RE: Ekahau Update

[Lee H Badman]

Maybe wrong recipient?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ian Lyons
Sent: Wednesday, September 22, 2021 1:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Ekahau Update

I have touched base with Steve and the rest of the group.  Steve has an 
proposal in front of corporate and will reach back to us first week of October.

Standby.

Ian

Cheers
Ian J Lyons
Network Architect - Rollins College
401.413.1661 Cell
407.628.6396 Desk



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

[Lee H Badman]

Ron,

Did you verify with certainty that you were connected to the AP that you 
thought you were on?

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ronald Loneker
Sent: Friday, September 10, 2021 2:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

Hi Everyone -

This past spring we deployed several buildings with Aruba IAP 515 access points.

This summer, we had the company who installed the access points produce heat 
mapping summaries of the buildings.

In three of the four buildings, we had high efficiency mode enabled on the 
access points.

Has anyone using these access points noticed a degraded signal when this mode 
is enabled?  I was sitting almost in front of one of the access points that is 
showing to be active and pretty decent coveage where I was sitting but getting 
very low wireless signal from my laptop (even after I rebooted the laptop, 
disconnected from wifi and reconnected).

I'm trying to get a version of the firmware we are running - there was a 
conflict in one of the buildings that had a cluster of 215s and 515s and the 
215s couldn't run the more recent version of firmware so our consultant may 
have downgraded us to one that both models could support.

Just curious about experiences you might have had with the high efficiency mode 
on and off and whether signal is better on either setting.

Ron Loneker, Jr.
Director, IT Special Projects
Saint Elizabeth University
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229

e-mail:  rlone...@steu.edu


Saint Elizabeth University's IT department will never ask for your password, 
social security number or other personal information in an e-mail message.

Please do not share any information with others!






**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Wireless Scanning Apps

[Lee H Badman]

Analiti is nice.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hales, David
Sent: Friday, September 3, 2021 2:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Scanning Apps

I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Lee H Badman]

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”… 

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck  wrote:
> 
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
> 
> Speaking from experience, I would be very concerned.  We had no issues until 
> students returned and we went downhill from there.
> 
> 
> On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv 
> on behalf of Rob Harris"  robert.har...@culinary.edu> wrote:
> 
>Has anyone seen any details regarding what they consider "Large" 
> environments? We upgraded during the break, but both before and after 
> versions are affected. We didn't notice this happening before, should we be 
> concerned now?
> 
>The "dropped" is 0 and the stm cpu usage is in single digits, but client 
> count is really low (they come back this weekend as well), could we be in the 
> clear?
> 
>(asked the SE team and opened a tac call, same questions to them)
> 
>thx
> 
>-Original Message-
>From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Jason Healy
>Sent: Thursday, September 2, 2021 8:45 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
> seeing any issues in the fall with large classrooms and delayed connection 
> times (Aruba 8.5.0.13)
> 
>CAUTION: This email originated from outside The Culinary Institute of 
> America. Do not click links or open attachments unless you recognize the 
> sender and know the content is safe.
> 
>FWIW, Aruba just posted an advisory regarding this issue:
> 
>Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client 
> Connectivity Failures in Large Client Environments"
> 
>Good luck to those of you hit by this. My students start coming back this 
> weekend so I'll be watching this closely!
> 
>Jason
>**
>Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the message, 
> copy and paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0
> 
>**
>Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the message, 
> copy and paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0
> 
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0
> 
> **
> Replies to EDUCAUSE Community Group emails are sent to the 

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

[Lee H Badman]

That’s the stuff.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of McClintic, Thomas
Sent: Monday, August 9, 2021 9:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

I didn’t say how long  399 days is long in today’s terms

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Lee H Badman
Sent: Monday, August 9, 2021 8:53 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 
“The validity period is very long.”

Now you did it, Thomas. You realize you’re about to get scolded…. ☺

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.syr.edu_display_network_Wireless-2BNetwork-2Band-2BSystems=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=qftqxa8_XshNDFt7IhGPSCNJH2pu4kC8v_3dItjnQVI=UT9xnaZsfx9qhmHaKFPQm5_cTGvz1QMJyATI9wIgwFU=>
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: Monday, August 9, 2021 9:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

We use an internal CA signed server certificate without issue for EAP-TLS. We 
are currently using Clearpass onboard & moving to SecureW2.

We previously used Incommon for server CA and are much happier with using a 
private CA for the server certificate. The validity period is very long.

I would not use different server certificates, I imagine clients receive 
certificate warnings which you would not want them to be comfortable bypassing.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Julian Y Koh
Sent: Monday, August 9, 2021 8:29 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 


On Aug 9, 2021, at 07:56, Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>>
 wrote:

Lets not go down this rabbit hole again.


I thought there was a picture of a rabbit and a hole in the dictionary next to 
“mailing list” and “USENET”.   :)

Or is that just in reference to NANOG and IPv6?  :) :) :)

--
Julian Y. Koh
Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
<https://www.it.northwestern.edu/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.it.northwestern.edu_=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=o2Qoz18b7NZxD8_TltdEQU4Bm3kFNqed1GpbmPd61mI=>>
PGP Public Key: 
<https://bt.ittns.northwestern.edu/julian/pgppubkey.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__bt.ittns.northwestern.edu_julian_pgppubkey.html=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=SrMTHgnct1wtNJmvWkrNmfwSap6Bw6DBCXlbilpja0w=>>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=1b4utzeZvNDjJt6NyemCC2WGcBK4dpxomWmrdaBfQg4=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy an

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

[Lee H Badman]

“The validity period is very long.”

Now you did it, Thomas. You realize you’re about to get scolded…. ☺

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of McClintic, Thomas
Sent: Monday, August 9, 2021 9:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

We use an internal CA signed server certificate without issue for EAP-TLS. We 
are currently using Clearpass onboard & moving to SecureW2.

We previously used Incommon for server CA and are much happier with using a 
private CA for the server certificate. The validity period is very long.

I would not use different server certificates, I imagine clients receive 
certificate warnings which you would not want them to be comfortable bypassing.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Julian Y Koh
Sent: Monday, August 9, 2021 8:29 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 


On Aug 9, 2021, at 07:56, Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:

Lets not go down this rabbit hole again.


I thought there was a picture of a rabbit and a hole in the dictionary next to 
“mailing list” and “USENET”.   :)

Or is that just in reference to NANOG and IPv6?  :) :) :)

--
Julian Y. Koh
Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
>
PGP Public Key: 
>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Ekahau Licensing Chat

[Lee H Badman]

I have found the Ekahau folks I've tried to escalate my issues to to be 
apathetic, condescending, and unresponsive. This one I'll sit out but wish the 
group well.


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Ian Lyons 
Sent: Tuesday, July 27, 2021 5:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Ekahau Licensing Chat

https://rollins.webex.com/meet/ilyons



Good Day Everyone!  A few weeks ago, there was an exchange of information 
regarding the new licensing at Ekahau.  The sentiment was not missed by a 
neutral third party who knows someone at Ekahau.  This person reached out to 
Eric and me, inquiring about a meeting that could be put together for those 
impacted by Ekahau licensing.  Eric and I agreed and decided we could host a 
meeting for this purpose.


No one is selling anything.  The purposed of this meeting, Friday August 6th at 
2pEST, is for the WiFi list serve to have a space to talk to an SVP of Sales at 
Ekahau and respectfully explain how the new licensing is impacting those that 
use their product.


Please mark your calendars for August 6th @ 2p EST and the webex is : 
https://rollins.webex.com/meet/ilyons


[https://rollins.webex.com/mw3300/mywebex/html/img/webexball_opengraph_new.png]
Meet virtually with Cisco Webex. Anytime, anywhere, on any 
device.
Simple, modern video meetings for everyone on the world's most popular and 
trusted collaboration platform.
rollins.webex.com


Cheers
Ian J Lyons and Eric Kenny - Educause WiFi LAN Leaders




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Fortinet Wireless?

[Lee H Badman]

We made another dashboard… you NEED a dashboard! Because we made it… you got 
problems no one is seeing or cares about because DASHBOARD.

My snark aside, the information is appreciated, JJ. Nice to hear the analysis.

When I hear Secret Sauce, my internal Google Translate says Vendor Lock.

Lee

On Jul 20, 2021, at 17:25, Jennifer Minella  wrote:


Yep so… maybe one thing I should clarify – with Fortinet APs you don’t need 
their switches for any of the WiFi portfolio. For the FortiGate-managed APs you 
DO need a Fortinet firewall, even if it’s only purpose is to act as a 
“controller” or “gateway”; meaning you don’t have to replace your existing 
firewall in that process if you don’t want to.

The longer story there is that in the last ~18 months we’ve seen the early 
stages of a shift towards what I call a converged edge. Here are some random 
bullets/thoughts on that-

  *   Converged edge means WiFi and LAN edge switches are being managed 
together more now (vs separate platforms)
 *   Aruba brough AOS then CX switches in to Central; Mist brought Juniper 
EX platform in; Fortinet moved from FortiAP cloud to FortiLAN cloud; Juniper is 
sunsetting Sky in favor of unified platform
  *   In addition most vendors are also rolling in a subset of their 
gateway/SD-WAN/SD-Branch security hardware to that central management as well
 *   Aruba modified legacy controllers to gateways for tunnel termination 
and firewall features now managed by Central; Mist recently rolled in Juniper 
SRX appliances; Fortinet obviously supports cloud firewall management
  *   Most of the convergence is of course moving to the cloud to leverage 
computing resource for AI, reduce CapEx, (plus offer a model for recurring 
revenue for the vendor which they love)
 *   Mist has IMO the strongest AI platform which simply can’t run on-prem; 
Aruba is also touting their AIOps and Insights; Cisco has their new XDR 
platform available to digest and act on security data from licensed Cisco 
infrastructure
  *   Zero touch for WiFi is good-to-great across vendors, while Zero touch and 
centralized cloud-config for switching doesn’t have parity among vendors; some 
are uber-easy, others are clunky and borderline useless

And because of this convergence and AIOps….

  *   Pretty much ALL vendors have some extra secret sauce you get by combining 
the WiFi + Edge Switching – auto VLANs, mechanisms for micro segmentation for 
zero trust, data integration and correlation, troubleshooting, visibility, 
update coordination, security enhancements, etc.

___
Jennifer Minella, CISSP
Consulting Advisor, Network & Cyber Security
Carolina Advanced Digital, Inc.
www.cadinc.com<http://www.cadinc.com/>
j...@cadinc.com<mailto:j...@cadinc.com>
919.460.1313 Main Office
919.539.2726 Mobile/text


IMPORTANT UPDATES: Starting August 1st my role with the company will change to 
a part time contractor advisory role, and you may be working with other 
teammates for certain projects.

From: Lee H Badman 
Sent: Tuesday, July 20, 2021 12:06 PM
Subject: Re: WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)

Fortifantastic, JJ- thanks for sharing that. I know every solution is “better” 
when same vendor is used for switching and WLAN under the Single Glass of Pain 
paradigm, but I can’t be the only one contemplating our WLAN future decoupled 
from the desire to also change out thousands of switches. Just shouldn’t need 
to… would be nice to see more vendors seizing the “THIS is how we help you 
change WLAN systems without disrupting your LAN” opportunities. I like what I 
see in Fortinet presentations, but those are always so expansive and 
sll-inclusive you (I?) don’t get the feel that Forti-Fi was meant to play on 
other LAN environments.

FortiLee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jennifer Minella
Sent: Tuesday, July 20, 2021 11:58 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 
(#2021-109)

Ah. Nope I haven’t seen any larges ones yet. No truckloads of AI for you! Their 
go-to changed from (legacy MC) controllers to FG-managed, with cloud (AFAIK) in 
a distant 3rd . I may get in trouble for saying that, and it’s likely changing 
as all the vendors are (as you noted) leveraging the cloud compute power for 
AI. Fortinet has a strong R team and process, puts most of their money back 
in to product development vs. marketing so they have that going for them and 
c

RE: WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)

[Lee H Badman]

Fortifantastic, JJ- thanks for sharing that. I know every solution is "better" 
when same vendor is used for switching and WLAN under the Single Glass of Pain 
paradigm, but I can't be the only one contemplating our WLAN future decoupled 
from the desire to also change out thousands of switches. Just shouldn't need 
to... would be nice to see more vendors seizing the "THIS is how we help you 
change WLAN systems without disrupting your LAN" opportunities. I like what I 
see in Fortinet presentations, but those are always so expansive and 
sll-inclusive you (I?) don't get the feel that Forti-Fi was meant to play on 
other LAN environments.

FortiLee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jennifer Minella
Sent: Tuesday, July 20, 2021 11:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 
(#2021-109)

Ah. Nope I haven't seen any larges ones yet. No truckloads of AI for you! Their 
go-to changed from (legacy MC) controllers to FG-managed, with cloud (AFAIK) in 
a distant 3rd . I may get in trouble for saying that, and it's likely changing 
as all the vendors are (as you noted) leveraging the cloud compute power for 
AI. Fortinet has a strong R team and process, puts most of their money back 
in to product development vs. marketing so they have that going for them and 
could certainly come of from behind in the WiFi arena.

I believe it is still free to create a cloud account and take it for a spin (at 
least with the UI) - FortiAP Cloud is now FortiLAN Cloud - 
https://fortilan-login.forticloud.com
I will say in the lab our team has played with some of the FortiSwitches and 
they have some neat features and have their place in the world, especially for 
highly distributed/branch office use cases. There's even what I'd call 
"NAC-light" built in - which is confusing when they have an actual FortiNAC 
product - but it's neat nonetheless.

