Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth?

2021-08-03 Thread Joseph Bernard 
We are currently running 2.7 but have 3.0 on a test box.  One of my coworkers 
had made some graphs for info ISE provides about latency, but we are still 
learning to read them to figure out what might be “normal”.

Thanks,
Joseph B.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Manon Lessard 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, August 3, 2021 at 11:26 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested 
before adding all wireless auth?

Joseph,


Which version of ISE?
Unlike ACS, ISE can use a whitelist to check only domains which you want it to 
look and such.
There are several dashboards on the AD side that will let you know the latency, 
and reports in ISE as well as to how long it takes to fetch a user.
And using Cacti or other monitoring tools you could also check your latency and 
graph it.


Manon Lessard
Chargée de programmation et d’analyse
CCNP, CWNE #275, AWA 10, ESCE Design
Direction des technologies de l'information
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada
418 656-2131, poste 412853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca>
www.dti.ulaval.ca<http://www.dti.ulaval.ca/>
Avis relatif à la confidentialité | Notice of 
Confidentiality<http://www.rec.ulaval.ca/lce/securite/confidentialite.htm>


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Joseph Bernard 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, August 3, 2021 at 10:49 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] can Active Directory backend for ISE be tested before 
adding all wireless auth?

So we are running ISE which is backended by Active Directory.  We have been 
adding sections of campus to wireless authentication of eduroam and things 
seemed fine with no issues that we could see.  When we finally added the last 
bit of our environment on Friday, this were going great but then Monday 
happened and all hell broke loose and authentication went in the toilet.  It 
seemed that ISE couldn’t get answers from AD fast enough and switched to our DR 
site which made things WAY worse and we had to move all our stuff back to our 
previous platform.  Since that incident, we have tweaked all the settings we 
can find from minimizing DNS lookups to hiding the DR site from ISE.  AD is 
kind of a black box, so there is only so much we see or find documentation for.

My question is, is there a way to test if our AD backend if strong enough to 
handle our campus of 20,000 wireless devices moving around during a class 
change without putting it in production first and crossing our fingers?


Thanks,
Joseph Bernard


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7CManon.lessard%40DTI.ULAVAL.CA%7C5f84c3120ceb4fafab9108d9568dd4e6%7C56778bd56a3f4bd3a26593163e4d5bfe%7C1%7C0%7C637635989425747945%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9tZs0aR1d4rmFjdjGgP%2FhRne63MlniKCtvgDh%2BP93vY%3D&reserved=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested before adding all wireless auth?

2021-08-03 Thread Joseph Bernard 
I’ve read all those many times, and unfortunately they are great at helping you 
to expand ISE but not what feeds it.  We have done several things, though, 
mentioned in those documents since our incent.

Thanks,
Joseph B.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Spurgeon, Charles E" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, August 3, 2021 at 11:41 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] can Active Directory backend for ISE be tested 
before adding all wireless auth?

I have no answer for dev testing of AD performance. However, I do have some 
links to Cisco info on ISE scaling and deployment that I saved for future ref. 
Here they are in case they may be of use:

  1.  “2019 How Cisco Deployed ISE”
https://www.ciscolive.com/global/on-demand-library.html?search=dgtl-brkcoc%20ise&search=dgtl-brkcoc+ise#/session/1573153539632001Je9Y
  2.  2018 – “Designing ISE for Scale and High Availability”
https://www.ciscolive.com/global/on-demand-library.html?search=dgtl-brkcoc%20ise&search=dgtl-brkcoc+ise#/session/1500302030233001WuLd
  3.  “ISE Peformance and Scale” community doc with current updates:
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

FWIW, I recall hearing somewhere (probably a CiscoLive Online preso) that the 
ISE-AD config on the Cisco enterprise network used multiple secondary AD 
servers behind a load balancer (IIRC) to avoid direct connections between ISE 
and primary AD servers since the primary servers could get busy or hung and 
freeze up ISE (so to speak). That’s second hand info from memory, so you would 
definitely want to verify that with Cisco.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Joseph Bernard
Sent: Tuesday, August 3, 2021 9:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] can Active Directory backend for ISE be tested before 
adding all wireless auth?

So we are running ISE which is backended by Active Directory.  We have been 
adding sections of campus to wireless authentication of eduroam and things 
seemed fine with no issues that we could see.  When we finally added the last 
bit of our environment on Friday, this were going great but then Monday 
happened and all hell broke loose and authentication went in the toilet.  It 
seemed that ISE couldn’t get answers from AD fast enough and switched to our DR 
site which made things WAY worse and we had to move all our stuff back to our 
previous platform.  Since that incident, we have tweaked all the settings we 
can find from minimizing DNS lookups to hiding the DR site from ISE.  AD is 
kind of a black box, so there is only so much we see or find documentation for.

My question is, is there a way to test if our AD backend if strong enough to 
handle our campus of 20,000 wireless devices moving around during a class 
change without putting it in production first and crossing our fingers?


Thanks,
Joseph Bernard


This message is from an external sender. Learn more about why this 
matters.<https://ut.service-now.com/sp?id=kb_article&number=KB0011401>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

can Active Directory backend for ISE be tested before adding all wireless auth?

2021-08-03 Thread Joseph Bernard 
So we are running ISE which is backended by Active Directory.  We have been 
adding sections of campus to wireless authentication of eduroam and things 
seemed fine with no issues that we could see.  When we finally added the last 
bit of our environment on Friday, this were going great but then Monday 
happened and all hell broke loose and authentication went in the toilet.  It 
seemed that ISE couldn’t get answers from AD fast enough and switched to our DR 
site which made things WAY worse and we had to move all our stuff back to our 
previous platform.  Since that incident, we have tweaked all the settings we 
can find from minimizing DNS lookups to hiding the DR site from ISE.  AD is 
kind of a black box, so there is only so much we see or find documentation for.

My question is, is there a way to test if our AD backend if strong enough to 
handle our campus of 20,000 wireless devices moving around during a class 
change without putting it in production first and crossing our fingers?


Thanks,
Joseph Bernard


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WiFi failures due to eduroam profiles

2019-09-20 Thread Joseph Bernard 
Is the profile problem exclusive to iOS?  Does the CAT tool have an uninstall 
eduroam feature?

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Aaron Abitia 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Friday, September 20, 2019 at 3:47 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] WiFi failures due to eduroam profiles


Hello all, Aaron from Cal Poly, San Luis Obispo here...



