifi.com/ciscos-802-11r-ft-settings-adaptive-mode-explained/

Also the Cisco Best Practices for iOS Devices guide has a couple sections on
802.11r and Adaptive 802.11r. One takeaway from that is it's best for
high-density, enterprise environments to use over-the-air FT (i.e. over the
over-the-distribution system unchecked).
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practices_for_iOS_devices_and_Mac_computers_on_Cisco_Wireless_LAN.pdf#%5B%7B%22num%22%3A40%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C105%2C570%2C0%5D

Thanks,
Eric Glinsky
Network Administrator
University of Connecticut
ITS - Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] 8540 Code version- holiday work

2020-11-20 Thread Glinsky, Eric

Avoid 8.5.161.0 if you have 2800/3800s. 8.5.161.6 has been working better for 
us, though our campus population is sparse with COVID and the particular issues 
we were having were in higher traffic areas.

Eric Glinsky
Network Administrator
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Matthew Craig 

Sent: Friday, November 20, 2020 12:59:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] 8540 Code version- holiday work


*Message sent from a system outside of UConn.*


Lee,

We’re currently running 8.5.135.0, and its been running fine for us for a long 
time, despite multiple comments on this list of problems with that code.

However just within in last couple of months or so we’ve been chasing problems 
with clients in dorms connecting to 702w (but dorms with 1815w are fine).  
Clients keep dropping and re-associating; rapid tx errors causing 
de-associating then coming back in the logs etc...


We think something had to have changed on the client side as we’ve had no 
issues for a long time prior… students bought a bunch of new ax chipsets this 
semester that don’t like older N radios?, bigsur updates?… haven’t been able to 
pin it down.



Cisco won’t say much more than ditch 702w… but can’t do that on a dime of 
course.



We have been targeting 8.5.151.0 and 8.5.161.0 as an upgrade path to see if it 
helps.  8.5.161.0 is the recommended TAC release, but I have a somewhat 
irrational feeling to try 8.5.151.0 first.  Your comments about 8.5.151.0 not 
totally sucking vindicate my feeling!  :)



-
Matt Craig
Network Engineer
Information and Communication Technologies
New Mexico State University









On Nov 20, 2020, at 4:30 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:

WARNING: This email originated external to the NMSU email system. Do not click 
on links or open attachments unless you are sure the content is safe.

Knowing that there is no easy answer on questions of Cisco code versions, I’ll 
throw it out there anyways. We have been on 8.5.151.0 for quite some time now , 
with mostly good reliability for 3700s and 3800s alike (occasional need to 
reboot 3700s), We are due to minimally reboot everything, and I’ve been 
following the various discussions regarding code bugs and specific client 
issues these past few months.



So curious- is there a solid, reliable newer version to consider? We are not in 
a hurry to get into .11ax yet for a number of reasons. Given the long and 
problematic history of WLC code, 8.5.151.0 has been as close to “wow, it 
actually doesn’t totally suck” as we’ve ever been.



Regards,



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu w 
its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems

SYRACUSE UNIVERSITY
syr.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at

Re: MacOS Disconnections on Cisco Controllers

2020-10-26 Thread Glinsky, Eric

Jordan, looking forward to hearing more about this. Does it seem to be Macs 
only or iPhone and iPad also? We’re having issues with Macs also, and we 
haven’t done troubleshooting like you have but sounds like it could be related.

Eric Glinsky
Network Administrator
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Cox, Jordan D 

Sent: Monday, October 26, 2020 11:37:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] MacOS Disconnections on Cisco Controllers


*Message sent from a system outside of UConn.*


Good morning,



We have been working with Cisco TAC to troubleshoot an issue where our MacOS 
clients will randomly lose connectivity to the default gateway (and thus 
internet etc.). The wireless will stay connected in the run state, but the Mac 
will send out repeated ARP requests for the default gateway during the outages. 
The outages last between 20 seconds to 5 minutes and is resolved once the 
client gets an ARP response from the gateway.



We have packet captures showing ARP requests going through the CAPWAP tunnel to 
the controller but NOT leaving the controller to the gateway during the 
outages. TAC has acknowledged the problem is on the controller, and I’m waiting 
to hear back from them.