[cid:image002.png@01D77D5F.A5E59290]

___
Jennifer Minella, CISSP
Consulting Advisor, Network & Cyber Security
Carolina Advanced Digital, Inc.
www.cadinc.com<http://www.cadinc.com/>
j...@cadinc.com<mailto:j...@cadinc.com>
919.460.1313 Main Office
919.539.2726 Mobile/text
[CAD LOGO EMAIL SIG]

IMPORTANT UPDATES: Starting August 1st my role with the company will change to 
a part time contractor advisory role, and you may be working with other 
teammates for certain projects.

From: Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Monday, July 19, 2021 7:15 PM
To: Jennifer Minella mailto:j...@cadinc.com>>; 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)

Duh! Cloud. And buckets of AI. Truckloads full.


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fits.syr.edu=E,1,YJRfe-URuUNKQ4jg_adjmEQVQSNAdlNTAe13moItABtftm8TUeFocJNuJEDQIZ-TUnsp8GM0ETfRaJf_EwyvXhJ8qxTPTIIQ7xOoGT6aMD5oLl8,=1_add=1>
SYRACUSE UNIVERSITY
syr.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fsyr.edu=E,1,qdD9q8WQBRUBgcou7pwI-dSEH-z4WdOEIrW9Z-dS8NeC01y23N8vgGSLCYbhD8EQhV3Y3j1PtBd_mkaDcNvbR8jYu218sNSjNf-DkOh_eQo,=1_add=1>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jennifer Minella mailto:j...@cadinc.com>>
Sent: Monday, July 19, 2021 5:53 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 
(#2021-109)


Hey buddy! Which 'flavor' of Fortinet Wireless?

  *   Legacy controller /Meru
  *   Cloud
  *   Firewall-managed



___

Jennifer Minella, CISSP

Consulting Advisor, Cyber Security

Carolina Advanced Digital, Inc.

www.cadinc.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.cadinc.com%2f=E,1,CrUxd-DZhMQelCHcNRKflOFpueCLM3PYw0Khql8MF7Ne1o_MWYzpTQCxQQJ6ZGtIbpEkmNgNA7IYYLt7N9yhPKij6HRYZxuqlpX-w-BI0DNIbBwp=1>

j...@cadinc.com<mailto:j...@cadinc.com>

919.460.1313 Main Office

919.539.2726 Mobile/text

[CAD LOGO EMAIL SIG]



IMPORTANT UPDATES: August 1st my role with the company will change and you may 
be working wi

Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[Lee H Badman]

Great points, Sam. Thanks for pointing out the fine print.


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Samuel Clements 

Sent: Monday, July 19, 2021 3:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

Great thread everyone - I love watching (and occasionally contributing) to all 
of the things that go on in the edu space! For my part, the licensing 
restrictions that people face using Ekahau products are also present in their 
competitors' products. For example, here is a twitter thread that highlights 
netally's TOS that includes very similar language to Ekahau:
https://twitter.com/theITrebel/status/1383187080910499840

Be careful about listening to what's said/advertised publicly compared to 
what's documented in the legal terms of service you're accepting when you click 
"I Accept" on any software anywhere.

As another brief word of caution - this is a public list and advocating 
software piracy and methods for circumventing Terms of Service is likely to be 
frowned upon by someone, somewhere. It's worth taking a moment in your replies 
to make sure you're not saying anything that could give the impression of 
impropriety - both on behalf of you individually, as well as the organization 
you work for.
 -Sam

On Mon, Jul 19, 2021 at 1:15 PM Matt Wierzgac 
mailto:mwierz...@wzcnetworking.net>> wrote:

I don’t think Ekahau sends anything to the end user unless they seek support in 
the case of an issue.  When you send an email to support or call them, they 
always ask what product key your device is using, and if there is a different 
name on file for them vs. what was registered through the software, they whine 
about it and threaten to shut it down.  The only way around this is to use a 
company email address, that has a user name that isn’t suspicious of being 
generic, but the password being generic so all users using this account knows 
it so they can login. Just remember if calling upon support for that account, 
to tell them you are the person with the name on the email account.  Not ideal, 
but I understand why they do it.  If only they made a license for more than 1 
user that’s slightly higher in price to reflect this, but not as high as 
purchasing an entire new Ekahau license that’s $1200+



Thanks,



Matt Wierzgac

Engineering Manager



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of James Helzerman
Sent: Monday, July 19, 2021 10:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives



Hi, how did they know it was a generic account?  Are they sending back 
information about the device it's on and mapping the login?  Or they just using 
some heuristic that looks to see if it may be a generic account such as sending 
emails to thT user account and getting no response.



Jimmy



On Sun, Jul 18, 2021, 10:56 PM Jason Cook 
mailto:jason.c...@adelaide.edu.au>> wrote:

This frustrated us a bit too. Their licensing seems to be aimed primarily at 
Wifi professionals who use this all the time/profit from it as part of their 
business. Doesn’t really fit our environments at all.



Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m 
probably overstating that, would prefer to use it more but we just don’t have 
time)

There’s 5 people in our team. We aren’t going to pay for 5 licenses for 
something that is use so little… not at the license cost they have anyway.



Oh well.. what’s the difference in a generic email versus personal email for 
them anyway..



--

Jason Cook

Information Technology and Digital Services

The University of Adelaide, AUSTRALIA 5005

---

This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Dan Lauing
Sent: Monday, 19 July 2021 11:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Re: WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)

[Lee H Badman]

Duh! Cloud. And buckets of AI. Truckloads full.


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Jennifer Minella 

Sent: Monday, July 19, 2021 5:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 
(#2021-109)


Hey buddy! Which ‘flavor’ of Fortinet Wireless?

  *   Legacy controller /Meru
  *   Cloud
  *   Firewall-managed



___

Jennifer Minella, CISSP

Consulting Advisor, Cyber Security

Carolina Advanced Digital, Inc.

www.cadinc.com<http://www.cadinc.com/>

j...@cadinc.com<mailto:j...@cadinc.com>

919.460.1313 Main Office

919.539.2726 Mobile/text

[CAD LOGO EMAIL SIG]



IMPORTANT UPDATES: August 1st my role with the company will change and you may 
be working with other teammates for certain projects.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of WIRELESS-LAN automatic digest 
system
Sent: Friday, July 16, 2021 5:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)



[LISTSERV mailing list manager]<http://www.lsoft.com/>

[LISTSERV 15.0]<http://listserv.educause.edu/scripts/wa.exe?LIST=WIRELESS-LAN>





WIRELESS-LAN Digest - 15 Jul 2021 to 16 Jul 2021 (#2021-109)
Table of contents:

  *   Fortinet Wireless? (3)

  1.  Fortinet Wireless?
 *   Fortinet Wireless? (07/16)
From: Lee H Badman mailto:lhbad...@syr.edu>>
 *   Re: Fortinet Wireless? (07/16)
From: "Floyd, Brad" mailto:bfl...@mail.smu.edu>>
 *   Re: Fortinet Wireless? (07/16)
From: Lee H Badman mailto:lhbad...@syr.edu>>



Browse the WIRELESS-LAN online 
archives.<http://listserv.educause.edu/scripts/wa.exe?LIST=WIRELESS-LAN>

[Anti-Virus 
Filter]<http://www.lsoft.com/products/default.asp?item=secured-by-FS=LISTSERV.EDUCAUSE.EDU=http://listserv.educause.edu/scripts/wa.exe>[Powered
 by the LISTSERV Email List 
Manager]<http://www.lsoft.com/products/listserv-powered.asp>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[Lee H Badman]

Since the acquisition, the company has absolutely lost their way in simply 
dealing with customers when compared to old Ekahau. Ekahau 1.0 made it very 
clear that their customers were absolute priority. E2.0 has made it clear that 
$ is the priority, customers can go elsewhere if they don’t like it.

My take.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of McClintic, Thomas
Sent: Monday, July 19, 2021 9:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

Thanks everyone for the feedback, it sounds like many of us are in the same 
boat.

We like Ekahau, but I’m always open to other options on any products we use. 
Here is a list of options I’m flirting with and would love to know if anyone 
has utilized them.

VisiWave - $849
TamoGraph  - $1399
Acrylic - $879 ($2199 perpetual)

I’ve used Acrylic products for personal use and the value was incredible.

We have had AirMagnet in the past and I feel the price they spend on R 
doesn’t justify the cost. If someone has recent experience and seen 
improvements with that software let me know. For around $4000 per seat I just 
don’t see the value.

On a side note, both the compliance manager and our account manager are in the 
in the Philippines. In the past we had local team contacts, not sure where in 
the last few years that changed, but I find it interesting. All of my previous 
contacts are no longer with the company.

TJ McClintic

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Rick Brown
Sent: Monday, July 19, 2021 8:06 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives


 EXTERNAL EMAIL 
In some ways having it tied to the Sidekick was better in that it did allow 
multiple users but not simultaneously.  The problem there was most IT policies 
on campuses these days don't allow multiple uses of a single device without it 
being tied to an individual login.   I certainly don't want to share my iPad.


 It would be good if they'd take a closer look at university users and 
determine a way to allow for multiple users but only the number of licenses 
purchased simultaneously.   This would mean that you couldn't work they files 
unless the Sidekick was present or if a license was not being used at the time.

Rick




On 7/18/2021 10:43 PM, Jason Cook wrote:
This frustrated us a bit too. Their licensing seems to be aimed primarily at 
Wifi professionals who use this all the time/profit from it as part of their 
business. Doesn’t really fit our environments at all.

Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m 
probably overstating that, would prefer to use it more but we just don’t have 
time)
There’s 5 people in our team. We aren’t going to pay for 5 licenses for 
something that is use so little… not at the license cost they have anyway.

Oh well.. what’s the difference in a generic email versus personal email for 
them anyway..

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
On Behalf Of Dan Lauing
Sent: Monday, 19 July 2021 11:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

I don't blame them for not wanting multiple users on a single license.

However, I do blame them for not warning us that we were apparently breaking 
the ToS and decided to kill our license without notice. This left me, on a 
weekend and in a pinch, unable to even open my surveys.

How were we breaking their ToS? Well, even though I was the only one that ever 
used the product, we licensed it under a "generic" account and not my personal 
one. We do this all the time in the case that 

Re: Fortinet Wireless?

[Lee H Badman]

Thanks Brad. I know Amy, good idea.

Lee


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Floyd, Brad 

Sent: Friday, July 16, 2021 11:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Fortinet Wireless?

Lee,
You may want to ping Amy. I'm sure she would point you towards some. Let me 
know if you need her contact info.
Thanks,
Brad


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Friday, July 16, 2021 10:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Fortinet Wireless?

[EXTERNAL SENDER]

Anyone running large scale Fortinet WLAN?

Lee Badman (mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Fortinet Wireless?

[Lee H Badman]

Anyone running large scale Fortinet WLAN?

Lee Badman (mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [External] [WIRELESS-LAN] Placement mapping of APs

[Lee H Badman]

We also did some of this with student help over the years in PI... but the 
results were mixed. I'd say make sure the students thoroughly understand why 
what they are doing is important, trained well on your process, and get checked 
on occasionally for accuracy.

Also- for what these products cost, and the fact that Cisco is now "a software 
company", I'm taken aback that they haven't given customers a better migration 
strategy. Check this up to higher TCO and hidden costs of ownership, says I.



Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, June 24, 2021 10:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs

To the point of "hours of remapping everything", we were very successful 
leveraging intern/work study for this type of work several years ago.  When we 
have to do this again, i'll be running the same playbook.  4-6 student workers 
knocked it out over the summer.  You can do something similar over the school 
year, but it will likely take a little longer.  They enjoyed the work including 
the opportunity to visit locations and do site surveys as needed.

Nayef Z. Smith | Network Services | Voice: 404-727-6019


[cid:image001.png@01D768E1.DE2B9F10]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Christina Klam mailto:ck...@ias.edu>>
Sent: Wednesday, June 16, 2021 2:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] [WIRELESS-LAN] Placement mapping of APs

All,
For the upteenth time, we will need to re-map all of our access points in a 
Cisco GUI.   Originally they were in Prime.  Then we got DNAC and were told to 
migrate them there.  But, just found out that you cannot export the mappings 
(blank maps yes, mappings no) from DNACv1 to DNACv2.   And as the sync is only 
one way, Prime to DNAC, we cannot seamlessly return to Prime.

Until Cisco gets their act together, we will do the re-mapping in Prime and 
have that be our source of truth.   My question to the community is this.   How 
do you handle the AP placement mappings?   If there is a better way that 
manually dragging the images to the proper location, I would love to hear it.   
I see that you can use GPS coordinates but how can you get accurate coordinates 
inside a building?   Ideally, I would like to create a spreadsheet of AP and 
locations and then upload it to said system.  This way if Prime database gets 
corrupted (which has happened) or DNACv2-v3 also is not seamless, we do not 
have to spend the hours remapping everything ... again.

Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
(m) +1 609-751-7899
(o) +1 609-734-8154
ck...@ias.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community



This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 

Re: [WIRELESS-LAN] Placement mapping of APs

[Lee H Badman]

Their a software company now.


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Usher 
<010ef28e43bf-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, June 16, 2021 6:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Placement mapping of APs

And the floor ordering is inverted!  At least CPI let you define the sequence 
correctly.