We just went all eduroam and turned off our primary branded dot1x SSID, which 
featured Aruba Clearpass EAP-TLS Onboarding of devices. Because Onboarding is 
now gone, my question is about the eduroam CAT tool…I believe reasons for using 
it would be to mitigate man-in-the-middle attacks, to get rid of the red “Not 
Verified” iOS message and to otherwise insulate the user from manually 
accepting our RADIUS certificate.



However, I’m wondering about usability once our users leave our campus.  We 
have seen users here from other universities who are unable to connect to 
eduroam, and we find that they are running a profile from their home 
university, though we’re not sure if its the eduroam CAT tool or another 
installer.  Once we remove their profile, they are able to get on eduroam.  I 
believe that if an organization is using a profile and that profile lists the 
RADIUS server(s) from that organization for the eduroam connection, the user 
may or may not be dead until that profile is removed, depending on what’s in 
the profile; if all that’s in the profile is the organization’s RADIUS servers, 
the user should still work here, but if there’s other elements in that profile, 
the user could fail, which we’ve seen, but I’m trying to identify what 
precisely in the profile could cause the failure to connect.  Would anyone have 
any insight into this?



We have many other eduroam users from other organizations that work fine here, 
presumably because no profile is being used and the user has just manually 
connected at home and here at our school. I would also be interested in hearing 
about the eduroam CAT tool from anyone using it, or other config tools used by 
anyone and the reasons for it, beyond what I’ve mentioned above.



Many thanks.

--
Aaron Abitia
Network Analyst
Enterprise Information Systems, Networks
Information Technology Services
Cal Poly State University
Tel: 805.756.1295

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

2019-09-13 Thread Joseph Bernard 
We try to steer eduroam capable devices off our guest network by blocking the 
ranges from authenticating to the main services portal.  If students are trying 
to do work, I hope they aren’t reduced to a PS4 web browser.

Thanks,
Joseph B.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Enfield, Chuck" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Friday, September 13, 2019 at 8:42 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

“We run eduroam and a completely open guest SSID. The open SSID has no captive 
portal, no click through terms of services, and no restrictions on Internet 
access for content or speed.”

I’m jealous Felix.  I made a strong push for this approach, but General Counsel 
stopped it.  FWIW, I think they got it right, but life would be easier and 
users would be happier your way.

Their rationale is that to get the protections afforded to ISP’s under DMCA we 
need to inform users that they’re not allowed to share copyrighted materials 
and that their connection will be blocked if they do.  For account holders we 
make them agree to these terms and more when they activate their account.  But 
if the network doesn’t require an account this notification seems to demand a 
captive portal.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Felix Windt
Sent: Friday, September 13, 2019 8:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

I’d pay a fair price for an easily administered solution that lets us roll out 
PPSK in the dorms and deploy broadcast/multicast domains scoped to specific 
users.

We run eduroam and a completely open guest SSID. The open SSID has no captive 
portal, no click through terms of services, and no restrictions on Internet 
access for content or speed. That SSID bridges through to VLANs in a DMZ, and 
its only real restriction is that it can only reach proper public IP addresses 
on campus, plus 2-3 applications on private IPs that are specifically 
permitted. That’s enforced on the firewalls between campus and the DMZ.
We do see quite a lot of students on that SSID permanently. As a huge amount of 
our student applications are either cloud hosted or available on the public 
Internet, that works just fine for them. We’d prefer them on eduroam, but user 
experience trumps our preferences. The only real problem are devices such as 
Sonos sound bars, Google appliances, and other devices that will only support 
PSKs for wireless. For those we don’t have a solution right now.

Once WPA3/OWE is out and widely supported I genuinely don’t know how much we’ll 
care about where devices are. At that point it seems not just more user 
friendly but easier for IT overall to just throw reasonable security in front 
of web apps that the student and faculty population need to access, and let 
them sit on the SSID that’s easier to get on to. Administrative machines under 
central control would probably be kept on properly authenticated networks, but 
those are easier to solve if you have reasonable mass device management options.

For what it’s worth, we use the eduroam CAT tool for onboarding.

thx,

Felix Windt
Dartmouth College

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Rumford, Charles" 
mailto:charl...@isc.upenn.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, September 12, 2019 at 2:26 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

I agree that complicated onboarding is the worst from the end user perspective 
and a pain to manage.

I started designing a PPSK/MPSK design to take over our primary 802.1x network. 
The biggest hurdle I ran into with it was the randomization of MAC addresses 
for device. I've been told Android 10 has it on by default,and I know that 
windows support also. I could only see issues from a support issue coming down 
the line. O need to spend some more research time with it.

--
Charles Rumford
IT Architect
ISC Tech Services
University of Pennsylvania
OpenPGP Key ID: 0xF3D8215A
(Sent from Mobile)

From: "Enfield, Chuck" mailto:cae...@psu.edu>>
Sent: Thursday, September 12, 2019 14:11
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

Seconded.

And for those who think that security is more important than the user 
experience in some cases, I wouldn’t argue, but I would point out that an 
improperly configured 1x device puts the user’s credentials at risk.  802.1x 
isn’t all upside from a se

Re: [WIRELESS-LAN] Chromecast on Residence Hall Network

2018-09-05 Thread Joseph Bernard 
We run Cisco and have said no support for Chromecast as well.

Thanks,
Joseph B.

On Sep 5, 2018, at 7:34 AM, Jackson, William 
mailto:wjack...@flagler.edu>> wrote:

We’re using Aruba and ended up telling students that we won’t support 
Chromecast. There was a lot of overhead traffic coming from the devices.


William M. Jackson Jr.
Director of Network and Desktop Support Services
Flagler College
74 King Street
St. Augustine, Fl. 32084
(904) 819-6293 Department Phone
(904) 819-6310 Office Phone
(904) 814-7877 Mobile Phone

www.flagler.edu

On Sep 4, 2018, at 10:04 PM, Adam Forsyth 
mailto:forsy...@luther.edu>> wrote:

Does anyone have a good solution for managing student Chromecasts on their 
residence hall network?  The problem that we're running into is that I think 
there is some limit to the number of chromecasts that will appear on the list 
when you try to select a device to cast to.  The result is that some students 
can see their chromecast, but other people can just see a bunch of other 
chromecasts but theirs is not on the list.

We are transitioning from an HP MSM wireless network to an Aruba wireless 
network. This problem is getting worse over time as we move to more Aruba AP's 
because the MSM's were configured with a separate wireless subnet for each 
building.  That limited the number of chromecasts on each network and increased 
a user's chance of seeing theirs.  As we move to Aruba, all of traffic is 
tunneled back to the controller and all of the users are on a single subnet.  
An elegant solution is to us ClearPass as the NAC for the network and then let 
users set up their own Air Groups then their devices see each other and no one 
else's.  This also solves the problem that there is nothing preventing one user 
from streaming to another user's chromecast.  We use Bradford Networks Network 
Sentry as our NAC, however, and switching to a different NAC isn't in the cards 
as a near term solution anyway.  Network sentry doesn't provide any way to 
manage air groups.