I’m wondering if anyone else has seen similar issues?



More details:

· WLC is two 5508 in HA configuration

· WLC was running 8.5.161.0 and we upgraded to 8.5.161.7 to troubleshoot

· 250 APs are running in local mode (the issue does not happen when 
testing in Flexconnect mode with local switching)

· Default gateway is a Palo Alto firewall

· The MacOS client sends an ARP broadcast to find the gateway every 20 
minutes but the outage doesn’t happen every 20 minutes

· It seems like the issue appears during high utilization on the 
controller since I didn’t see any issues when testing over a campus break when 
many students were gone

· I’ve seen the issue on multiple SSID’s including a test SSID which 
only had my clients on it

· Client debug on the controller shows no issues

· This doesn’t seem to affect Windows machines



Thank you!



[cid:image001.png@01CE70F7.648A6EB0]

Jordan Cox

Network Admin II, Information Technology

P: 651-882-3995
jdc...@unwsp.edu  |   
www.unwsp.edu



Equipping Christ-centered learners and leaders

to invest in others and impact the world.





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 28 Aug 2020 to 29 Aug 2020 (#2020-156)

2020-08-31 Thread Glinsky, Eric

Ricardo, have you had to replace the batteries in those yet? Are they similar 
in lifecycle, type, and cost of replacement to those in a typical small UPS?

Eric Glinsky
Network Administrator
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Ricardo Stella 

Sent: Monday, August 31, 2020 6:21:31 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 
28 Aug 2020 to 29 Aug 2020 (#2020-156)


*Message sent from a system outside of UConn.*


A few years ago we had to "light up" a couple of parking lots. The light poles 
there are on timers, so there is no power during the day. Trenching was cost 
prohibitive as well.

We ended up setting up a mesh from a nearby building to send data to these two 
APs. And for power, we used continuous power bridges from Solis Energy. At 
night, the light circuit provides power (which is 240v) to the bridge, which in 
turns provides power to the access point while at the same time charging up a 
battery. Once power is disconnected, the battery kicks in and powers the AP 
during the day. Only issue we had when they were configured was they gave us 
802.11af injectors instead of 802.11at ones, which was required for the AP to 
work.

https://solisenergy.com/product/continuous-power-bridge/



On Mon, Aug 31, 2020 at 4:17 PM Brian Helman 
mailto:bhel...@salemstate.edu>> wrote:

I wasn’t planning on powering the AP’s from the poles.  I assumed the lights on 
the poles were locally switched though, so pre-switch should be possible.   
It’s something to verify though.  The problem with bollards is that combined 
with the light poles, it makes the area very busy with vertical poles.  It’s 
supposed to be an inviting area, not one that looks like a jail (or crib).



Thanks though.  All of these are being added to our “double check” list!



-Brian



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Manon Lessard
Sent: Monday, August 31, 2020 3:32 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 
28 Aug 2020 to 29 Aug 2020 (#2020-156)



CAUTION: This email originated from outside of Salem State University. Do not 
click links or open attachments unless you recognize the sender and know the 
content is safe.

Brian



In my experience (YMMV) light poles have photo cells which would prevent proper 
power from being fed to your APs during the day. In my case, it’s even worse, 
there is one “loop” that feeds the power to all poles on campus, so all poles 
light up at the same time, I cannot only power one up, say because I have an AP 
on it but not on the others. And we’re not even talking about convincing the 
power people to let you put something on “their” pole...



Hanging from roof is just a huge hassle, too high anyways and the cost in 
wiring in addition to the loss you would get even using LMR600 would be too 
much trouble IMO.



So either bollards or some kind of a pole or even a skinned building-side 
solution could be best. If you have bus stop enclosures that are heated/cooled, 
maybe they could help you cover the area?





Manon Lessard
Chargée de programmation et d’analyse

CCNP, CWNE #275, AWA 10, ESCE Design

Direction des technologies de l'information

Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)

G1V 0A6, Canada

418 656-2131, poste 412853
Télécopieur : 418 656-7305

manon.less...@dti.ulaval.ca
www.dti.ulaval.ca

Avis relatif à la confidentialité | Notice of 
Confidentiality





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Brian Helman 
mailto:bhel...@salemstate.edu>>
Reply-To: The EDUCAUSE

RE: Roku Interference

2020-08-21 Thread Glinsky, Eric

Hi Matt,

There was a bit of discussion on this list recently about various bugs with the 
newer 8.5/8.10 code under subject "Cisco 3800 AP code 8.10 wireless 
disconnections/drops" (see the archives from this month from Jeff Kushner and 
Tariq Adnan).