Cisco DNAC — “up is down and down is up!"
—
Michael Usher
Network Operations Manager
University of California, Santa Cruz
mus...@ucsc.edu831-459-3697

On Jun 16, 2021, at 2:37 PM, William Green 
mailto:gr...@austin.utexas.edu>> wrote:

One of my hot buttons...

We've brought this up with Cisco Product Managers over the years, and they 
don't seem to get it.  Perhaps a critical mass on this group could get it 
raised in priority.  We've suggested Geographic Information Systems numerous 
times.  You would not necessarily need GPS reception inside the building.  Just 
geo-reference a few exterior corners of a floor plan, and any GIS system 
projects specific coordinates as you drop an AP.  I had some grad students do 
this with a percentage of our floorplans a decade ago and it all worked.  Then 
you should be able to export those and re-import into any floor plan that is 
geo-referenced.

Related, Cisco' mapping (DNAC and DNASpaces) is pretty two dimensional, and 
doesn't have the concept of a campus with many buildings and many floors to 
those buildings.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] MPSK SSID Names

[Lee H Badman]

It’s not MPSK, but we have a similar purpose dorm WLAN called Gadgets


Lee Badman (mobile)

On Jun 8, 2021, at 4:22 PM, Christopher H Ressel  wrote:


We marketed MPSK as a solution for IOT clients so we named ours UNR-IOT. It 
seems to have been self-explanatory enough as we haven’t had much user 
confusion.

Chris

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Brian Helman 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, June 8, 2021 at 12:04 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: [WIRELESS-LAN] MPSK SSID Names

Anyone using Aruba’s (or if other manufacturers have a similar feature) MPSK 
service?  What did you use for an SSID – looking for naming ideas.

-Brian


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Apple product antenna strength vs other?

[Lee H Badman]

Are you checking to make sure the Apple clients are connecting to the AP you 
expect them to, versus maybe sticking to one further away? I see you mention 
you did that for one Mac, but Apple devices can be sticky- I would check them 
all and don't fall into the trap of expecting all Apple products to behave 
similiarly (especially between iOS and OS X).

Also, are you actually quantifying signal somehow versus simply looking at the 
"bars"?

-Lee

Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Tyler 
Sent: Friday, June 4, 2021 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Apple product antenna strength vs other?


Wifi experts,



We are running Aruba MM with two controllers on 8.7.3.  Our AP’s are mostly 
AP-225’s.

I have had complaints from one of our tech rooms that they were getting a poor 
signal.  I finally got around to testing that room out.  The location of the AP 
to this room is in an adjacent room.  When I test with Windows PC’s and Droid 
phones, the signal and performance is just fine.  When we tested with Macs and 
iphones, the signal strength was amazingly weak for all of them.  We tested 
with two Macs and two iphones as well as multiple PC’s and Android phones.  
Only the Apple devices had weak signals.  Have any of you experienced a weaker 
antenna performance with your Apple devices on your campuses?



If I put an AP in the room, the Apple devices are fine.  But I am surprised I 
would have to do this.  I would not have expected Apple devices to have weaker 
antennas.



I did check in Airwave to make sure at least one of the Macs was still 
connecting to the same AP.  Any thoughts from anyone?





Tim Tyler

Network Engineer

Beloit College



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

Yeah... but it’s priced like it’s something other than an experiment for sure.

Lee Badman (mobile)

On Jun 2, 2021, at 5:54 PM, Curtis K. Larsen  wrote:


Lee,

There is no such thing as stable code anymore.  Good luck.


Thanks,

Curtis


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rios, Hector J 

Sent: Wednesday, June 2, 2021 3:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?


We recently upgraded to 8.10.151 and have no complaints. But then again code 
stability depends on so many factors. We have 8540s, and a mix of 9120s, 2700s, 
2800, and 1562s.



Hector Rios, UT Austin







From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Wednesday, June 2, 2021 9:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?



Hi all,



After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.



Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I’m looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.



Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?



Thanks,





Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems

SYRACUSE UNIVERSITY
syr.edu





This message is from an external sender. Learn more about why this 
matters.<https://ut.service-now.com/sp?id=kb_article=KB0011401>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Amazon Sidewalk

[Lee H Badman]

Hmmm. My Sidewalk stuff isn't working very well, so the University Wi-Fi must 
suck. I better put my own router in.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Michael E. Davis
Sent: Wednesday, June 2, 2021 3:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Amazon Sidewalk

Always be leery of a new service with privacy/security implications when it is 
opt-out rather than opt-in.  Amazon's past history of 'accidentally' recording 
conversations via Alexa devices makes their assessment of risk hard to accept.

Michael Davis
Network Architect
University IT Services
http://directory.uark.edu/people/michaeld

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Sullivan, Don
Sent: Wednesday, June 2, 2021 11:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Amazon Sidewalk

EXTERNAL MESSAGE

Our Security guy has asked me about Amazon Sidewalk and the possible concerns 
it may present for an enterprise network. I had never heard of it till he 
mentioned it and have started doing some research. It seems to be talking about 
setting up some kind of mesh network though the amazon devices but I am still a 
fuzzy on it. Has anyone else started looking into this and determined whether 
there are concerns, security or otherwise, that might impact our wireless 
networks? Just curious.

https://www.aboutamazon.com/news/devices/amazon-sidewalk-a-new-way-to-stay-connected

Don Sullivan
Network Administrator
Technology Services

205-726-2111 | office
dsulli...@samford.edu
LinkedIn
www.samford.edu
800 Lakeshore Drive
Birmingham, AL 
35229

[Samford Samford University Logo]




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Re: [WIRELESS-LAN] Re: [WIRELESS-LAN] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

You guys are making end-of-support 8.5 look good...

Lee Badman (mobile)

On Jun 2, 2021, at 11:27 AM, Jason Mallon  wrote:


Forgot this the iPhones and iPad issue just popped out of nowhere a couple of 
weeks ago.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Jason Mallon 
Date: Wednesday, June 2, 2021 at 10:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Re: [WIRELESS-LAN] Re: [WIRELESS-LAN] 
[WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?
iPads and Iphones are 802.1x, PSK still works.  The Nokia and Motorolas are 
802.1x and PSK.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Date: Wednesday, June 2, 2021 at 10:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Re: [WIRELESS-LAN] [WIRELESS-LAN] Cisco 
8540 Code Recommendation, Based on Stability?
802.1X involved, or PSK?
Lee Badman (mobile)



On Jun 2, 2021, at 11:20 AM, Jason Mallon  wrote:

iPads, iPhones, Nokia phone, and a handful of Motorolas (different models).  
All seem to be connect when attempting with a wave 1 or 2.  They only seem to 
fail when trying to connect to the 9100 series.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Kris Vangeel 

Date: Wednesday, June 2, 2021 at 10:14 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXTERNAL] Re: [WIRELESS-LAN] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
Jason

Which type of devices are you experiencing troubles with connecting ?

Thanks
Kris Vangeel
University of Leuven, Belgium

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Mallon
Sent: woensdag 2 juni 2021 16:58
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

We are currently running 8.10.151 and have been for quite a few months with no 
issues as of yet.  Only two issues as of right now are a certain devices not 
being able to connect, working with TAC on those.  8.10.130 and 8.10.142 are 
covered in bugs.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, June 2, 2021 at 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on 
Stability?
Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I’m looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Cjemallon%40ua.edu%7Cf749d053676e42e3bdc208d925dad89a%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582444137013569%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=0DVgJgenOTDsiZ359O8DYAJyajiYzEwdnBSAPmspfHo%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation

Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

That one’s interesting because it shows affected code is 8.5(140.0), and only 
one case... is TAC agreeing it’s the same bug? Just curious.

Lee Badman (mobile)

On Jun 2, 2021, at 11:23 AM, Jonathan Oakden  wrote:


We are on 8.10.151 for the last couple of months here at Loughborough 
University in England. We think we are being hit quite badly by this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp31778
with around 6% of our 2802i APs being currently affected.
It’s a really annoying bug too as to the user they appear to be connected to 
Wi-Fi but they have no network activity at all. Also the APs seem fine from a 
monitoring perspective unless you are either carefully monitoring their memory 
usage, or they get so far out of memory that they appear to lose their 
registration with the controller.
As such, I really can’t recommend 8.10.151.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Date: Wednesday, 2 June 2021 at 16:06
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
Thanks, Jason and Dennis.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Mallon
Sent: Wednesday, June 2, 2021 10:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

We are currently running 8.10.151 and have been for quite a few months with no 
issues as of yet.  Only two issues as of right now are a certain devices not 
being able to connect, working with TAC on those.  8.10.130 and 8.10.142 are 
covered in bugs.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, June 2, 2021 at 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on 
Stability?
Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I’m looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Cjemallon%40ua.edu%7Cd061f040ff24484260e608d925d451b2%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582416102360203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=v0D%2F0ufRBcRF7qR6YbtZ84uox7986tTBQAEXL%2FD1tzU%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cjemallon%40ua.edu%7Cd061f040ff24484260e608d925d451b2%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582416102360203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=bC3k8%2FctXdZObYyCN6wuReBNJAoT%2FWMyIWTyvzLQ9zc%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

802.1X involved, or PSK?

Lee Badman (mobile)

On Jun 2, 2021, at 11:20 AM, Jason Mallon  wrote:


iPads, iPhones, Nokia phone, and a handful of Motorolas (different models).  
All seem to be connect when attempting with a wave 1 or 2.  They only seem to 
fail when trying to connect to the 9100 series.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Kris Vangeel 

Date: Wednesday, June 2, 2021 at 10:14 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXTERNAL] Re: [WIRELESS-LAN] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
Jason

Which type of devices are you experiencing troubles with connecting ?

Thanks
Kris Vangeel
University of Leuven, Belgium

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Mallon
Sent: woensdag 2 juni 2021 16:58
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

We are currently running 8.10.151 and have been for quite a few months with no 
issues as of yet.  Only two issues as of right now are a certain devices not 
being able to connect, working with TAC on those.  8.10.130 and 8.10.142 are 
covered in bugs.

Thanks,
Jason Mallon | Network Engineer III


OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, June 2, 2021 at 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on 
Stability?
Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I’m looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Cjemallon%40ua.edu%7C68e83a4aee35495bfe9608d925d9167e%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582436617883865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=QGDfXok2QpfnQNeDoT0M2Fw9r2PWFq%2BQOpyN%2BEz%2FcXQ%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cjemallon%40ua.edu%7C68e83a4aee35495bfe9608d925d9167e%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582436617893862%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ggjfOtCslnYpKXV08jGJq43cCeU26XOM6fGKmtmHFXc%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cjemallon%40ua.edu%7C68e83a4aee35495bfe9608d925d9167e%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582436617893862%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ggjfOtCslnYpKXV08jGJq43cCeU26XOM6fGKmtmHFXc%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sen

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

Thanks, Jason and Dennis.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Mallon
Sent: Wednesday, June 2, 2021 10:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

We are currently running 8.10.151 and have been for quite a few months with no 
issues as of yet.  Only two issues as of right now are a certain devices not 
being able to connect, working with TAC on those.  8.10.130 and 8.10.142 are 
covered in bugs.

Thanks,
Jason Mallon | Network Engineer III
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp]
OIT
The University of Alabama
<https://www.ua.edu/>jemal...@ua.edu<mailto:jemal...@ua.edu>
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, June 2, 2021 at 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on 
Stability?
Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I'm looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Cjemallon%40ua.edu%7Cd061f040ff24484260e608d925d451b2%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582416102360203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=v0D%2F0ufRBcRF7qR6YbtZ84uox7986tTBQAEXL%2FD1tzU%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cjemallon%40ua.edu%7Cd061f040ff24484260e608d925d451b2%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637582416102360203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=bC3k8%2FctXdZObYyCN6wuReBNJAoT%2FWMyIWTyvzLQ9zc%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

Thanks, Allen.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Allen Toms
Sent: Wednesday, June 2, 2021 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

We had multiple issues with the 8.10.130.0 code, including unexplained 8540 
controller reloads and random model 2700, 3700 and 2800 reboots, but since 
upgrading to 8.10.151.0 back in mid-March, we've been very stable. Knock on 
wood. The 8.10.151.0 is supporting our 1700, 2700, 2800, 1810, 1815, 2800 and 
9120 models just fine on our 8540 HA pairs.


[LSU]<http://www.lsu.edu/>

Allen Toms
Wireless Network Manager
Information Technology Services
Louisiana State University
200 Frey Computing Services , Baton Rouge, LA  70803
office 225-578-3763
alt...@lsu.edu<mailto:alt...@lsu.edu> | lsu.edu<http://www.lsu.edu/>


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Wednesday, June 2, 2021 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?


Hi all,



After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.



Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I'm looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.



Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?



Thanks,





Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Caltoms%40LSU.EDU%7Cd121472889f847f17ec508d925d450cc%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637582416088604380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=N%2F758RmOcG9oaT2OnL7fWXR0ztS42MPNGiXDRC5nMqk%3D=0>

SYRACUSE UNIVERSITY
syr.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Caltoms%40LSU.EDU%7Cd121472889f847f17ec508d925d450cc%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637582416088614370%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=KZwxrUGn1ZH4ZCU31zv7qCr7fxeH5W3aJHM0imsQvWE%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco 8540 Code Recommendation, Based on Stability?