When we first set up our Aruba controller the chromecast traffic was blocked by 
default, and I worked with support to get an Air group set up tohave that 
traffic sent everywhere.  I was wishing for some way to make an air group per 
building or per some group of AP's that we'd create.  That would mimic the 
imperfect but better solution that we've had with our MSM AP's.  Support 
couldn't seem to come up with that sort of a solution for me.  I'm not sure if 
that's not possible, or if I simply should have kept escalating the ticket 
until I found someone that could help make that configuration.

I'm wondering if any other Aruba users out there have found a solution to this 
issue that doesn't involve also being Clear Pass customers.

--
Adam Forsyth
Director of Network and Systems
Luther College Information Technology Services
700 College Drive
Decorah, IA 52101
563-387-1402
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





This email contains CONFIDENTIAL information intended only for the use of the 
addressee(s) named above. If you are not the intended recipient of this email, 
you are hereby notified that any dissemination or copying of this email is 
strictly prohibited. If you have received this email in error, please notify us 
by reply email and delete this email from your records. Furthermore, the 
contents of this email do not necessarily represent official policy of Flagler 
College.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 802.11R

2018-08-28 Thread Joseph Bernard 
Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today’s class changes.  While this isn’t answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is “config radius ext-source-ports enable”.

On 8540’s, you should see this if it’s on:

(Cisco Controller) >show radius queue

Max Radius Queues Per Server. 16
…[snip]…


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Phillips, Rick" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, August 28, 2018 at 3:11 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] 802.11R

We recently promoted eduroam to the primary network at the University of 
Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) 
and Cisco ISE for portals, authentication and authorization. We were seeing the 
ISE authentication service jump up in latency and we would get calls that users 
could not connect to eduroam. We have determined that our size and number of 
authentications, particularly at each class change event, are such that we 
should be using hardware load balancing. We are in process of setting that up 
but each class transition results in a short period where authentication 
latency can get to be a problem and users have a less than desirable 
experience. During the time we are building this out our engineers are wanting 
to enable 802.11R (Fast Transition) on our controllers. We currently do not 
support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and 
we have heard other have issues with this code release. While we are not 
experiencing the same results or hitting the same bugs, I am concerned that 
turning on this feature might have ramifications related to the code release we 
are running.

My question to the group is who has used 802.11R and would you be willing to 
shoot me a private message with configuration and/or your results?

Thanks in advance,

Rick

Rick Phillips
Executive Director, Networking & Infrastructure
Information Technology Services
University of Kentucky
301 Rose St. Hardymon Building Rm 102
Lexington, KY 40506-0496
(859) 257-4106 (Office)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wireless Only in Student Housing?

2018-08-24 Thread Joseph Bernard 
We just opened a building with a wallplate AP in every room.  Any wired 
connections needed are plugged into the jacks on the bottom of the wallplate.  
Things seem okay so far but we haven’t made it to our worst day which is the 
first Tuesday of semester which causes the most stress on our wireless.

Thanks,
Joseph B.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Daniel Wurst 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, August 24, 2018 at 2:12 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Wireless Only in Student Housing?

Hi All,

We are looking into building a new student housing building and are considering 
going Wifi only for network connectivity. We were wondering if anyone else has 
gone the route of only allowing network connectivity via wireless. If so, can 
you share your experience, lessons learned, and advice.

Thank you,

Dan
--
Daniel Wurst
Network Engineer
Denison University
wur...@denison.edu
740-587-6229

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam ssid on RTS

2018-08-16 Thread Joseph Bernard 
While we haven’t done this exactly, he have hooked up a WAP to a cradlepoint 
and allowed it to connect back to the campus controller.  I don’t know how well 
it would do losing connection all the time though.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Watson,Nancy A" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Thursday, August 16, 2018 at 8:37 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] eduroam ssid on RTS


​I am involved in a joint project with RTS to run eduroam on  the city buses 
that pass through our campus to service the students.  We are currently a Cisco 
Shop and I was curious if anyone has done anything like this with Cisco or any 
other vendor.


Thanks,
Nancy

 Nancy Watson
 Engineer, Network Services - UFIT
 nwat...@ufl.edu, (352) 273-1057
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Issues with Windows 10

2018-07-31 Thread Joseph Bernard 
We didn't know that the mechanism to validate a certificate wasn't really that 
strict and thought it was a good idea.  If we had to do it over, it would 
totally be a self signed cert with a long expiration date.  Also we had never 
dealt with intermediates and changing roots due to expiration for the first 
several years.

Thanks,
Joseph B.

Sent from my iPhone

> On Jul 31, 2018, at 6:30 PM, Cappalli, Tim (Aruba Security)  
> wrote:
> 
> Just curious, for those running a supplicant configuration utility, why are 
> you using a public CA-signed EAP server certificate?
> 
> 
> On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group 
> Listserv on behalf of Charles Rumford"  behalf of charl...@isc.upenn.edu> wrote:
> 
>>On 07/31/2018 04:18 PM, Michael Dickson wrote:
>> Hi Charles,
>> 
>> 
>> What do you mean by "we ended up configuring all of the intermediate certs"? 
>> Do
>> you mean you are now pushing all certs down to the client during the JoinNow
>> process?
> 
>Yes. We ended up, just for Windows, pushing all of certs down to the 
> clients. It
>was the only way we could get the profile to work.
> 
>> 
>> 
>> We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double
>> intermediate cert. I haven't heard of any issues yet but want to get in 
>> front of
>> any that might crop up..
>> 
>> 
>> Thanks,
>> Mike
>> 
>> Michael Dickson
>> Network Engineer
>> Information Technology
>> University of Massachusetts Amherst
>> 413-545-9639
>> michael.dick...@umass.edu
>> PGP: 0x16777D39
>> 
>> 
>> 
>> 
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
>>  on behalf of Charles Rumford
>> 
>> *Sent:* Tuesday, July 31, 2018 12:24 PM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10
>> 
>>> On 07/30/2018 01:09 PM, Turner, Ryan H wrote:
>>> From SecureW2:
>>> 
>>> The issue is noticed when the RADIUS server cert is signed by AddTrust 
>>> External CA Root (Cross signed by USERTrust RSA Certification Authority) 
>>> and with the recent windows 10 update. We are looking into this and should 
>>> be able to provide you an update.
>>> 
>> 
>> We ended up configuring all of the intermediate certs, and it solved the 
>> problem.
>> 
>> 
>> -- 
>> Charles Rumford
>> Senior Network Engineer
>> ISC Tech Services
>> University of Pennsylvania
>> OpenPGP Key ID: 0x173F5F3A (2018/07/05)
>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group
>> discussion list can be found at http://www.educause.edu/discuss.
>> 
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/discuss.
>> 
> 
> 
>-- 
>Charles Rumford
>Senior Network Engineer
>ISC Tech Services
>University of Pennsylvania
>OpenPGP Key ID: 0x173F5F3A (2018/07/05)
> 
>**
>Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/discuss.
> 
> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/discuss.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Fwd: Your eduroam semi-annual report

2018-07-05 Thread Joseph Bernard 
Did you create this report or did eduroam send it to you?