Upgrading to escalation build 8.5.161.6 helped a lot here. Not sure if that 
would help your Roku issue, but I haven't heard of any Roku issues here.

See this bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu61194

Eric Glinsky
Network Administrator
University of Connecticut
ITS - Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Manous, Matt
Sent: Friday, August 21, 2020 9:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roku Interference

*Message sent from a system outside of UConn.*

Hello,

Our residential students returned to campus this past weekend. Since then, we 
have had numerous reports of student devices unable to access the internet in 
their rooms after connecting to our SSIDs. The #1 reported device type is Roku. 
Rebooting the access point in an affected area usually allows non-Roku devices 
to gain internet access for a while.

Reading up on Roku inference via Google searches seems to indicate that they 
have several problematic features such as "Device Connect" and "Interference 
Mitigation" that cannot always be disabled depending on the type of Roku device 
and its software version.

Our residence halls all have Cisco 3802 access points. We were stuck on 
8.3.150.0 until recently but we got rid of the older access points that were 
holding us back over the summer. We upgraded to 8.5.161.0 around the beginning 
of last month and there were no reported issues from the few people living the 
residence halls. This is the only change we have made to the controllers since 
Spring semester.

We opened a case with TAC on Monday about this issue but they have not been 
very responsive. We had the case requeued yesterday and the new engineer is 
looking over some logs.

I know that devices like Rokus that broadcast their own SSID (hidden or 
otherwise) have always been a nuisance in the residential WiFi realm but we 
have never been hit this hard. Is CleanAir bugged in this version? Has anyone 
else experience this? What did you do to get it resolved?

Thanks,

Matt Manous
Systems Administrator
Information Technology Services
1 College Street | Young Harris, Georgia 30582
(706) 379-5033 | mman...@yhc.edu | 
yhc.edu
[cid:image001.png@01D3E0A4.D5A030E0]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] AP Management Network Size

2020-06-18 Thread Glinsky, Eric

We use a mix of /22s and /23s mostly, multinetted as needed.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Oliver, Jeff
Sent: Thursday, June 18, 2020 10:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AP Management Network Size

*Message sent from a system outside of UConn.*

Hi Jesse,

You will likely find as many opinions and implementations as there are people 
on the list. We went from all of our APs in one large broadcast domain, to a 
bunch of much smaller segments when we moved to routed that were sized on need. 
Now that we are moving into the world of SDA, we are again putting them all 
into 1 large IP subnet. In all cases we were/are using DHCP reservations so 
that we know the IP/hostname of an AP.

The answer to this lies in your network itself and your IPAM solution. Whatever 
makes sense so long as the AP can get to the controller.

--

Cheers,
Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Donald Ambrose mailto:dambr...@cmcc.ca>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, June 18, 2020 at 7:38 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] AP Management Network Size

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Please forward suspicious emails to 
phish...@uleth.ca.
Unsubscribe

___
Donald Ambrose – Network Administrator
Canadian Memorial Chiropractic College
6100 Leslie Street, Toronto, ON M2H 3J1
Phone: 416.482.2340 ext. 209
dambr...@cmcc.ca  
www.cmcc.ca

[75th email signature_Simplified+address]
https://www.cmcc.ca/events/CMCC75

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jesse Thomas
Sent: Wednesday, June 17, 2020 3:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AP Management Network Size

Hi Everyone,

We are preparing to replace our existing Cisco WiSM2 controllers with 9800s. 
Part of this upgrade will include redesigning our AP management 
network(s)—currently, we have about 500 APs spread across 3 different /24's.

As we move towards an in-room design in our residence halls and provide denser 
5GHz coverage throughout campus in the coming years, we expect the number of 
APs to grow by quite a bit.