[Lee H Badman]

Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I'm looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Washlava

[Lee H Badman]

Curious if anyone can speak about the Wi-Fi and network requirements for 
Washlava laundry machines? I'm assuming they are WI-Fi only, but can find 
little of technical substance out on the web. I'm assuming they are PSK-only, 
etc but curious for those supporting them if they have been difficult to 
support as client devices, any wonky requirements or behaviors, etc.

Thanks,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] WPA3/OWE as campus solution?

[Lee H Badman]

FWIW, I'm finding all of this very interesting and informative.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Thursday, April 22, 2021 1:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

Don't remember saying anything about employees being forced to do anything...
We're so far off topic at this point. I'm done.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, April 22, 2021 1:05:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?


Tim,



I would take a look at case law, where it was determined that an employer can 
not expect an employee to use their own device without compensation.  This has 
resulted in two scenarios now.  The first being that the employer provides the 
employee with a stipend to compensate them for use of their personal device.  
The second being that employers now provide the necessary devices (tools) to 
the employee in order to carry out their duties.



For example, with COVID, many employers are providing temporary stipends to 
employees to cover Internet consumption and personal cell use.



In no way shape or fashion can an employer compel the user to install or enroll 
their personal device into their employer's end-point management.  The employer 
could say it's an optional condition of the employee's desire, in a voluntary 
decision, to use that device for company business. Can't be forced.



Jeff



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Thursday, April 22, 2021 9:14 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?



Well, I can tell you that is just not the reality. Sorry!





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, April 22, 2021 12:04
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?



On 2021-04-21 21:30:53+, Tim Cappalli wrote:
>  I'd also like to address the comment about post-college experience.
>
>  Most organizations these students are going to work at are going to
> require MDM or MAM on their personal devices. So I fundamentally
> disagree with the comment that they won't deal with "enrollment" post
> campus life.

On the above specifically.  In every business scenario I've encountered, and 
it's at EDU level now too, unless you are going to compensate the user for 
access/control of their device, the business has no right to require MDM.  This 
is in the same territory as requiring an employee to check business email from 
a personal device - it must be only as an employee opt-in convenience, and not 
a substitute for the business providing that person the tools they need to do 
their job.

That's a long trip version of saying that a business is going to hand their 
employee a pre-enrolled/managed company-owned device(s) where it is the 
business' responsibility to handle whatever onboarding they've established for 
their company assets.  The individual will never encounter this activity (nor 
should they) with a personal device they own.

Jeff

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jonathan Waldrep
Sent: Wednesday, April 21, 2021 7:27 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

On 2021-04-21 21:24:25+, Tim Cappalli wrote:
>  Why not take baby steps? One example: So many organizations talk
> about user experience challenges of onboarding (and trust me, I hear
> you) but then issue 1 year certs and force the user through it every
> year.
>
>  Switch to a 5 year cert (or device specific cred) and use
> authorization rules to temporarily (or permanently) revoke access.
 100%. Preach. We are kicking off a project to move from PEAP/MSCHAPv2 to 
EAP-TLS, primarily for usability reasons. There are plenty of 

Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

[Lee H Badman]

Well said.

Lee Badman (mobile)

On Apr 16, 2021, at 12:47 PM, Jeffrey D. Sessler  
wrote:


I’m all for the connection experience being as simple as possible. We subject 
our casual users to often extreme onboarding measures when they’ll never 
experience this outside of their 4-years, or even outside the college community.

If we consider the forward march to SaaS and other aaS products in higher 
education, in the not so distant future, we’ll run almost nothing on-campus. 
Wireless will just be a commodity connection-point out to a bunch of Internet 
services. If an end user can “do what they need” at the myriad wifi hotspot 
locations in the US e.g. starbucks, then we shouldn’t need to ask them to jump 
through more hoops just because they are on a college campus.  Is there such a 
thing as wireless elitism?

Perhaps the challenge with wireless is that it’s still a service owned and 
managed by IT? If the governance was customer focused, with goals centered on 
community experience vs enterprise risk, perhaps a happy medium could be 
reached between what the consumer of the service desires, and what those 
managing it can provide?
If my facilities director told me that the water spigot I wanted installed in 
my building required a pass-code or onboarding before use, I’d consider them 
crazy. After all, my home version requires a simple turn of the handle.  When I 
look at what lengths some of us have gone with our college wifi, I wonder if 
the pass-code water spigot is far off.  

Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Friday, April 16, 2021 8:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

All good input- again, just thinking free here... thanks for playing the game.
Lee Badman (mobile)


On Apr 16, 2021, at 11:07 AM, David Logan 
mailto:tarheeldav...@gmail.com>> wrote:

So - truly thinking out loud...

1. To Tim's point on lack of identity, the unstated requirement that could be 
chosen to be fulfilled or not - there would need to be post-connect, 
post-activity monitoring such that "bad activity" could be detected, mitigated, 
prevented.  Anybody and any device within throw range of the WLAN could connect 
and do whatever they want, within the bounds of monitoring and enforcement at 
L2/L3/L7.  IRL - none of your doors have locks, but you could choose to 
implement security cameras if someone you don't know comes in to take the TV.

2.  It certainly suggests creating "network segments of one" to ensure that the 
ability for a bad actor with a connected device cannot recon nor exploit the 
other local connected devices, systems, apps, protocols.   Suggests all local 
traffic would have to be firewalled or proxied, or else the "network segment of 
one" architecture is unenforceable.

2a.   OR - it suggests a "don't care what happens between non-IT sanctioned 
systems" - i.e. if a bad actor on a moderately sized broadcast domain/subnet 
co-opts an attached non-IT device (like a smart TV) and "does something bad" - 
that's OK.  This then suggests that consequences of consumer IT product vendors 
implementing poor embedded software systems/exploitable protocols would trickle 
down to the end-user and back out to the consumer IT vendor.

2b.  Also suggests that if the local network segments are not policed using 
firewalls of some sort, then the local IT-managed systems (if there ARE any) - 
definitely need to be up to date on patch management and support and 
vendor-product-software security.

-- Dave


On Fri, Apr 16, 2021 at 10:33 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:
Not sure how, or even if you’d need to depending on how it all worked. No plan 
here, just discussion..

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

How would you limit local services like printing, screen mirroring, media 
casting, etc?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mail

Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

[Lee H Badman]

All good input- again, just thinking free here... thanks for playing the game.

Lee Badman (mobile)

On Apr 16, 2021, at 11:07 AM, David Logan  wrote:


So - truly thinking out loud...

1. To Tim's point on lack of identity, the unstated requirement that could be 
chosen to be fulfilled or not - there would need to be post-connect, 
post-activity monitoring such that "bad activity" could be detected, mitigated, 
prevented.  Anybody and any device within throw range of the WLAN could connect 
and do whatever they want, within the bounds of monitoring and enforcement at 
L2/L3/L7.  IRL - none of your doors have locks, but you could choose to 
implement security cameras if someone you don't know comes in to take the TV.

2.  It certainly suggests creating "network segments of one" to ensure that the 
ability for a bad actor with a connected device cannot recon nor exploit the 
other local connected devices, systems, apps, protocols.   Suggests all local 
traffic would have to be firewalled or proxied, or else the "network segment of 
one" architecture is unenforceable.

2a.   OR - it suggests a "don't care what happens between non-IT sanctioned 
systems" - i.e. if a bad actor on a moderately sized broadcast domain/subnet 
co-opts an attached non-IT device (like a smart TV) and "does something bad" - 
that's OK.  This then suggests that consequences of consumer IT product vendors 
implementing poor embedded software systems/exploitable protocols would trickle 
down to the end-user and back out to the consumer IT vendor.

2b.  Also suggests that if the local network segments are not policed using 
firewalls of some sort, then the local IT-managed systems (if there ARE any) - 
definitely need to be up to date on patch management and support and 
vendor-product-software security.

-- Dave


On Fri, Apr 16, 2021 at 10:33 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:
Not sure how, or even if you’d need to depending on how it all worked. No plan 
here, just discussion..

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

How would you limit local services like printing, screen mirroring, media 
casting, etc?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Friday, April 16, 2021 10:17
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?


Exactly- hance the notion of simplifying… relying on application security, 2FA 
etc for actual security while making simply connecting much, much easier.



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836879442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=l7sSKIp95iXMYD5uRV%2F%2FbVgSsEaikmLNW%2FhYq1D0u0M%3D=0>

SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?



Just keep in mind that OWE does not have an identity layer.

____

From: The EDUCAUSE Wireless Issues Community Group Listserv 
ma

RE: WPA3/OWE as campus solution?

[Lee H Badman]

Not sure how, or even if you'd need to depending on how it all worked. No plan 
here, just discussion..

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

How would you limit local services like printing, screen mirroring, media 
casting, etc?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Friday, April 16, 2021 10:17
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?


Exactly- hance the notion of simplifying... relying on application security, 
2FA etc for actual security while making simply connecting much, much easier.



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836879442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=l7sSKIp95iXMYD5uRV%2F%2FbVgSsEaikmLNW%2FhYq1D0u0M%3D=0>

SYRACUSE UNIVERSITY
syr.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?



Just keep in mind that OWE does not have an identity layer.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Friday, April 16, 2021 10:08
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] WPA3/OWE as campus solution?



One more for you all- anyone contemplating ditching 802.1X for the BYOD side of 
your WLAN (not managed laptops and "business" clients) and simplifying with 
OWE/WPA3? Like... the open network that's actually moderately secure leveraging 
the latest security options?



Thanks,



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836889399%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=8NCkz0FedufnGUcZpDDnCmeI4Gx4Exz%2ByaIUHso5OJc%3D=0>

SYRACUSE UNIVERSITY
syr.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C27dfc8f182a44aed4cd308d900e27165%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541794836889399%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=AAVmLXrmI9B4sTKHA1yhsOSbNDYDYUz2GHUw71tade8%3D=0>

**
Replies to ED

RE: WPA3/OWE as campus solution?

[Lee H Badman]

Exactly- hance the notion of simplifying... relying on application security, 
2FA etc for actual security while making simply connecting much, much easier.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Friday, April 16, 2021 10:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

Just keep in mind that OWE does not have an identity layer.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Friday, April 16, 2021 10:08
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] WPA3/OWE as campus solution?


One more for you all- anyone contemplating ditching 802.1X for the BYOD side of 
your WLAN (not managed laptops and "business" clients) and simplifying with 
OWE/WPA3? Like... the open network that's actually moderately secure leveraging 
the latest security options?



Thanks,



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc2ddcea889344845f22508d900e122b5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541789256037261%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Dg0GozHOzv%2FiHTc3fywtmqxA1lsXHgXxJuB7IIQusWU%3D=0>

SYRACUSE UNIVERSITY
syr.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7Cc2ddcea889344845f22508d900e122b5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637541789256037261%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=0KrU137tPeYLu9i6re9iPZ%2Fy02O6vAXT2DP2hG0wuSs%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

WPA3/OWE as campus solution?

[Lee H Badman]

One more for you all- anyone contemplating ditching 802.1X for the BYOD side of 
your WLAN (not managed laptops and "business" clients) and simplifying with 
OWE/WPA3? Like... the open network that's actually moderately secure leveraging 
the latest security options?

Thanks,

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: 802.1X, onboarders, continued

[Lee H Badman]

AND ANOTHER THING!...

For those using Cloudpath ES or Secure W2, are you on-prem or cloud-based, why, 
and any regrets about the option you went with?

Thanks,

Lee

From: Lee H Badman
Sent: Tuesday, April 13, 2021 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: 802.1X, onboarders, continued

Thanks for the responses to my last email on onboarders. FWIW, after various 
discussions with a number of people, I find myself with a few more questions:


  *   For your onboarder of choice (focusing on CAT Tool, Cloudpath ES, and 
Secure W2) how responsive is the provider to support issues and OS updates?
  *   Are you using, or have you recently used CAT Tool, Cloudpath ES or Secure 
W2 and found yourself dissatisfied with the tool or vender/provider- and why?
  *   Here's the fun one, asked in complete seriousness: has anyone gone down 
the road of robustly securing staff/"company" devices while turning the general 
wireless network into a wide-open WLAN, relying on other controls to provide 
security?


Any and all feedback welcomed, on list or off.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

802.1X, onboarders, continued

[Lee H Badman]

Thanks for the responses to my last email on onboarders. FWIW, after various 
discussions with a number of people, I find myself with a few more questions:


  *   For your onboarder of choice (focusing on CAT Tool, Cloudpath ES, and 
Secure W2) how responsive is the provider to support issues and OS updates?
  *   Are you using, or have you recently used CAT Tool, Cloudpath ES or Secure 
W2 and found yourself dissatisfied with the tool or vender/provider- and why?
  *   Here's the fun one, asked in complete seriousness: has anyone gone down 
the road of robustly securing staff/"company" devices while turning the general 
wireless network into a wide-open WLAN, relying on other controls to provide 
security?


Any and all feedback welcomed, on list or off.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] WLAN onboarding

[Lee H Badman]

Thanks much, Curtis. And everyone responding.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Curtis K. Larsen
Sent: Wednesday, April 7, 2021 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN onboarding

Hi Lee,

We have used the Cloudpath Enrollment System (Ruckus now) since it's release 
(2009?) for EAP-TLS onboarding, and they added PEAP capabilities a few years 
back.  I think it has been very versatile and amazingly simple to maintain.  
The only drawbacks have been a lag of a few weeks sometimes (rarely but it has 
happened) when an OS changes their supplicant, and Windows flagged their exe as 
a virus twice over a ten year period (luckily a manual cert download could 
bypass that).  We looked at secureW2 about a year ago, and in my opinion it is 
the best in the space (probably doesn't get flagged as a virus, haha), but the 
cost was many, many times more than Cloudpath for our large campus and hospital 
org.  We have also been able to use Cloudpath not just for 802.1X onboarding, 
but also to send i-PSK registrations to Cisco ISE on our IoT SSID.  Let me know 
if you'd like to see how we use it sometime.