Thanks,
Joseph B.


On Jul 5, 2018, at 9:06 PM, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

All:

We have run eduroam as our primary SSID for several years.  For those 
institutions that do not, but wonder what it might look like for those that do, 
I’ve included our semi annual report.

Ryan Turner
Senior Manager of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

Begin forwarded message:

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] wireless bridge for eduroam?

2018-06-29 Thread Joseph Bernard 
I actually have 2 of those sitting around from an old project.  I didn’t even 
think about trying them.  Thanks!

~Joseph B.


On 6/29/18, 10:18 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Cole, Kade"  wrote:

We have had success with the Ubiquiti NanoStation loco M5 connecting to 
eduroam. Make sure to use the latest firmware. 

Kade P. Cole - kc...@siue.edu - (618) 650-3377
Southern Illinois University Edwardsville - ITS
Network and Infrastructure - Network Engineer IV

> On Jun 29, 2018, at 9:12 AM, Joseph Bernard  wrote:
> 
> I haven’t looked in a few years, but is there a wireless ethernet bridge 
that support 802.1x/PEAP for something like eduroam?  There are times where we 
really don’t want people using wireless but installing cable takes time, so a 
temporary option would be nice.  This would NOT be a temporary become permanent 
thing, so it can be as ugly as possible.
>  
> Thanks,
> Joseph Bernard
>  



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

wireless bridge for eduroam?

2018-06-29 Thread Joseph Bernard 
I haven’t looked in a few years, but is there a wireless ethernet bridge that 
support 802.1x/PEAP for something like eduroam?  There are times where we 
really don’t want people using wireless but installing cable takes time, so a 
temporary option would be nice.  This would NOT be a temporary become permanent 
thing, so it can be as ugly as possible.

Thanks,
Joseph Bernard


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Apple TV alternative?

2018-06-20 Thread Joseph Bernard 
We do have a WebEx site license, and I think we've tried what you are 
suggesting with less than stellar results when using video.  That might be 
nature of WebEx though.

Thanks,
Joseph B.


On 6/20/18, 2:18 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Toeniskoetter, Richard J"  wrote:

Joseph,

This doesn't specifically address your question, but may be a useful 
alternative.  If your school has a Zoom site license, this can be used as a 
simple way to bypass all of the compatibility issues with hardware solutions.  
We have been going this route and it seems to be working well, simply assigning 
each faculty member their own Zoom account.  We also set their Zoom account ID 
as their phone number so it is easy to remember.

Richard Toeniskoetter
Chief Information Officer
University of Southern Indiana
8600 University Boulevard
Evansville, IN 47712
812-464-1733 (office)
812-465-1080 (IT Help Desk) 
richard.toeniskoet...@usi.edu | www.usi.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Joseph Bernard
Sent: Wednesday, June 20, 2018 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Apple TV alternative?

*** This message was sent from a non-USI address. Please exercise caution 
when responding, clicking on links or opening attachments. ***

Does anyone have success with a device that is $200 or less that works with 
Apple devices to share video and works with an enterprise wifi network 
(802.1x/PEAP)?
    
    Thanks,
Joseph Bernard

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7CRichard.Toeniskoetter%40USI.EDU%7C4e13f94637254066a50e08d5d6b9e68b%7Cae1d882c786b492c90953d81d0a2f615%7C0%7C1%7C636651016305193459&sdata=jy8iWK2WtpmE%2BRGW1dBMv5WbvMWeU4KQuFqOJOfiuNo%3D&reserved=0.

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/discuss.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Apple TV alternative?

2018-06-20 Thread Joseph Bernard 
We started providing a PSK connection for residents for their IoT devices and 
faculty in buildings close enough are starting to use it to get around using 
the more secure network.  I feel a big mess coming.

Thanks,
Joseph B.

On Jun 20, 2018, at 12:02 PM, Ken Meggitt 
mailto:krmegg...@alaska.edu>> wrote:


I struggled with a group that continued to purchase chrome cast and apple TV's. 
 They would request these devices be placed on a network with no authentication 
mechanism.  We provide Eduroam and WPA2-Enterprise as authentication solutions. 
 To push this group into an authenticated solution I did some digging around I 
found a method by which you could attach an Eduroam cert to an Apple TV but it 
required downloading and installing a development package from apple.  The 
other option was an Ethernet adapter for their Chrome Cast fleet.  But it 
raised the overall price of the device by $25 a piece.  The cheap price of the 
Chrome Cast devices is what is keeping them from exploring a more secure 
connection method.  Which leaves my group managing a hidden unencrypted SSID.

On 6/20/2018 7:39 AM, Joel Coehoorn wrote:
We really like AirServer here. It's cheap, and it supports AirPlay, Miracast 
(Windows), and Chromecast (ChromeOS/Android) in one package. It's gotten a lot 
better over the years at the video hand-off/YouTube issues, though I do still 
see some occasional sync issues between the audio portion of video content and 
recommend if showing a video is the main thing you want to do, just use the PC 
in the room.

The real downside to AirServer is the you need hardware to run it on. If you 
have a computer already in the room, you're done, and the cost per room is only 
about $10. If you don't already have hardware, you need a computer to pair with 
it. They sell a tiny pre-built unit for $400. The system requirement are very 
small, so you could build one yourself for the $200 price point if you're 
willing to shop around. There's also an XBox One version, which does meet your 
price point if you're willing to go that route.

And, of course, with *all* AirPlay/Chromecast solutions you need to consider 
the network discovery questions. But that shouldn't be news to anyone here.


[https://docs.google.com/a/york.edu/uc?id=0B6EvlGH2mMjUVWozX2lScmplOFU]


Joel Coehoorn

​ ​

Director of Information Technology
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>



Please contact helpd...@york.edu<mailto:helpd...@york.edu> for technical 
assistance.