I am interested in how others have sized your AP management networks? I have 
not found any concrete guidance from Cisco and various recommendations 
elsewhere range from /25 to /21. Larger ranges would of course be easier to 
manage, but at the same time we don't want to introduce issues related to 
broadcast traffic.

Thanks for any input that you can provide.

Regards,

--
Jesse Thomas
Network & Systems Administrator
Hamilton College
315-859-4211

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community
This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender’s prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply.

RE: Are You Ready for WiFi6E

2020-04-24 Thread Glinsky, Eric

I asked Cisco about what 6 GHz means for their APs and their response is:

"6Hz will require new hardware for both APs and clients.  We expect major chip 
makers to have their products ready by the end of 2020. By early 2021 we expect 
to see a few 6Hz capable consumer access points and high-end client devices 
like smartphones, tablets and laptops followed by enterprise-grade access 
points later in 2021."

If that's the case, I imagine we won't be deploying 6 GHz APs until at least 
the summer or fall of 2022 and maybe even longer before we can even start using 
6 GHz channels while client devices catch up.

As for power, we've been deploying UPOE for a few years, but most APs are 
hooked up to PoE+, so hopefully that's enough for full WiFi capabilities at 
least. Heck, we're still trying to get away from 100M/15.4W switches in 20 or 
so buildings. We don't have mGig anywhere yet, but I don't think we'll be 
seeing more than 1Gbps needed through an AP for a while. I'd be interested if 
anyone does.

I'm with you on the code problems, Lee. I believe no new product should be on 
our network until it's been receiving software updates for at least a year. We 
got burned by Cisco 2800s in 2016, but they're great APs now. Would we have 
been better off with another year's worth of 2700s in use today and avoiding 
the first year of 2800 issues? Technically probably not, but it's a matter of 
community perspective also.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Friday, April 24, 2020 10:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Are You Ready for WiFi6E

*Message sent from a system outside of UConn.*

Hi Hector,

More channels in and of itself is fantastic, even if we don't bond them up into 
huge wide ones. As for APs being hurried out, I'm more interested in how 
clients will roll out. I don't have a lot of faith in certain WLAN vendors 
getting 6 GHz right for a while, given track records to date of shotgunning 
alpha quality code onto the market. Also halfway expect the license-happy 
idiocy that's becoming pervasive to apply to new hardware and what you are 
"allowed" to do in 6 GHz, despite it being unlicensed by the FCC.

Lee Badman

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rios, Hector J 
mailto:hector.r...@austin.utexas.edu>>
Sent: Friday, April 24, 2020 10:15:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Are You Ready for WiFi6E

Now that the FCC has approved the 6GHz band, I wonder what others are doing in 
terms of planning. There is a lot to think about and unlike prior 
announcements, this one really is a game changer. Here are some thoughts:

*Vendors should be rushing to make APs and make them available possibly this 
year.
*The assumption is that the new radios will be tri radios. I'm sure vendors 
will get creative.
*More radios chains and more features (BLE, USB, Zigbee) mean more power needs.
*Faster more efficient technology means faster speeds required: 2.5G/5G.
*Will your existing infrastructure be capable to handle the new technology? 
Today, most likely not.
*If in the middle of a lifecycle, do you continue or do you wait?

For those that are super excited, here are some last things to think about:

Higher modulations require higher levels of SNR. Higher frequencies have 
shorter wavelengths and more trouble getting through objects. Bonding channels 
raises your noise floor and also requires higher receiver sensitivity. There 
are a ton of other things to consider. What say you?

Regards,

Hector Rios
The University of Texas at Austin



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**

RE: Deploying Cisco 9120's with existing APs

2019-12-12 Thread Glinsky, Eric

I’ve been told by two individuals from different VARs that it is not a good 
idea to mix generations of APs within an area due to RRM, but it’s OK to mix a 
2700/3700 or 2800/3800/1815.

From the 9120 deployment guide:


Mixing access points of different models and types

The Catalyst 9120 is a very advanced access point supporting Wi-Fi 6 features 
along with unique features such as dual 5 GHz and advanced RF detection using 
Cisco custom RF ASIC silicon.

For this reason, it is not recommended that you mix access point models, 
sometimes called “salt and pepper,” as it would diminish the performance of the 
Cisco DNA network, degrading many of our advanced features and perhaps 
introducing a suboptimal performance.