Thanks,

--
Curtis K. Larsen
Wireless Network Engineer III
The University of Utah

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Wednesday, April 7, 2021 9:30 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLAN onboarding

Thanks, Philippe. I didn’t realize CAT would accommodate non-eduroam SSIDs. 
That’s huge.
Lee Badman (mobile)


On Apr 7, 2021, at 10:55 AM, Philippe Hanset 
<005cd62f91b7-dmarc-requ...@listserv.educause.edu<mailto:005cd62f91b7-dmarc-requ...@listserv.educause.edu>>
 wrote:
 Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net<http://www.anyroam.net>
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:


Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.



Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?

-If you are doing PEAP-TLS, what is your onboarder of choice?

-Have you recently piloted any onboarders that you just hate for any reason?

-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?



Interested in 3rd party, native, whatever.



Thanks as always,



Lee Badman



Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems

SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only

Re: [WIRELESS-LAN] WLAN onboarding

[Lee H Badman]

Thanks, Philippe. I didn’t realize CAT would accommodate non-eduroam SSIDs. 
That’s huge.

Lee Badman (mobile)

On Apr 7, 2021, at 10:55 AM, Philippe Hanset 
<005cd62f91b7-dmarc-requ...@listserv.educause.edu> wrote:

 Lee,

Based on your timeframe you might also want to consider the new development 
that is done in Europe called “geteduroam”.
https://www.geteduroam.app
It is App based and will feed from CAT but it is based on EAP-TLS or on 
EAP-TTLS/PEAP if preferred.

So you could start with CAT  and username/password (CAT allows you to provision 
eduroam and other SSIDs as well) and evolve later to EAP-TLS.

Philippe


Philippe Hanset, CEO
www.anyroam.net<http://www.anyroam.net>
Operator of eduroam-US
+1 (865) 236-0770






On Apr 7, 2021, at 10:05 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:

Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.

Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year’s end. To that end, I’m looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?
-If you are doing PEAP-TLS, what is your onboarder of choice?
-Have you recently piloted any onboarders that you just hate for any reason?
-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?

Interested in 3rd party, native, whatever.

Thanks as always,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

WLAN onboarding

[Lee H Badman]

Hello everyone, hope your semesters are going along smoothly and that you are 
all staying healthy. As always- this message is not an invite for vendors to 
contact me.

Looking out down our short timeline, we need to make a number of decisions 
about various aspects of our WLAN operations. One of these decision points is 
if/how to do the 802.1X onboarding after our current solution goes End of 
Everything at year's end. To that end, I'm looking for any and all feedback on 
these questions:

- If you are using PEAP/MS-CHAP v2, what is your onboarder of choice (even if 
none, with manual config as methodology)?
-If you are doing PEAP-TLS, what is your onboarder of choice?
-Have you recently piloted any onboarders that you just hate for any reason?
-For those using eduroam as your 802.1X environment, have you found the free 
configuration tool to be reliable? Any downsides to using it at scale?

Interested in 3rd party, native, whatever.

Thanks as always,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Wi-Fi and Covid

[Lee H Badman]

Several vendors are trying to monetize COVID... the Wi-Fi part (in my opinion) 
falls apart fairly quickly in spots when you start talking it through for 
contact tracing- and usually to do it you may have to buy things you don't have 
to round out the system.

FWIW.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Philippe Hanset
Sent: Thursday, April 1, 2021 3:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi and Covid

All,

Has anyone else been approached by AFCOTRA?
They have developed an algorithm to map Wireless users and Covid Contamination.
They want to use Wi-Fi logs to establish mapping of Covid Cross Contamination 
on campus.
(I guess linking MAC address to Wi-Fi triangulation)

Neat Idea!

Philippe

Philippe Hanset, AFO
www.anyroam.net




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Arista Wi-Fi

[Lee H Badman]

Curious if any large schools, or any schools for that matter, are using Arista 
for WLAN and have any good, bad or indifferent to report on performance, 
reliability, supportability etc.

This is not a vendor/VAR invite to contact.

Thanks-

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues

[Lee H Badman]

The by-product? "The campus network sucks. I'm using my hotspot..." let the fun 
begin.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ian Lyons
Sent: Friday, February 12, 2021 9:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

We had a huge upswell of Mac users not being able to connect and the newest OS 
was at fault. Older macs further away...no issues. Mac's with new OS right 
under an AP... couldnt connect reliably, huge CPU spikes and or crappy wifi.

Ahh, I love Apple.

But yeah, in this instance, dont discount the OS.

Ian

Cheers
Ian J Lyons
Network Architect - Rollins College
401.413.1661 Cell
407.628.6396 Desk




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Julian Y Koh 
mailto:kohs...@northwestern.edu>>
Sent: Friday, February 12, 2021 9:35
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues


* External Email *




On Feb 12, 2021, at 07:56, Sidharth Nandury 
mailto:nandu...@denison.edu>> wrote:

We are an Aruba shop at Denison University and have received reports of issues 
on Zoom and Google Meet as well mostly on Mac OS. Looking into the Zoom 
dashboard statistics of some of these calls we are seeing the "Max Loss" 
percentage go up to 99% frequently and back down to 2-6 % on wireless when 
there are no issues. We can generally co-relate this to higher ping responses. 
I would also love to what other Universities are doing to look at this.

This thread reminded me of a recent on on the NANOG mailing list about Macs and 
wireless issues.  Go to 
https://mailman.nanog.org/pipermail/nanog/2020-October/thread.html
 and look at the thread titled "Apple Catalina Appears to Introduce Massive 
Jitter".  I can't remember all of the details but the tl;dr summary that I 
remember involved some interaction between Bluetooth, possibly Location 
Services, and Wi-Fi.


--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
>
PGP Public Key: 
>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 

RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues

[Lee H Badman]

I am seeing in another channel talk about Zoom pushing Macbook CPU to almost 
100% especially when other apps are open, and the effect is worse per model and 
HW specs. I don’t know this to be true, but a couple of respectable folks 
saying so. If so, one takeaway would be to make sure Zoom client is up to date 
and only app running.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Sidharth Nandury
Sent: Friday, February 12, 2021 8:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

We are an Aruba shop at Denison University and have received reports of issues 
on Zoom and Google Meet as well mostly on Mac OS. Looking into the Zoom 
dashboard statistics of some of these calls we are seeing the "Max Loss" 
percentage go up to 99% frequently and back down to 2-6 % on wireless when 
there are no issues. We can generally co-relate this to higher ping responses. 
I would also love to what other Universities are doing to look at this.

Thank you.

Sid

On Fri, Feb 12, 2021 at 8:30 AM Samuel Clements 
mailto:scleme...@gmail.com>> wrote:
Troubleshooting seemingly disjointed problems and crowdsourcing recommendations 
is always a tricky thing for us to navigate. Personally, I like to look at 
things like "absolutely everything is okay except for one single app" with a 
grain of salt unless I can back it up with empirical evidence (application 
inspection, external app health solutions, etc). Just because Zoom is filtering 
to the top, you very well could be having pervasive issues otherwise, but the 
vocal majority could simply be expressing Zoom since it can be taxing on a 
number of network components. Unless you want to delve off into actual 
troubleshooting scenarios (capturing debugs & packets), you're going to be left 
with "punch list" troubleshooting - and those come from vendor recommended best 
practices. In this case, I'd make sure that you follow the Apple/Cisco document 
that is meant to address both manufacturers recommendations:
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practices_for_iOS_devices_and_Mac_computers_on_Cisco_Wireless_LAN.pdf

I'd particularly pay attention to QoS since it's easy to get wrong - remember, 
unless you have trust on *every* link (yes, even those fancy 10G links in your 
core), you do not have QoS. It's a lengthy doc, but it's quite comprehensive - 
and most everything is in there for a reason. Let's be honest, having a nice 
reference guide is far better than vendors that don't qualify interoperability 
(cue Lee complaining about Wi-Fi Alliance) or provide design recommendations. 
In short, I'd recommend you start where your vendors suggest you start.
  -Sam

On Fri, Feb 12, 2021 at 6:36 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:
That there are widespread problems with Zoom, and often just Zoom, is not hard 
to appreciate- one random sample:

https://www.reddit.com/r/Zoom/comments/g58olb/keep_getting_your_internet_connection_is_unstable/?utm_medium=android_app_source=share

The risk in tweaking controller settings for just Zoom's issues are that you 
can create more problems. Tread lightly here, and know that you are not alone.

At the same time, if anyone has discovered a silver bullet, I'd like to hear it 
as well. To me, it seems like the fix should be on the Zoom end, but am trying 
to keep an open mind.

Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Tariq Adnan 
<01e6b38f57b3-dmarc-requ...@listserv.educause.edu<mailto:01e6b38f57b3-dmarc-requ...@listserv.educause.edu>>
Sent: Thursday, February 11, 2021 9:19 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Macbook zoom wireless dropout issues


Hello everyone,



Just checking if you have recently come across any macbook zoom wireless 
dropout (and frozen screen) issues and have taken any step to resolve it.



So I have come across a Macbook

RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues

[Lee H Badman]

The only problem I have there- with “where your vendor tells you to start”- is 
that the vendor loves to push “go to latest code”.

THEN…

Oops- now you got a new problem. Better downgrade.

Let’s try this escalation code. Whoopsie, new bug…

Let’s try THIS escalation code. Darn… different bugs. Yikes.

Let’s go back to where you were. Oh wait, same problem.

Let’s try THIS escalation code. What, you can’t live with this other bug?

And so on. Each gyration extremely disruptive, and one thing I don’t think 
Cisco (at least) TAC really grasps the gravity of during an academic semester.

Beyond that, I don’t disagree with Brother Samuel.

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Samuel Clements
Sent: Friday, February 12, 2021 8:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

Troubleshooting seemingly disjointed problems and crowdsourcing recommendations 
is always a tricky thing for us to navigate. Personally, I like to look at 
things like "absolutely everything is okay except for one single app" with a 
grain of salt unless I can back it up with empirical evidence (application 
inspection, external app health solutions, etc). Just because Zoom is filtering 
to the top, you very well could be having pervasive issues otherwise, but the 
vocal majority could simply be expressing Zoom since it can be taxing on a 
number of network components. Unless you want to delve off into actual 
troubleshooting scenarios (capturing debugs & packets), you're going to be left 
with "punch list" troubleshooting - and those come from vendor recommended best 
practices. In this case, I'd make sure that you follow the Apple/Cisco document 
that is meant to address both manufacturers recommendations:
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practices_for_iOS_devices_and_Mac_computers_on_Cisco_Wireless_LAN.pdf

I'd particularly pay attention to QoS since it's easy to get wrong - remember, 
unless you have trust on *every* link (yes, even those fancy 10G links in your 
core), you do not have QoS. It's a lengthy doc, but it's quite comprehensive - 
and most everything is in there for a reason. Let's be honest, having a nice 
reference guide is far better than vendors that don't qualify interoperability 
(cue Lee complaining about Wi-Fi Alliance) or provide design recommendations. 
In short, I'd recommend you start where your vendors suggest you start.
  -Sam

On Fri, Feb 12, 2021 at 6:36 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:
That there are widespread problems with Zoom, and often just Zoom, is not hard 
to appreciate- one random sample:

https://www.reddit.com/r/Zoom/comments/g58olb/keep_getting_your_internet_connection_is_unstable/?utm_medium=android_app_source=share

The risk in tweaking controller settings for just Zoom's issues are that you 
can create more problems. Tread lightly here, and know that you are not alone.

At the same time, if anyone has discovered a silver bullet, I'd like to hear it 
as well. To me, it seems like the fix should be on the Zoom end, but am trying 
to keep an open mind.

Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Tariq Adnan 
<01e6b38f57b3-dmarc-requ...@listserv.educause.edu<mailto:01e6b38f57b3-dmarc-requ...@listserv.educause.edu>>
Sent: Thursday, February 11, 2021 9:19 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Macbook zoom wireless dropout issues


Hello everyone,



Just checking if you have recently come across any macbook zoom wireless 
dropout (and frozen screen) issues and have taken any step to resolve it.



So I have come across a Macbook running Catalina 10.15.7 reporting zoom 
dropouts from time to time.



The AP is 3700 and the controller model is 8540 running code 8.5.161.6. The 
session time out on the SSiD is set to 24 hours. The QOS is default “silver”.



I was running debug on

Re: Macbook zoom wireless dropout issues

[Lee H Badman]

That there are widespread problems with Zoom, and often just Zoom, is not hard 
to appreciate- one random sample:

https://www.reddit.com/r/Zoom/comments/g58olb/keep_getting_your_internet_connection_is_unstable/?utm_medium=android_app_source=share

The risk in tweaking controller settings for just Zoom's issues are that you 
can create more problems. Tread lightly here, and know that you are not alone.

At the same time, if anyone has discovered a silver bullet, I'd like to hear it 
as well. To me, it seems like the fix should be on the Zoom end, but am trying 
to keep an open mind.

Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tariq Adnan 
<01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
Sent: Thursday, February 11, 2021 9:19 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Macbook zoom wireless dropout issues


Hello everyone,



Just checking if you have recently come across any macbook zoom wireless 
dropout (and frozen screen) issues and have taken any step to resolve it.



So I have come across a Macbook running Catalina 10.15.7 reporting zoom 
dropouts from time to time.



The AP is 3700 and the controller model is 8540 running code 8.5.161.6. The 
session time out on the SSiD is set to 24 hours. The QOS is default “silver”.



I was running debug on WLC (debug client mac) and AP and there is no helpful 
log generated at the time of issue. The utilization for both radios on the AP 
is close to 1% (not busy) and the noise and interference reported by AP is not 
unusual. The switchport have no errors etc.



I have searched this forum and few people have reported that the mac’s were 
having issues with specific 5G channels. Some suggested to change few things on 
the mac (turn off unlock with apple watch) etc.



So if you have recently dealt with something similar, can you please share your 
thoughts and if you have resolved the issue, how did you do that (code upgrade 
etc.)?



Few things I can try:

-Set Qos profile to platinum

-Disable Aironet IE

-Configure Idle timeout on the ssid (less than session timeout) : currently it 
is default 5 minutes

-Disable 11ac MU-MIMO on ssid

-upgrade macos to Big Sur



Thanks,

Tariq





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wireless Segmentation and NAC

[Lee H Badman]

All I would say here is that networks are not obligated to accommodate every 
half-baked, livin-in-1988 device that comes along, either. You can say no to 
the worst offenders, and also work with device manufacturers on occasion to 
help them drag their stuff into this century rather than risk non-acceptance on 
campus.

Not to take anything away from David’s good points.

Lee Badman (mobile)

On Feb 2, 2021, at 11:17 AM, David Logan  wrote:


One more consideration for network design (especially L2, L3) and policy 
enforcement architecture, somewhat relevant in this "segment the network?  And 
how?" portion of this thread:  the __performance effects/consequences__ of 
consumer IoT tech operating in the Enterprise setting (what I call BYOT).

Here's a couple of examples:

All BYOT uses a combination of Bcast and Mcast for ease of installation, peer 
product discovery and display/print/communications sharing use cases.   Flatter 
networks with no Bcast/Mcast controls in place will propagate the protocols, 
which in turn will make mobile devices WLAN radios "wake up" more frequently 
than in an actual in-home location, driving battery life down and causing 
weirdness for the apps that require these protocols on the BYOT and/or mobile 
device.   This argues for some level of network segmentation, likely beyond 
macrosegmentation and into microsegmentation.

VoIP architectures involving soft clients on BYOD/personal mobile devices and 
locally hosted media gateways both cause and suffer from performance / 
scalability problems when the underlying legacy network design forces 
undesirable network and application behaviors.  For example, when a mobile 
device calls another mobile device in the same "Enterprise" organization, and 
those devices are associated with a network that prevents East-West flows -- it 
will require the soft clients to use the (likely) DMZ hosted VoIP Media Gateway 
to stitch together the call flow acting as a proxy.   While these architectures 
seem to be waning in new deployments, they are still widely deployed, and are 
frequently sized to support limited inbound/outbound calling through the Media 
Gateway.  This, in turn, causes individual call quality issues and media 
gateway capacity issues as constant hairpinning occurs, mobile devices roam and 
need to rekey and potentially re-IP, etc.  This argues for consideration of 
L2/L3/DDI design as applied to BYOD, consideration of where East-West flows are 
required for expected application behaviors / capacity / cost, in turn 
requiring consideration for security policy and network-level enforcement.

-- David Logan
Aruba Networks, CTO office

On Mon, Feb 1, 2021 at 8:27 PM William Green 
mailto:gr...@austin.utexas.edu>> wrote:
I don't believe the network is the appropriate place for security to be 
applied, but witnessing the carnage... I believe there is a careful 
cost/benefit role.

By n=1, I was clumsily referring to Terry Gray's Perimeter Protection Paradox-- 
wanting to get to a perimeter of 1 (or very few failing that).   From a 
client's perspective, it is more likely to be compromised stepping onto a large 
campus than staying at home.

I haven't convinced myself, but think seriously about the following to help 
clients.  Setting aside the science DMZ exception case... First, if only doing 
stateful inspection, there are not the combinatorials that occur with  firewall 
rule sets.  In the case of most end user device, simple stateful inspection 
without additional restriction is probably 90% or more of any network 
isolation/security benefit.  Stateful inspection won't likely be coming to 
access layer switches real soon, but perhaps in a decade.  Second, on our 
campus most traffic is north/south now (very little east/west).  Where the 
north keeps going off to the cloud.  At our border, we deploy devices doing 
full-cone (but could perform stateful at the same rate) where Moore's Law has 
advanced things quite a bit.  Latency through them is under a millisecond at 
our scale (not perceptible in the general case, and given most is going north 
to the cloud not really detectable).  Third, if one were to trust no devices 
(about where I am), then why not tunnel all packets from their origination 
through such a device.  Not to protect servers or enforce policies, but to 
protect the clients.  Hardware tunneling capabilities are showing up on access 
switches, and in the next turn of the silicon likely at more reasonable prices. 
 The same is needed for wireless (since that's were most devices are).  Sending 
all traffic northward for inspection is susceptible to east/west performance 
issues and increasing failure domains.  But if almost everything is already 
going north that failure domain is already being exercised.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the 

Re: [WIRELESS-LAN] Wi-Fi 6E Branding Rant

[Lee H Badman]

This is what the Wi-Fi Alliance spends their time doing, rather than testing 
actual interoperability and doing anything to harmonize the very fragmented, 
hyper-proprietary client space. Pffft.

Lee Badman (mobile)

On Jan 20, 2021, at 9:38 AM, Jennifer Minella  wrote:


LOL. You’re not wrong… it’s a tough challenge. It *is* still WiFi 6 (802.11ax) 
so WiFi 7 would be confusing. I think the best way I’ve seen it consistently 
used with non-Wi-Fi pros is to call it “WiFi 6- Extended” meaning it’s extended 
in to other RF spectrum. That’s not official but I think even Chuck uses that 
moniker for it.

The more common confusion we run in to is people thinking the “6” in WiFi 6E 
means 6GHz.

I’m sure other folks here have some additional ideas for keeping it straight 
for non-WiFI peeps. As for us, we just constantly re-iterate what 6E is (and 
isn’t) pretty much every time the phrase comes out of our mouths, even if that 
means multiple times in a webinar, Tech Talk, or client meeting.

You’re in good company with your frustration though 
-jj

___
Jennifer Minella, CISSP, HP MASE
VP of Engineering & Security
Carolina Advanced Digital, Inc.
www.cadinc.com
j...@cadinc.com
919.460.1313 Main Office
919.539.2726 Mobile/text


From: Green, William C 
Sent: Monday, January 18, 2021 6:52 PM
Subject: Wi-Fi 6E Branding Rant


"Wi-Fi 6E” is not a good branding for what 6GHz provides, in my personal 
opinion.  I hope the Wi-Fi Alliance reconsiders.

I've been discussing Wi-Fi 6E in my organization for over a year-- and nobody 
can keep that “E” in their heads.  They constantly confuse "Wi-Fi 6" as the 
same as "Wi-Fi 6E" in meetings, products, and strategies.   The whole point of 
the Alliance branding was to make things more understandable to non-technical 
audiences right?  Doesn’t 6 vs 6E fly in the face of that?  I’m not good at 
naming things, so am use to recognizing branding failures like this.

I understand most of the underlying technology is the same-- other than 6GHz 
capability.  Most people don't care about the underlying technology unless it 
accomplishes something they need.  6GHz is a once in a generation 
differentiator that will enable far more than the changes from 802.11ac to 
802.11ax, which was deserving of a new number.  Not having that capability 
reflected in a more differentiated branding is causing and will continue to 
cause unneeded confusion.

I understand the Alliance has already placed a lot into marketing of the term 
"Wi-Fi 6E", but that's sunk cost.  Pick a new branding.  Perhaps, Wi-Fi 7.  You 
can leave all 6E materials and just say its the same thing as Wi-Fi 7.  Have 
everything in the futures pipeline do a +1 on their PowerPoints.  Will the 
Alliance incur some ridicule, yes, but less than continuing with 6E in my 
personal opinion.

Do I think this rant will change anything?  No.  But naming a frustration is 
sometimes useful for dealing with it.  I’m moving on.

--
William Green, Director of Networking and Telecommunications
The University of Texas at Austin | ITS | 512-475-9295 | 
gr...@austin.utexas.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Visit https://cadinc.com/blog for tech articles and news.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wireless Upgrade Project

[Lee H Badman]

Using Meraki in our branch locations, we have a couple of sites with 35 APs, 
several more with anywhere from just one to a handful. I have zero regrets. The 
bugs are few and far between. We don’t have many VLANs in these sites, which 
would be the nut to crack in larger deployments. Here’s an aging article I 
wrote on that 
https://www.toolbox.com/tech/cloud/blogs/why-were-not-all-flocking-to-mist-and-meraki-wireless-the-layer-2-situation-101518/

But VLANs aside, it is soo nice not having a buggy controller and 
semi-worthless bloated NMS to keep up, given that those are Meraki’s problem. 
We are still controller-based on the big WLAN, so we are living in both worlds.

Lee Badman (mobile)

On Dec 31, 2020, at 11:38 AM, Ian Lyons  wrote:


I will provide a disclaimer that "things cloud" are not my favorite-in the 
regards that you have to prove that your network is not the problem before 
vendors truly commit in a down/crisis issue.  But the new world order is here.

Having said that, have people who have gone to the cloud have diverse end user 
client gear? Ipads,Iphones, IOT, PC,Mac etc.   Going back in time, I had Meru 
and RingMaster and with a pure PC client I never had an issue. As soon as the 
Macs etc (anything other than a PC) came online, chaos ensued.

Solution was to go with a newer (or better-sorry Meru)  on prem controller and 
when Apple did the "walled garden" fiasco, the controller vendors did a GREAT 
job un'effing what Apple did to us (again as a school in Sept/Oct) -just as 
classes were in full swing-with students who blithely get the latest greatest 
Apple software and then were not able to connect to the network

Now, a lot of time has gone by since then and almost everyone has a cloud-based 
product in the oven...with various levels of baking completed.

My question:
With the "lack of knobs" (our Meraki sales person kept saying that, but the 
intention I think was "it just works") in cloud solutions for wifi vs on prem 
controllers...  and a diverse (BYOD) environment are the cloud solutions solid? 
 Or has anyone felt that the cloud has been holding them back?

Just curious as the next evolution is here and I am genuinely intrigued on how 
things have evolved.

Cheers
Ian J Lyons
Senior Network Engineer - Rollins College
401.413.1661 Cell
407.628.6396 Desk




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rand Hall 

Sent: Thursday, December 31, 2020 10:01
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Wireless Upgrade Project


* External Email *


After 9 years of Meraki's cloud controller I couldn't imagine going back. (And 
I was a huge cloud skeptic...and still am to an extent).



On Wed, Dec 30, 2020 at 10:22 AM Luis Quispe 
mailto:lqui...@stevens.edu>> wrote:

Hello everyone,



Hope you’re all having a relaxing time off before getting back into the new 
year.  We’re looking for some feedback from those that have recently gone 
through a campus wifi upgrade/change.  From the non-technical perspective, we 
plan to communicate with our user base for all phases of the project.  Does 
anyone have any suggestions on communicating with the users?  Not so much on 
the how, but the information provided to the user, or requested information 
that can be useful.



On the technical perspective, has anyone gone from on-prem controller to 
controller-less and cloud management?  We will be conducting POCs with both 
Extreme Networks and Juniper Mist and as you may know, both of these solutions 
are Cloud managed solutions.  We are also doing a POC with Aruba, but there’s a 
little gray area there when it comes to controller-less.  What I mean is that, 
we were told we could go the route of Instant-AP with Cloud-Central, but given 
what we have about 1800 APs, we should prefer to go with the on-prem solution 
instead.  Here are some questions:



  *   I know that there are a few schools here that are Aruba Wireless 
customers, please comment on going to the newer version 8 OS (we are still on 
6).
  *   If anyone has any comments on going with or tested either Mist or 
Extreme, please do so!  With administrations now pushing to go to the cloud 
when possible, has anyone considered going controller-less?
  *   Has anyone considered AX as a driver to change, or waiting to see what 
happens with Wifi6E?
  *   While most wireless solutions would provide decent management dashboards, 
does anyone have any comments on which provides useful information for 
troubleshooting?  Mist provides many points of user-experience information that 
could help with troubleshooting issues, does anyone have feedback on that?
  *   For those that have experience with Extreme, has anyone employed that 
Fabric-Attach process to do without having to manually bridge vlans to the 
access points?  Was this really a game changer?
  *   With the Next-Gen solutions talking about all the analytics available, 
does that really help 

RE: [EXT] Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

[Lee H Badman]

I really struggle with the notion of ever actually visiting deployed APs to do 
console work- regardless of vendor. If the bug is that bad, I'd seriously 
consider demanding an advance RMA for each of them. That way the site visit is 
a replacement rather than a tech monkeying around with file system at the top 
of a ladder or lift. To me, that is way beyond what should be expected of 
customers for what these systems cost.