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society


On Wed, Jun 20, 2018 at 10:10 AM Heffner, Jason 
mailto:jdh...@psu.edu>> wrote:
Hi Joseph,

We had developed the Mirror App at Penn State that worked with AppleTVs, 
however, over the last two years we switched exclusively to Mersive Solstice. 
The $1K price per box was worth it to us for the development time put in to 
keeping their solution working on all clients. We wire them into ethernet and 
disable the wireless adapters. This allows us to use our own 802.1x wireless 
ssid and connect to them over our enterprise network.

There were other solutions.. AirTame doesn’t do iOS mirroring yet, etc .. 
Mersive is the most complete.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Curtis K. Larsen" 
mailto:curtis.k.lar...@utah.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, June 20, 2018 at 10:51 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Apple TV alternative?

Most Apple TVs purchased in the last few years can use bluetooth for discovery 
instead of the network, but failing that Airtame is a decent option.  
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fairtame.com&data=02%7C01%7Cjdh132%40psu.edu%7C41d62ddf93034933388808d5d6bd3e5f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636651030667204159&sdata=1rkFpMuanOUappNc%2FdXH2g4i1QQJcYbr3fD1waDn%2BE8%3D&reserved=0

Thanks,

--
Curtis K. Larsen
Senior Network Engineer
University of Utah IT/CIS
Office 801-587-1313



________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Joseph Bernard mailto:j...@clemson.edu>>
Sent: Wednesday, June 20, 2018 8:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Apple TV alternative?

Does anyone have success with a device that is $200 or less that works with 
Apple devices to share video and works with an enter

Re: [WIRELESS-LAN] Apple TV alternative?

2018-06-20 Thread Joseph Bernard 
We use Solstice and Crestron AirMedia in most places, but people in one off 
locations scoff at the $1000 price.  Ditto sounds like an idea worth trying for 
the customers who already bought Apple TVs thinking they would work like at 
home.

Thanks,
Joseph B.


On Jun 20, 2018, at 11:10 AM, Heffner, Jason 
mailto:jdh...@psu.edu>> wrote:

Hi Joseph,

We had developed the Mirror App at Penn State that worked with AppleTVs, 
however, over the last two years we switched exclusively to Mersive Solstice. 
The $1K price per box was worth it to us for the development time put in to 
keeping their solution working on all clients. We wire them into ethernet and 
disable the wireless adapters. This allows us to use our own 802.1x wireless 
ssid and connect to them over our enterprise network.

There were other solutions.. AirTame doesn’t do iOS mirroring yet, etc .. 
Mersive is the most complete.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Curtis K. Larsen" 
mailto:curtis.k.lar...@utah.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, June 20, 2018 at 10:51 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Apple TV alternative?

Most Apple TVs purchased in the last few years can use bluetooth for discovery 
instead of the network, but failing that Airtame is a decent option.  
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fairtame.com&data=02%7C01%7Cjdh132%40psu.edu%7C41d62ddf93034933388808d5d6bd3e5f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636651030667204159&sdata=1rkFpMuanOUappNc%2FdXH2g4i1QQJcYbr3fD1waDn%2BE8%3D&reserved=0

Thanks,

--
Curtis K. Larsen
Senior Network Engineer
University of Utah IT/CIS
Office 801-587-1313




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Joseph Bernard mailto:j...@clemson.edu>>
Sent: Wednesday, June 20, 2018 8:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Apple TV alternative?

Does anyone have success with a device that is $200 or less that works with 
Apple devices to share video and works with an enterprise wifi network 
(802.1x/PEAP)?

Thanks,
Joseph Bernard

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Cjdh132%40psu.edu%7C41d62ddf93034933388808d5d6bd3e5f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636651030667204159&sdata=KpRnnxxtIuhfpHHuxpYqGjR%2FqgLl5ijtb7m0DjRrY7g%3D&reserved=0.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Cjdh132%40psu.edu%7C41d62ddf93034933388808d5d6bd3e5f%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636651030667204159&sdata=KpRnnxxtIuhfpHHuxpYqGjR%2FqgLl5ijtb7m0DjRrY7g%3D&reserved=0.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Apple TV alternative?

2018-06-20 Thread Joseph Bernard 
Does anyone have success with a device that is $200 or less that works with 
Apple devices to share video and works with an enterprise wifi network 
(802.1x/PEAP)?

Thanks,
Joseph Bernard

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] TimeCLock Plus Wireless Clocks

2018-06-19 Thread Joseph Bernard 
Have you tried a short USB extension cord to see if it might be a blocked 
signal problem?

Thanks,
Joseph B.

Sent from my iPhone

On Jun 19, 2018, at 2:07 PM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

Hello to the group.

Are any of you using wireless time clocks from this company 
https://www.timeclockplus.com/time_collection.aspx?

If so, are you seeing any problems? They don’t support 802.1X (go figure) and 
so end up with MAB on the guest network. All have IP addresses and an 
unfettered path to their cloud server. Sometimes these units simply stop 
communicating with the cloud server. Sometimes a reboot helps. Sometimes it 
doesn’t. We had a recent case where after scheduled network maintenance, only 
11 out of almost 40 clocks will reach out to the cloud service even though all 
are good wireless clients.

Configure a test laptop on the same network (they are all on the same network) 
and you will have no problem pinging that cloud server. They are erratic at 
best, and no other clients on this network seem to have any issues whatsoever.

Just wondering if we are somehow unique or if these things are as wonky as they 
seem so far. They have a cheapo Star-Tech adapter plugged into a USB slot deep 
in the unit, FWIW.

Thanks-

Lee Badman

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wireless USB adapters

2018-03-30 Thread Joseph Bernard 
Do the freezers have USB ports and support for enterprise wifi settings?  That 
would be some crazy freezer.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Yahya M. Jaber" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Friday, March 30, 2018 at 7:37 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Wireless USB adapters

Hi All,

Anyone has experience in an enterprise USB WiFi adapters? In terms of support, 
robustness, compliance...

I am looking for something to connect couple of freezers wirelessly.

Thanks.