For this reason, if you have a mixture of AP types, it is recommended that you 
group like access points together (for example, AP-3800s on, say, one floor and 
Cisco Catalyst 9120s on another) and refrain from mixing them.

We’re currently working on a replacement plan to eliminate 1,800 3500s/2600s 
and hoping that 9120s will be in the picture for that, so looking forward to 
hearing feedback on them. Also hoping to get 9130s in our large auditorium 
before graduation.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Becker, Jason
Sent: Thursday, December 12, 2019 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Deploying Cisco 9120's with existing APs

Looking to deploy some of the new 9120’s and was wondering if anyone has 
deployed these with existing access points(3702’s, 3802’s, and 1815W’s)?  My 
biggest concern is having to move to new code, but I know we all need to 
upgrade at some point.  Any experience good or bad is appreciated.


--
Thanks,
Jason Becker
Network Engineer 3
4480 Clayton Ave, St. Louis, MO 63110
Mail stop 8218-45-1200
•: 314.935.5006 | Ë: 618.363.2900 |  
•:jbec...@wustl.edu




The materials in this message are private and may contain Protected Healthcare 
Information or other information of a sensitive nature. If you are not the 
intended recipient, be advised that any unauthorized use, disclosure, copying 
or the taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this email in error, please 
immediately notify the sender via telephone or return mail.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Theater wifi - to have or not to have

2019-10-23 Thread Glinsky, Eric

I agree with the all-or-nothing stance. Better to have nothing than to have 
mediocrity, which frustrates users as mentioned. If nothing, at least have a 
design and wiring ready. Then buy APs and switches/blades when ready to commit.

We’re just beginning to talk about upgrading wireless in the main performing 
arts theater, which now has good coverage but not density, at the request of 
its manager. Yes, people should be paying attention to the performance, but 
that’s not the only thing the space is used for, plus I’ve personally 
experienced decent WiFi speed during a performance, but then everyone tries to 
use WiFi during intermission and it becomes useless.

Someone mentioned working with the sound engineers in the theater. Absolutely! 
Over the summer, we were asked to disable WiFi in the theater entirely because 
it was causing popping sounds over the headset system. Sure enough, the 
documentation of their system (HME Clear-Com DX – I have a PDF on this if 
anyone’s interested) states that it uses “Spectrum Friendly Mode” (ha!) 
utilizing either the high end or the low end of the 2.4-2.8GHz band, basically 
leaving us only either channel 1 or 11 to use for coexistence. We turned off 
2.4 GHz in the whole building and their issues reportedly went away, but the 
theater manager has since told us to turn it back on and we haven’t heard about 
it since.
Eric Glinsky
Network Technician
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Schneider, Glenn
Sent: Wednesday, October 23, 2019 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have

I’ve been sitting on the sidelines in this discussion but wanted to mention 
something we are seeing for use in chapels, theaters and auditoriums. That is 
the use of personal cellular devices to assist hearing impaired guests in these 
venues. I believe the app is Listen Everywhere that has an appliance that ties 
into the sound system and the network to provide the service.

Are there others using these services?

Glenn Schneider
Director, Network Group
Technology Services
Samford University

205-726-2663 | office
gtsch...@samford.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Gray, Sean
Sent: Wednesday, October 23, 2019 9:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have

Put it in while you can. It’s going to be much easier to do it during the 
project than later on when someone complains.

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Bull, Mary
Sent: October 22, 2019 10:34 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Theater wifi - to have or not to have

Hello all,

I’m wondering if anyone here has dealt with a decision on wireless in the 
theaters, concert halls, or recital halls on their campus. We have a new arts 
complex coming on line in the next two years and there’s no clear direction 
from faculty on whether wireless for the audience is desirable. The previous 
main theater, and other currently used theaters on campus, did/do not have full 
connectivity for the audience (just a few aps tacked on the walls that were 
useless when the room was full). Facilities planning is favorable toward 
building it in, so I’d prefer that too, especially since it would be much 
harder or impossible to install if the faculty changes their mind in a few 
years once the building is complete. However, I’m not sure whether there is 
really an expectation from the audience that they should have wifi when they 
attend a show or concert.