Just one man's opinion.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Sweetser, Frank E.
Sent: Friday, December 18, 2020 8:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 
8.6.0.6 Experiences?

I recently performed an upgrade that included about 90 505s, and strongly 
suspect I hit the same bug on the entire batch - except, of course, for the one 
that I kept and put in the lab environment.  That one stubbornly refused to 
fail, upgrading flawlessly every time.

Has anyone ever heard if there's a fix that doesn't require physical access?  
All of my 505 are in residential space, which basically means that I'm not 
likely to get physical access to them until after the students move out this 
summer.

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Miller, Keith C
Sent: Friday, December 18, 2020 6:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

That's the one. Have you reported it to them? I didn't pull the word rare out 
of thin air... That's what I've been told and that it affected roughly 0.0001% 
of deployed 515s. I guess I'm just being naive.

Thanks for waking me up!

Regards,
Keith
M: (803) 464-2397 O: (919) 962-6564

Sent from my mobile device so please excuse any typos.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Michael Davis mailto:da...@udel.edu>>
Sent: Thursday, December 17, 2020 10:22:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

It's not so rare, it's been happening to our 515s since 8.4.

The AP will upgrade successfully, but the apboot> environment variable that 
selects which
partition to boot, never gets changed so it reboots to the old partition and 
rinse and repeat.

On 12/17/20 9:03 PM, Miller, Keith C wrote:

2. We hit a "rare" bug that's only affected a small number of 515s worldwide 
where the AP gets stuck in a boot/image upgrade loop and you must physically 
console into the AP to fix it and boot from the upgraded partition.



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. 

RE: [WIRELESS-LAN] Clover Flex - eduroam

[Lee H Badman]

Wouldn't this put your whole Eduroam environment in PCI scope?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Aaron Brunck
Sent: Wednesday, December 9, 2020 10:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Clover Flex - eduroam

Hello, We are attempting to install a Clover Flex credit card reader on our 
eduroam network but we have been running into issues.  The Clover Flex is 
locked down and will not allow us to install a web browsing app which would 
allow us to install the required certs for our eduroam environment.  
Investigated installing the signed root certificate but did not see a way to do 
this over a wireless hotspot connection.  We have also tried to authenticate 
the Clover Flex with anonymous credentials but it is still unhappy.
Has anyone been able to successfully configure one of these devices for an 
eduroam network? 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

8540 Code version- holiday work

[Lee H Badman]

Knowing that there is no easy answer on questions of Cisco code versions, I'll 
throw it out there anyways. We have been on 8.5.151.0 for quite some time now , 
with mostly good reliability for 3700s and 3800s alike (occasional need to 
reboot 3700s), We are due to minimally reboot everything, and I've been 
following the various discussions regarding code bugs and specific client 
issues these past few months.

So curious- is there a solid, reliable newer version to consider? We are not in 
a hurry to get into .11ax yet for a number of reasons. Given the long and 
problematic history of WLC code, 8.5.151.0 has been as close to "wow, it 
actually doesn't totally suck" as we've ever been.

Regards,

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Transitioning from older controller to new controller

[Lee H Badman]

Me three, please.

Lee Badman (mobile)

On Nov 11, 2020, at 3:26 PM, Mike Atkins  wrote:


You are not late at all.  I certainly am.  I have 8-9 e-mails for interest.  
I'll send out a quick survey to collect information from those that responded.  
I will send it to the list again to pickup others that might be interested.


On Wed, Nov 11, 2020 at 3:17 PM Michael Heflin 
<02002057e293-dmarc-requ...@listserv.educause.edu>
 wrote:
Little late but would be interested in this as we are moving from 8540's to 
9800's

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--




Mike Atkins
Infrastructure Architect
Office of Information Technology
University of Notre Dame




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: wifi 7 and beyond intel preso

[Lee H Badman]

It's not just you. Between waves and new standards, the Life Cycle stuff is 
getting complicated. Features that would be awesome can't be used, and the gap 
betwixt consumer and enterprise clients/vendor mindsets is rapidly expanding. 
It's fairly messy, and fraught with coulda/shoulda/woulda.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ian Lyons
Sent: Monday, November 2, 2020 2:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] wifi 7 and beyond intel preso

Is it me, or does it seem like the frequency of new versions is happening at a 
faster pace.  hell at this rate me might actually have AX running before Ver 8

Cheers
Ian J Lyons
Senior Network Engineer - Rollins College
401.413.1661 Cell
407.628.6396 Desk
October is National Cyber Security Awareness month. Read more about it 
here<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstaysafeonline.org%2Fcybersecurity-awareness-month%2F%3Futm_source%3DCISA%26utm_medium%3Dwebsite%26utm_campaign%3DNCSAM_Site%26utm_term%3DNCSAM=02%7C01%7CILYONS%40Rollins.edu%7Ce131336f503446b9275008d86565f1da%7Cb8e8d71a947d41dd81dd8401dcc51007%7C0%7C0%7C637370835810392992=2vaO6xYJoFNEmzhNk1P2JCTA95eZANI8nikuqeTUybI%3D=0>
Secure your Rollins account with Multi-Factor Authentication 
here<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Frollins.teamdynamix.com%2FTDClient%2F1835%2FPortal%2FRequests%2FTicketRequests%2FNewForm%3FID%3Dals14BoXh2g_=02%7C01%7CILYONS%40Rollins.edu%7Ce131336f503446b9275008d86565f1da%7Cb8e8d71a947d41dd81dd8401dcc51007%7C0%7C0%7C637370835810402983=svTV9PAJY7GamBnzf0ZtYfn4EONWpfPSQi5plWdd3Ck%3D=0>
Do Your Part. #BeCyberSmart



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Monday, November 2, 2020 14:13
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] wifi 7 and beyond intel preso


* External Email *



Thanks for sharing, Trent. It all sounds wonderful, until your realize that 
most of it can't be turned on and used or WLANs crumble from bugs or 
incompatibilities... The gap between promise and reality seems to be widening 
with each new standard, says I.



Gloomy in Syracuse

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hurt,Trenton W.
Sent: Monday, November 2, 2020 1:40 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] wifi 7 and beyond intel preso



Some wifi 7 info



https://www.intel.com/content/dam/www/public/us/en/documents/pdf/wi-fi-7-and-beyond.pdf<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fdam%2Fwww%2Fpublic%2Fus%2Fen%2Fdocuments%2Fpdf%2Fwi-fi-7-and-beyond.pdf=04%7C01%7Cilyons%40ROLLINS.EDU%7Cdc7c968c3a594bebdc3e08d87f635b1d%7Cb8e8d71a947d41dd81dd8401dcc51007%7C0%7C0%7C637399411993594175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=rlhZpv7uTDsZpMZBXJ2sYIYVHkTTrHIEHugLucY3PAY%3D=0>









**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cilyons%40ROLLINS.EDU%7Cdc7c968c3a594bebdc3e08d87f635b1d%7Cb8e8d71a947d41dd81dd8401dcc51007%7C0%7C0%7C637399411993604133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=V%2Bs2vj7yEQleBTidLeJ93EZu9pgO2bpTGMNZwid7jdk%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cilyons%40ROLLINS.EDU%7Cdc7c968c3a594bebdc3e08d87f635b1

RE: wifi 7 and beyond intel preso

[Lee H Badman]

Thanks for sharing, Trent. It all sounds wonderful, until your realize that 
most of it can't be turned on and used or WLANs crumble from bugs or 
incompatibilities... The gap between promise and reality seems to be widening 
with each new standard, says I.

Gloomy in Syracuse
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hurt,Trenton W.
Sent: Monday, November 2, 2020 1:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] wifi 7 and beyond intel preso

Some wifi 7 info

https://www.intel.com/content/dam/www/public/us/en/documents/pdf/wi-fi-7-and-beyond.pdf





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] MacOS Disconnections on Cisco Controllers

[Lee H Badman]

Curious if anyone has tied this behavior in any way to Mac sleep issues- like 
this (just one example) https://discussions.apple.com/thread/251356663

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Marcelo Maraboli
Sent: Wednesday, October 28, 2020 9:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] MacOS Disconnections on Cisco Controllers

Hi Jordan

We've been having this exact problem for weeks now.

It has been present only in MacOS and not seen in IOS,Andriod or Windows.

We've done packet-captures on the MacOS, debugs on the WLC (5520 and 8540) with
different WLC-OS (8.5.161, 8.5.164, 8.10.131) and are now with Cisco TAC doing 
some
AP sniffing and with a local Reseller doing analysis with a WIFI Expert 
engineer.

What we have is an eduroam SSID with 802.1X and a "session timeout" {SSID 
specific config
in the Advanced Tab (("Enable Session timeout"))} at 600s

This forces the 802.1X re-auth every 600s and after hours of Mac notebooks 
working OK
with this, the WLC fails to put the client in "RUN MODE" and therefore blocks 
all IP traffic.
The client (notebook) can still renew the DHCP lease if you want, but it has to 
wait 600s
for the next re-auth and the WLC will enable the IP traffic or the notebook may 
turn the
WIFI off then on to force a re-auth.

There is no problem with the re-auth (radius, 802.1X, client). It is just the 
WLC that fails
to put the client in RUN MODE.

The workaround has to DISABLE the "Enable session timeout" and leave it to the 
default timeout
which is 24 hours.

We are waiting for a "recommended configuration" so we can flush idle sessions 
(notebooks just close
up and leave) so the Radius and WLC won't fill up the session table.


Hope this helps...


cheers!



On 26-10-20 12:37, Cox, Jordan D wrote:
Good morning,

We have been working with Cisco TAC to troubleshoot an issue where our MacOS 
clients will randomly lose connectivity to the default gateway (and thus 
internet etc.). The wireless will stay connected in the run state, but the Mac 
will send out repeated ARP requests for the default gateway during the outages. 
The outages last between 20 seconds to 5 minutes and is resolved once the 
client gets an ARP response from the gateway.

We have packet captures showing ARP requests going through the CAPWAP tunnel to 
the controller but NOT leaving the controller to the gateway during the 
outages. TAC has acknowledged the problem is on the controller, and I'm waiting 
to hear back from them.

I'm wondering if anyone else has seen similar issues?

More details:

  *   WLC is two 5508 in HA configuration
  *   WLC was running 8.5.161.0 and we upgraded to 8.5.161.7 to troubleshoot
  *   250 APs are running in local mode (the issue does not happen when testing 
in Flexconnect mode with local switching)
  *   Default gateway is a Palo Alto firewall
  *   The MacOS client sends an ARP broadcast to find the gateway every 20 
minutes but the outage doesn't happen every 20 minutes
  *   It seems like the issue appears during high utilization on the controller 
since I didn't see any issues when testing over a campus break when many 
students were gone
  *   I've seen the issue on multiple SSID's including a test SSID which only 
had my clients on it
  *   Client debug on the controller shows no issues
  *   This doesn't seem to affect Windows machines

Thank you!

[cid:image001.png@01D6AD23.5DE6B670]

Jordan Cox
Network Admin II, Information Technology
P: 651-882-3995
jdc...@unwsp.edu  |   
www.unwsp.edu

Equipping Christ-centered learners and leaders
to invest in others and impact the world.




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

--

Marcelo Maraboli Rosselott
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
https://www.linkedin.com/in/marcelomaraboli/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Eero Wired OUI if anyone can help

[Lee H Badman]

.
660 3rd Street
San Francisco  CA  94107
US
--
14-22-DB   (hex)eero inc.
1422DB (base 16)eero inc.
230 9th St.
San Francisco  CA  94103
US
--
48-DD-0C   (hex)eero inc.
48DD0C (base 16)eero inc.
660 3rd Street
San Francisco  CA  94107
US
--
3C-5C-F1   (hex)eero inc.
3C5CF1 (base 16)eero inc.
660 3rd Street
San Francisco  CA  94107
US
--
F8-BC-0E   (hex)eero inc.
F8BC0E (base 16)eero inc.
660 3rd Street
San Francisco  CA  94107
US
--
68-4A-76   (hex)eero inc.
684A76 (base 16)eero inc.
660 3rd Street
San Francisco  CA  94107
US
--
5C-A5-BC   (hex)eero inc.
5CA5BC (base 16)eero inc.
660 3rd Street
San Francisco94107
US
--
A8-B0-88   (hex)eero inc.
A8B088 (base 16)eero inc.
660 3rd Street
San Francisco  CA  94107
US



Regards,

Jacob Smith
Georgia Institute of Technology


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Sent: Friday, October 16, 2020 4:43 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Eero Wired OUI if anyone can help

Odd request I know, but trying to track down an issue. If anyone has access to 
Eero mesh wireless, I'd like to know what the wired side MAC prefix is, if you 
can help.