Yahya Jaber.
Sr. Wireless Engineer
IT Network & Communications – Engineering
Building 14, Level 3, Rm 308-WS07
KAUST 23955-6900 Thuwal, KSA

Email yahya.ja...@kaust.edu.sa
Office +966 (0) 12 8081237
Mobile +966 (0) 558697555
On Call Rotation Mobile: +966 54 470 1177



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Measuring RADIUS Performance

2018-03-15 Thread Joseph Bernard 
I don't think we measure speed but have looked at the RADIUS wait queue on our 
Cisco wireless controllers.  There are only 256 slots available to process, so 
we have 6 FreeRADIUS servers load balanced by an F5 to trying to complete as 
many transactions as fast as possible.  Bad authentications can really slow 
things down.  Our peak times are at class changes when hundreds or thousands(?) 
of wireless devices start changing location.  We can max out 4 servers at those 
points.

Thanks,
Joseph B.

Sent from my iPhone

On Mar 15, 2018, at 11:44 AM, Adam Forsyth 
mailto:forsy...@luther.edu>> wrote:

How do you measure the performance of your RADIUS Serve? How fast is fast 
enough? How slow is unacceptable?

We have Aruba Airwave, and its Clarity module provides me a way to measure the 
amount of time that RADIUS Authentication takes.  For our RADIUS MAC SSID's it 
says it takes 63ms, and for our 802.1x SSID it says 2392ms.  The settings 
Airwave comes with by default are that <500ms is marked green meaning good, 500 
-- 1000ms is marked yellow meaning warning and >1000ms is marked read meaning 
poor.

Of course faster is always better, but I wondered if others have opinions on 
whether Airwave's  ranges are reasonable, or whether they have unrealisticly 
expectations.  If they're reasonable, then I probably need to figure out how to 
speed up our 802.1x RADIUS performance.

--
Adam Forsyth
Director of Network and Systems
Luther College Information Technology Services
700 College Drive
Decorah, IA 52101
563-387-1402
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester

2018-02-20 Thread Joseph Bernard 
While the results aren’t perfect, we use:

https://github.com/adolfintel/speedtest

You can see our setup here:

http://net-test.clemson.edu/


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Fishel Erps 
<0030ecf871d2-dmarc-requ...@listserv.educause.edu>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, February 20, 2018 at 12:56 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester

Hello everyone.

I’m curious to find out what other universities are doing to test throughput, 
internally, to proof their networks.  I’m looking for something that functions 
like Ookla’s 
Speedtest.net
 (browser-based, no required clients) , but that runs internally (I have 
already contacted them directly, and been told that they only provide products 
that are alive on the public net).

As we all know, % of utilization and available throughput are not 
one-in-the-same, and I need a way to address and diagnose legitimate 
performance complaints, live.

__
__


Fishel Erps,
Sr. Network & Infrastructure Engineer
School of Visual Arts

136 W 21st St., 8th Floor

New York, NY, 10011

LL: 212-592-2416
F:  646-845-6150
E:  fe...@sva.edu
___

Please excuse any typographical
errors as this e-mail has been sent
from my mobile device
___


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] point-to-point wireless backhauls

2018-02-20 Thread Joseph Bernard 
Don’t consider anything that uses 2.4GHz on the backhaul.  We have lost all of 
our 2.4GHz links in various places due to the rest of the world jumping on the 
channel during a power blip.  Ubiquiti stuff is cheap and works.

Thanks,
Joseph B.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Brian Helman 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, February 20, 2018 at 12:04 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] point-to-point wireless backhauls

This has come up a few times, but I wanted to ask introduce a deviation from 
the larger (trunk) discussion – what are people recommending for small 
backhauls over wireless (e.g to support a 1-2 devices, such as CCTV) for 
example at a ball field?  If you are offering WiFi services to people attending 
events, do you need to reconcile the introduction of a point-to-point backhaul 
into your site planning?

Have any of you used the NanoBeamAC units?

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | •: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support Dropped?

2018-02-08 Thread Joseph Bernard 
Unfortunately, I have no idea how to install the CA certificate.  I’m not much 
of an Android user.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Ian McDonald 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Wednesday, February 7, 2018 at 11:29 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support Dropped?

Hi Joseph,

Can you install your CA certificate, and actually get the device to verify it?

Best Regards,

--
ian
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joseph Bernard
Sent: 07 February 2018 16:27
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: {Disarmed} Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support 
Dropped?

We use PEAP.

Thanks,
Joseph B.

Sent from my iPhone

On Feb 7, 2018, at 11:23 AM, Michael Dickson 
mailto:mdick...@nic.umass.edu>> wrote:
Joseph B.

Which EAP type did you use to Connecticut?

Mike

On Feb 7, 2018, at 10:52 AM, Joseph Bernard 
mailto:j...@clemson.edu>> wrote:
I have the latest 10" Fire tablet on our eduroam which uses 802.1x

Thanks,
Joseph B.

Sent from my iPhone

On Feb 7, 2018, at 10:49 AM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:
Good Morning,

I was curious if anyone had any of the newer Amazon Fire tablets and could 
confirm something for me? Our support center contacted me in regards to an 
issue with connecting to our secure network (they were only able to see our 
“open network”) which matches with our some newer devices will not even display 
networks that they are unable to connect to – such as WPA2 Enterprise. I had 
suggested that they attempt to manually create the profile and was disappointed 
when they confirmed that “802.1x” was no longer an option on the list of 
security types.

That’s unfortunate that their earlier generations had support, and it appears 
to have been removed. It’s been a few years since I’ve seen one, so no idea 
which generation this occurred (Fire 7 is their 7th generation). I just know 
the 1st and 2nd generation could connect since I got to be the one to figure it 
out all those years ago.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_ISUITHelp_&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=1s1c77uxKgejqrnd6yAiVDHgJG53s8AN1AkEOzZPA1Q&e=>
 and 
Twitter<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_ISUITHelp&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=iUDOFyzy3mhZ0DwwFDqODP13-NvqP2oVcEc0X7n4_j4&e=>


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at MailScanner has detected a 
possible fraud attempt from "urldefense.proofpoint.com" claiming to be 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=JCYb2liPh8M_YKIjwN48vuVHHR6_B0BFpPZMFK9_ctE&e=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at MailScanner has detected a 
possible fraud attempt from "urldefense.proofpoint.com" claiming to be 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=7ckVhQEhsGTyV56vlbwbfoK-Lb1guHOgLbCuD--8Ka8&s=-FN-uKDFdo8BcLsdlzRTrJFOwItg4gVR3yLj7JvPLMk&e=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at MailScanner has detected a 
possible fraud attempt from "urldefense.proofpoint.com" claiming to be 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=7ckVhQEhsGTyV56vlbwbfoK-Lb1guHOgLbCuD--8Ka8&s=-FN-uKDFdo8BcLsdlzRTrJFOwItg4gVR3yLj7JvPLMk&e=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=Ngd-ta5yRYsqeUsEDgxhcq

Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support Dropped?