Has anyone dealt with this on their campus? What influenced your choice?

Mary Bull
William and Mary
757-221-2491
mb...@wm.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at

Re: WLC interface groups?

2019-08-28 Thread Glinsky, Eric

Great information so far, everyone; thank you! Looking forward to hearing more.

I guess I should have said earlier that we use SVIs on the wireless core (a 
6500/Sup2T VSS pair) in the two VLANs. The SVIs have secondary interfaces for 
the various subnets.  Most are /24s, and a few odd /25s, /23s, and /22s, all 
public addresses. So, we don't need to have a series of interfaces in a group 
just for the sake of having multiple subnets, and it's pretty easy for us to 
re-subnet/re-balance if needed. The SVIs have DHCP helpers configured and DHCP 
requests go to Infoblox, where we have a shared network for each VLAN.

We strictly use RADIUS for authentication; no dynamic VLAN assignments by AD 
group.




Eric Glinsky
Network Technician
University of Connecticut
ITS – Network Operations
Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199
e...@uconn.edu<mailto:e...@uconn.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tariq Adnan 

Sent: Wednesday, August 28, 2019 6:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] WLC interface groups?


Hi Eric,



We use Interface groups and they work fine. We have 4 x 8540 WLC’s, 6k x APs 
and we see 36K concurrent devices during semester.



  *   Depending upon end user’s LDAP role (student or staff), radius server 
(Aruab CP server) returns a interface group to controller
  *   For students, the interface group contains 64 interfaces, each /21 
private subnets (10.x.x.x/21)
  *   For Staff, the interface group contains 32 interfaces, each /20 private 
subnets (10.x.x.x/20)
  *   The interface group failure mode is set to “non-aggressive” – this avoids 
interfaces getting dirty (frequently) and hence clients don’t jump from one 
interface to another and normally keeps same IP address (this avoids DHCP 
exhaustion).
  *   We have enabled DHCP proxy on the controller



-

Cheers,



Kind regards,

Tariq Adnan  |  Senior Network Engineer



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Glinsky, Eric
Sent: Thursday, 29 August 2019 5:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC interface groups?



This question is for large universities with WLCs that tunnel traffic through a 
controller. Do you use a single interface (VLAN) for, say, 30k clients, or do 
you use two or more interfaces in an interface group, and why? Do you use DHCP 
proxy? Is there any documentation or generally-accepted rules of thumb on this?



Historically, on all three Cisco 8540 pairs, we had a core interface and an 
interface for res halls, and depending on the AP’s location (6k APs) our 
branded SSID would map clients to one interface or the other.



All our wireless clients have public IPs, and we’ve faced issues running out. 
Throughout the day, we’d see the majority of clients move from the res hall 
network to the core network, and vice versa at night. At one point, we merged 
both the interfaces in an interface group to utilize all IPs at all times. 
However, the way it’s currently set up, there are more IPs available in the 
core interface than in the res hall interface.



We are considering these options on how to move forward with or without the 
interface group:



  1.  Consolidating down to one interface. More efficient use of IP space, 
clients wouldn’t change IPs as often. Could probably increase lease time to 1 
hour, but what about broadcast and ARP traffic for all 30k addresses in the 
VLAN at the router - understanding that client device broadcast traffic doesn’t 
leave the controller except DHCP (we do not use DHCP proxy in the controllers).
  2.  Staying with the group of two interfaces and balancing the IP space 
between them. Avoids wasted IPs, depending how intelligent the 8540s are at 
distributing clients between all interfaces in the group.
  3.  Splitting out to more interfaces. We’d cut down on broadcast traffic but 
we’d be liable to have one client taking up three or more addresses between all 
the interfaces for up to the 30-minute lease time we have, and a client would 
change IPs more throughout the day as it re-associates and gets put in a 
different interface.



Interestingly, a consultant we’re working with hasn’t seen a single customer 
besides us use interface groups.



Eric Glinsky
Network Technician

University of Connecticut
ITS – Network Operations

Temporary Administration Building
25 Gampel Service Drive | Storrs, CT 06269-1138
(860) 486-9199

e...@uconn.edu<mailto:e...@uconn.edu>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam01.safelinks.protection.outlook

WLC interface groups?