2018-02-07 Thread Joseph Bernard 
We use PEAP.

Thanks,
Joseph B.

Sent from my iPhone

On Feb 7, 2018, at 11:23 AM, Michael Dickson 
mailto:mdick...@nic.umass.edu>> wrote:

Joseph B.

Which EAP type did you use to Connecticut?

Mike

On Feb 7, 2018, at 10:52 AM, Joseph Bernard 
mailto:j...@clemson.edu>> wrote:

I have the latest 10" Fire tablet on our eduroam which uses 802.1x

Thanks,
Joseph B.

Sent from my iPhone

On Feb 7, 2018, at 10:49 AM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

Good Morning,

I was curious if anyone had any of the newer Amazon Fire tablets and could 
confirm something for me? Our support center contacted me in regards to an 
issue with connecting to our secure network (they were only able to see our 
“open network”) which matches with our some newer devices will not even display 
networks that they are unable to connect to – such as WPA2 Enterprise. I had 
suggested that they attempt to manually create the profile and was disappointed 
when they confirmed that “802.1x” was no longer an option on the list of 
security types.

That’s unfortunate that their earlier generations had support, and it appears 
to have been removed. It’s been a few years since I’ve seen one, so no idea 
which generation this occurred (Fire 7 is their 7th generation). I just know 
the 1st and 2nd generation could connect since I got to be the one to figure it 
out all those years ago.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_ISUITHelp_&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=1s1c77uxKgejqrnd6yAiVDHgJG53s8AN1AkEOzZPA1Q&e=>
 and 
Twitter<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_ISUITHelp&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=iUDOFyzy3mhZ0DwwFDqODP13-NvqP2oVcEc0X7n4_j4&e=>


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFAg&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=auAX418d0Ia0Z-FmsPZXO5CQL2JAtDTyqoC0aMbbwZ0&s=JCYb2liPh8M_YKIjwN48vuVHHR6_B0BFpPZMFK9_ctE&e=>.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=7ckVhQEhsGTyV56vlbwbfoK-Lb1guHOgLbCuD--8Ka8&s=-FN-uKDFdo8BcLsdlzRTrJFOwItg4gVR3yLj7JvPLMk&e=>.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=7ckVhQEhsGTyV56vlbwbfoK-Lb1guHOgLbCuD--8Ka8&s=-FN-uKDFdo8BcLsdlzRTrJFOwItg4gVR3yLj7JvPLMk&e=>.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Amazon Fire Tablet Line - 802.1x Support Dropped?

2018-02-07 Thread Joseph Bernard 
I have the latest 10" Fire tablet on our eduroam which uses 802.1x

Thanks,
Joseph B.

Sent from my iPhone

On Feb 7, 2018, at 10:49 AM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

Good Morning,

I was curious if anyone had any of the newer Amazon Fire tablets and could 
confirm something for me? Our support center contacted me in regards to an 
issue with connecting to our secure network (they were only able to see our 
“open network”) which matches with our some newer devices will not even display 
networks that they are unable to connect to – such as WPA2 Enterprise. I had 
suggested that they attempt to manually create the profile and was disappointed 
when they confirmed that “802.1x” was no longer an option on the list of 
security types.

That’s unfortunate that their earlier generations had support, and it appears 
to have been removed. It’s been a few years since I’ve seen one, so no idea 
which generation this occurred (Fire 7 is their 7th generation). I just know 
the 1st and 2nd generation could connect since I got to be the one to figure it 
out all those years ago.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook
 and 
Twitter


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Another Cisco WLC Code Thread

2017-12-20 Thread Joseph Bernard 
I'm told that one of the pair will spontaneously lose the ability to tag 
traffic.

Thanks,
Joseph B.

Sent from my iPhone

On Dec 19, 2017, at 8:44 PM, Alan D Wang 
mailto:aw...@binghamton.edu>> wrote:

What problems have you been seeing with HA and was this in 8.3 and/or 8.5?

On Tue, Dec 19, 2017 at 7:34 PM, Joseph Bernard 
mailto:j...@clemson.edu>> wrote:
To expand, we instantly had issues with 8.5.105.0.  We haven't tried 8.5.110.0 
yet, but I'm sure our wireless team is looking for anything better.  They have 
little hope of ever getting HA working.

Thanks,
Joseph B.

Sent from my iPhone

On Dec 19, 2017, at 3:48 PM, Joseph Bernard 
mailto:j...@clemson.edu>> wrote:

Don’t move off 8.4.100.0 if you can help it.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Britton Anderson 
mailto:blanders...@alaska.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, December 19, 2017 at 3:43 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Another Cisco WLC Code Thread

Happy Holidays,

Like many others I'm sure, I've been studying all of the email threads from 
this list to see if anyone has settled on any of the current code releases on 
their controllers. With all of the bugs disabling several AP models, we have 
been holding off our code upgrade and wireless migration.

I have a plan to move about half of our wireless APs off of a pair of WiSM2s to 
our new 8540's next week. We've had the 8540's up since the summer running on 
8.4.100.0 seemingly without many issues. It's been pretty stable but there has 
only been about 80 APs on it for our Fall semester. That code release is now 
deferred and we've looked at going up to 8.5.110.0 which released just a few 
days ago. Release notes list the open caveats, and there are several that still 
impact the 3500/3600/3700 lines pretty hard. 8.6.101.0 released a day after, 
and its even more grim.

Has anyone found anything stable? We have a pretty wide deployment of APs, but 
most of them are 3500/3600/3700s with a fleet of 702W/1810W in residences. We 
simply don't have the manpower to run around and console into APs that lose 
their marbles, and our time slot to move forward is narrowing by the day.

And more importantly, I would like to sleep better over the holidays, like we 
all would I'm sure.

Thanks for the input,
Britton

Britton Anderson<mailto:blanders...@alaska.edu> |

 Lead Network Communications Specialist |

 University of 
Alaska<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.alaska.edu_oit&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=6um6HYVcrWqTXe-bRNajqykdk7nntQSv0E2YAP5F6gM&s=ypsFwmiKTApHMaF7izMuBHHNMFuDnqRFKYEb-4Jv0Xc&e=>
 |

 907.450.8250


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=6um6HYVcrWqTXe-bRNajqykdk7nntQSv0E2YAP5F6gM&s=fRWbdLe7Az6QE8CoJiwW7fu6r6pUjO4urKFQFF4TvjE&e=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=u0H0PUNLXiy1a3cR-fDPfH27LqBuQ9bdvaomzbhsJVQ&s=rch_RPRvVcJNvJLqVTwHSmz8Q1zg0nQhfEn8XCg60Dc&e=>.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=xvm-pcNEjBQb5PO6RieKPQgN118ZDUVAngnaGPJWYO0&s=pubLGY_G_e67dRqPQZtn5jWOqqg2X-HO-Eir8qg9opA&e=>.



--
Alan Wang
Network Analyst
Binghamton University
aw...@binghamton.edu<mailto:aw...@binghamton.edu>

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=xvm-pcNEjBQb5PO6RieKPQgN118ZDUVAngnaGPJWYO0&s=pubLGY_G_e67dRqPQZtn5jWOqqg2X-HO-Eir8qg9opA&e=>.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Another Cisco WLC Code Thread

2017-12-19 Thread Joseph Bernard 
To expand, we instantly had issues with 8.5.105.0.  We haven't tried 8.5.110.0 
yet, but I'm sure our wireless team is looking for anything better.  They have 
little hope of ever getting HA working.

Thanks,
Joseph B.

Sent from my iPhone

On Dec 19, 2017, at 3:48 PM, Joseph Bernard 
mailto:j...@clemson.edu>> wrote:

Don’t move off 8.4.100.0 if you can help it.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Britton Anderson 
mailto:blanders...@alaska.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, December 19, 2017 at 3:43 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Another Cisco WLC Code Thread

Happy Holidays,

Like many others I'm sure, I've been studying all of the email threads from 
this list to see if anyone has settled on any of the current code releases on 
their controllers. With all of the bugs disabling several AP models, we have 
been holding off our code upgrade and wireless migration.

I have a plan to move about half of our wireless APs off of a pair of WiSM2s to 
our new 8540's next week. We've had the 8540's up since the summer running on 
8.4.100.0 seemingly without many issues. It's been pretty stable but there has 
only been about 80 APs on it for our Fall semester. That code release is now 
deferred and we've looked at going up to 8.5.110.0 which released just a few 
days ago. Release notes list the open caveats, and there are several that still 
impact the 3500/3600/3700 lines pretty hard. 8.6.101.0 released a day after, 
and its even more grim.

Has anyone found anything stable? We have a pretty wide deployment of APs, but 
most of them are 3500/3600/3700s with a fleet of 702W/1810W in residences. We 
simply don't have the manpower to run around and console into APs that lose 
their marbles, and our time slot to move forward is narrowing by the day.

And more importantly, I would like to sleep better over the holidays, like we 
all would I'm sure.

Thanks for the input,
Britton

Britton Anderson<mailto:blanders...@alaska.edu> |

 Lead Network Communications Specialist |

 University of 
Alaska<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.alaska.edu_oit&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=6um6HYVcrWqTXe-bRNajqykdk7nntQSv0E2YAP5F6gM&s=ypsFwmiKTApHMaF7izMuBHHNMFuDnqRFKYEb-4Jv0Xc&e=>
 |

 907.450.8250


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMFaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=6um6HYVcrWqTXe-bRNajqykdk7nntQSv0E2YAP5F6gM&s=fRWbdLe7Az6QE8CoJiwW7fu6r6pUjO4urKFQFF4TvjE&e=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwMGaQ&c=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4&r=4Pt1z80PQIvvfw2j1-oSIA&m=u0H0PUNLXiy1a3cR-fDPfH27LqBuQ9bdvaomzbhsJVQ&s=rch_RPRvVcJNvJLqVTwHSmz8Q1zg0nQhfEn8XCg60Dc&e=>.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Another Cisco WLC Code Thread

2017-12-19 Thread Joseph Bernard 
Don’t move off 8.4.100.0 if you can help it.

Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Britton Anderson 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, December 19, 2017 at 3:43 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] Another Cisco WLC Code Thread

Happy Holidays,

Like many others I'm sure, I've been studying all of the email threads from 
this list to see if anyone has settled on any of the current code releases on 
their controllers. With all of the bugs disabling several AP models, we have 
been holding off our code upgrade and wireless migration.

I have a plan to move about half of our wireless APs off of a pair of WiSM2s to 
our new 8540's next week. We've had the 8540's up since the summer running on 
8.4.100.0 seemingly without many issues. It's been pretty stable but there has 
only been about 80 APs on it for our Fall semester. That code release is now 
deferred and we've looked at going up to 8.5.110.0 which released just a few 
days ago. Release notes list the open caveats, and there are several that still 
impact the 3500/3600/3700 lines pretty hard. 8.6.101.0 released a day after, 
and its even more grim.

Has anyone found anything stable? We have a pretty wide deployment of APs, but 
most of them are 3500/3600/3700s with a fleet of 702W/1810W in residences. We 
simply don't have the manpower to run around and console into APs that lose 
their marbles, and our time slot to move forward is narrowing by the day.

And more importantly, I would like to sleep better over the holidays, like we 
all would I'm sure.

Thanks for the input,
Britton

Britton Anderson |

 Lead Network Communications Specialist |

 University of 
Alaska
 |

 907.450.8250


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wireless Door Locks?

2017-11-06 Thread Joseph Bernard 
We have a lot of ASSA ABLOY IN120 locks around that seem to work fine.  I will 
admit to being against the use of them as battery powered wifi devices to save 
not having to run data/power, but we've had no complaints.  I will still get on 
a soap box if you want to use wifi for video on a permanently installed TV 
though instead paying for a cable run.

Thanks,
Joseph B.

Sent from my iPhone

On Nov 6, 2017, at 8:32 AM, Gregory Fuller 
mailto:gregory.ful...@oswego.edu>> wrote:

Haven't seen any recent discussion here about wireless door locks.  Our 
physical access team is looking to install some wireless door locks in an 
administrative building.  I can see it growing past this building pretty 
rapidly and want to make sure they aren't putting in something that is going to 
cause us headaches.

They are looking to install Aperio "HUB's" as they call them:

https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ&Expires=1582662909&response-content-disposition=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf&response-content-type=application%2Fpdf&Signature=920fJFxmRxXi9vkJ7zrIVHZao9o%3D


This appears to be using some variant of 802.15.4, which has the ability to run 
between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference.  
I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we 
have a ton of them out there still).

Anyone else out there have these or something similar and can speak for how 
they work and if there are any issues in your environment?

--greg


Gregory A. Fuller - CCNP R&S, CCNP Security, CCNA Wireless
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
http://www.oswego.edu/~gfuller
_
Campus Technology Services will never ask you to email us sensitive personal 
information such as​ a​ password. ​P​lease contact us if you are unsure if an 
email is genuine. (h...@oswego.edu)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.