Thanks,

Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD 
Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0%3chttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0>>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d

RE: [WIRELESS-LAN] Eero Wired OUI if anyone can help

[Lee H Badman]

-
> 00-AB-48   (hex)eero inc.
> 00AB48 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 74-B6-B6   (hex)eero inc.
> 74B6B6 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 30-57-8E   (hex)eero inc.
> 30578E (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 80-B9-7A   (hex)eero inc.
> 80B97A (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 18-90-88   (hex)eero inc.
> 189088 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 14-22-DB   (hex)eero inc.
> 1422DB (base 16)eero inc.
> 230 9th St.
> San Francisco  CA  94103
> US
> --
> 48-DD-0C   (hex)eero inc.
> 48DD0C (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 3C-5C-F1   (hex)eero inc.
> 3C5CF1 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> F8-BC-0E   (hex)eero inc.
> F8BC0E (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 68-4A-76   (hex)eero inc.
> 684A76 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> --
> 5C-A5-BC   (hex)eero inc.
> 5CA5BC (base 16)eero inc.
> 660 3rd Street
> San Francisco94107
>             US
> --
> A8-B0-88   (hex)eero inc.
> A8B088 (base 16)eero inc.
> 660 3rd Street
> San Francisco  CA  94107
> US
> 
> 
> 
> Regards,
> 
> Jacob Smith
> Georgia Institute of Technology
> 
> 
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Lee H Badman 
> <00db5b77bd95-dmarc-requ...@listserv.educause.edu>
> Sent: Friday, October 16, 2020 4:43 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Eero Wired OUI if anyone can help
> 
> Odd request I know, but trying to track down an issue. If anyone has access 
> to Eero mesh wireless, I'd like to know what the wired side MAC prefix is, if 
> you can help.
> 
> Thanks,
> 
> Lee Badman | Network Architect (CWNE#200) Information Technology 
> Services (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
> Campus Wireless Policy: 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystemsdata=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C9d150a481b2b42b366c108d87217b480%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637384793422498114%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Mpbdf57oZQLBPkixxytFo9tkrAIhwcfRfp%2BKIuF4Shg%3Dreserved=0<https://nam06.safelinks.protection.outlook.com/!
 
?

RE: Eero Wired OUI if anyone can help

[Lee H Badman]

treet
San Francisco  CA  94107
US



Regards,

Jacob Smith
Georgia Institute of Technology


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Sent: Friday, October 16, 2020 4:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Eero Wired OUI if anyone can help

Odd request I know, but trying to track down an issue. If anyone has access to 
Eero mesh wireless, I'd like to know what the wired side MAC prefix is, if you 
can help.

Thanks,

Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD 
Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=04%7C01%7Cjacob.smith%40OIT.GATECH.EDU%7C26908b77c98f4269d9ef08d872141f22%7C482198bbae7b4b258b7a6d7f32faa083%7C0%7C0%7C637384778043834313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=%2F8IGdr3c8KkpNSZW3TDTO26ldk%2B06GVs1X2oDt8YWvQ%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cjacob.smith%40OIT.GATECH.EDU%7C26908b77c98f4269d9ef08d872141f22%7C482198bbae7b4b258b7a6d7f32faa083%7C0%7C0%7C637384778043834313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ySbDa2l9TtVgQkOJ%2F%2B1yCIDXqhrokgOxf38ZjZIyQqA%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Eero Wired OUI if anyone can help

[Lee H Badman]

Odd request I know, but trying to track down an issue. If anyone has access to 
Eero mesh wireless, I'd like to know what the wired side MAC prefix is, if you 
can help.

Thanks,

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Wireless Device Policy Questions

[Lee H Badman]

89a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63739295584367=CGHVNqxz3fYuAis2ZwJTNNzboGDyFeLc8OkQ6hoWIkU%3D=0>



On 25 Sep 2020, at 3:11 am, Michael Dickson 
mailto:mdick...@nic.umass.edu>> wrote:



We created a PSK SSID with MAC auth registration for devices. We limit device 
types to essentially the "consumer grade entertainment devices" genre. We use 
device fingerprinting to accomplish this. We started from a "deny all then 
allow" paradigm. Only game consoles during pilot. Then added video streaming 
devices then AppleTV, Echo, SmartTVs, etc. Easier to add device types then take 
away. 802.1x capable devices get denied. We also limit number of devices a user 
can register. All helps to mitigate the flood of industrial IT devices coming 
in from campus wide vendors, some of which may fall into the life-safety genre. 
Vendors get stuck and end up asking how they can add "a lot" of sensors (e.g. 
HVAC) to our wireless. We have a discussion, give it a thumbs up or down, and 
create rules/policies/networks as needed. Good but not perfect. But starting 
off closed then letting out the line has helped. Having a PSK network also 
solves the issue of devices that can't connect to open SSIDs. And if we end up 
just allowing all on the devices network at least we have a sponsor to tie the 
devices back to.

Mike Dickson


Michael Dickson

Network Engineer

Information Technology

University of Massachusetts Amherst

413-545-9639

michael.dick...@umass.edu<mailto:michael.dick...@umass.edu>

PGP: 0x16777D39

On 9/24/20 11:33 AM, Lee H Badman wrote:

We created an open SSID for the dorms that has Internet access only. It helps 
with maybe ¾ of the consumer devices, but there are still some home gadgets 
that need more- Chromecast is one example. Some speakers as well. Then there 
are devices that will ONLY join PSK networks (like TP-Link power strip) so the 
open won’t work there. I have seen one Nanoleaf light controller that will not 
work in 2.4 if it sees 5 GHz, and it only works in 2.4 despite the ability to 
sense 5. The unholy and expensive things needed to make these high end 
enterprise systems work like home Wi-Fi is really fairly astounding.



If you go this route, expect to occasionally buy and try consumer gear to 
verify what works and what doesn’t, and to play whack a mole with students 
wireless hotspots when whatever you attempt doesn’t immediately work.



Or… let them use their own hotspots and be done with it. (If only…)



Lee Badman







Lee Badman | Network Architect (CWNE#200)

Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fits.syr.edu%2F=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1bd96ed1b58041a0fac508d8619bd89a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63739295594311=PI6%2BksJIIskx21%2Fqz1%2BgWZaWHxcHPQmurngRYJxY0gU%3D=0>

Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1bd96ed1b58041a0fac508d8619bd89a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63739295594311=LV3NWfPF0y9MXE000S9cvmcGzRRNsjISuN8ovR%2Ffqao%3D=0>

SYRACUSE UNIVERSITY
syr.edu<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsyr.edu%2F=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C1bd96ed1b58041a0fac508d8619bd89a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63739295604305=nWqROxRuzUMTfCKRba0h%2BqvLeuYWtu6dx36wc80bs%2Bo%3D=0>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
On Behalf Of Gernannt, Bill
Sent: Thursday, September 24, 2020 10:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wireless Device Policy Questions



All –



>From a residence hall perspective, Young Harris College is a wireless only 
>campus. We are currently seeing a 40% increase in wireless devices over last 
>Fall. This has placed a bit of a strain on our wireless network and, by 
>extension, our tiny IT department. This has prompted several internal 
>discussions as to what expectations our end users should have related to 
>wireless support.



Obviously, our core responsibility is to provide the resources necessary to 
have a successful educational experience. But, we also recognize there is a 
need for our students to have access to online recreational activities like 
gaming and streaming media. As we look to strike a balance, we wanted to reach 
out to other institutions for insight and guidance.



Have any institutions implemented a restrictive policy that prohibits spe

RE: Wireless Device Policy Questions

[Lee H Badman]

We created an open SSID for the dorms that has Internet access only. It helps 
with maybe ¾ of the consumer devices, but there are still some home gadgets 
that need more- Chromecast is one example. Some speakers as well. Then there 
are devices that will ONLY join PSK networks (like TP-Link power strip) so the 
open won't work there. I have seen one Nanoleaf light controller that will not 
work in 2.4 if it sees 5 GHz, and it only works in 2.4 despite the ability to 
sense 5. The unholy and expensive things needed to make these high end 
enterprise systems work like home Wi-Fi is really fairly astounding.

If you go this route, expect to occasionally buy and try consumer gear to 
verify what works and what doesn't, and to play whack a mole with students 
wireless hotspots when whatever you attempt doesn't immediately work.

Or... let them use their own hotspots and be done with it. (If only...)

Lee Badman



Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Gernannt, Bill
Sent: Thursday, September 24, 2020 10:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Device Policy Questions

All -

>From a residence hall perspective, Young Harris College is a wireless only 
>campus. We are currently seeing a 40% increase in wireless devices over last 
>Fall. This has placed a bit of a strain on our wireless network and, by 
>extension, our tiny IT department. This has prompted several internal 
>discussions as to what expectations our end users should have related to 
>wireless support.

Obviously, our core responsibility is to provide the resources necessary to 
have a successful educational experience. But, we also recognize there is a 
need for our students to have access to online recreational activities like 
gaming and streaming media. As we look to strike a balance, we wanted to reach 
out to other institutions for insight and guidance.

Have any institutions implemented a restrictive policy that prohibits specific 
wireless devices? If so, how did you determine what was acceptable and what was 
not? How did you get leadership to support the initiative? How do you go about 
enforcing the policy?

Have any institutions developed policies that set expectations for wireless 
performance? What does the policy consider to be necessary versus desirable?

Any examples or ideas would be most welcome. Feel free to reach out to me 
directly, if preferred.

Regards,

Bill Gernannt
Network Administrator
Information Technology Services
1 College Street | Young Harris, Georgia 30582
(706) 379-5206 | wegerna...@yhc.edu | 
yhc.edu
[cid:image002.png@01D31B2D.F9068A30]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Lee H Badman]

It's not the Alliance's fault, no. But the WLAN industry is becoming a wretched 
mess of "if this, then that" among device types, code/driver versions, and the 
various "waves" and other sub-versions of 802.11 standards. The LAST ones who 
should have to figure it all out is the consumer. The members of the Alliance 
aren't very allied, and that is my point.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Julian Y Koh 

Sent: Wednesday, September 23, 2020 9:50:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?



On Sep 23, 2020, at 16:38, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:

What is truly frustrating is that all vendors involved are likely members of 
the Wi-Fi Alliance, whose "interoperability" testing obviously isn't getting it 
done.

I hear the frustration in general, but in this specific case it seems like the 
frustration should be directed not at the fact that there are incompatible 
drivers but the difficulty in being able to update those drivers?  It’s not the 
Wi-Fi Alliance’s fault that users have to figure out to download new drivers 
directly from the NIC manufacturer instead of just getting them as part of an 
automatic update process, is it?

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: <http://www.it.northwestern.edu/>
PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

[Lee H Badman]

What is truly frustrating is that all vendors involved are likely members of 
the Wi-Fi Alliance, whose "interoperability" testing obviously isn't getting it 
done.

One man's opinion.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Ethan Grinnell 

Sent: Wednesday, September 23, 2020 5:31:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

I recently wanted to do testing with an affected driver and was able to obtain 
them on OEM websites instead of directly from Intel. This build has the issue 
with WiFi6 SSID visibility: https://support.lenovo.com/us/en/downloads/DS103594

Also, I noticed that the Windows 10 built-in driver for many Intel WiFi chips 
is version 17.x (It was on my test client) which didn't seem to have the issue. 
So that's fun, it's not just versions lower than some baseline build number 
being affected. I didn't test many different builds, but it looked like 17.x 
was good, 18.x, 19.x, and 20.x had some affected builds. More information here: 
https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless.html

The issue is still around. Many BYOD types require users to update their own 
drivers, which few seem to do. Windows doesn't always update the drivers 
either, so there could potentially be lingering issues from outdated drivers 
for a long time.

Ethan Grinnell
CCIE R #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Sep 23, 2020 at 2:01 PM Mike Atkins 
mailto:matk...@nd.edu>> wrote:
We deployed our ax capable APs without ax enabled for the same Intel driver 
issues.  I wanted to test something with a flawed driver recently and noticed 
it is no longer available from Intel.  I think Intel revamped their downloads 
page at the end of last year to remove all but the newest revisions of drivers. 
  We use SecureW2 for eduroam onboarding so we can get a sense of drivers used 
by Windows devices.  We will probably enable Wi-Fi 6 next year if the numbers 
continue to look good.




Mike Atkins
Infrastructure Architect
Office of Information Technology
University of Notre Dame
Phone: 574-631-7210


   .__o
   - _-\_<,
   ---  (*)/'(*)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Nadim El-Khoury
Sent: Wednesday, September 23, 2020 4:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi Eric,

One more thing that I forgot to answer. We elected to keep Wi-Fi 6 enabled and 
just disabled it in the vicinity of our Technical Support Center (User Support) 
in the Library building.

Best,

Nadim

On Wed, Sep 23, 2020 at 4:35 PM Floyd, Brad 
mailto:bfl...@mail.smu.edu>> wrote:
Eric,
I have deployed almost 200 of the Aruba 530 series APs so far in the last 2-3 
months. I saw, first hand, what happens with the 802.11ax enabled SSID and the 
flawed Intel drivers. The SSIDs don't appear to those devices. When we were 
discussing whether or not to deploy the ax APs vs stick with ac APs, we decided 
we wanted the longer remaining life span before end-of-sale / end-of-support of 
the APs of the ax vs the ac. The added benefit Aruba provides is that it is 
very simple to disable the features (just a single check box on a profile). We 
figure we can wait for a semester or two and schedule an attempt to re-enable 
the features. A driver update definitely fixes the issue, but since we are so 
heavily loaded with BYOD devices that we have no control over, this was a 
better option for us. Hopefully this helps.
Thanks,
Brad

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Kenny, Eric
Sent: Wednesday, September 23, 2020 3:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Status of Wi-Fi 6 Client Drivers?

Hi All,

I know on-campus populations might not be what they usually are right now, but 
I was wondering if anyone has seen reports of buggy client side drivers causing 
issues with 802.11ax.  Specifically we are using the Aruba AP-530 series AP.  
There were some Intel chips that had challenges a few months back, but a driver 
update resolved the issue.

We are considering disabling the Wi-Fi6 capability of the APs to prevent issues 
with outdated drivers, so we’d like to hear your observations so far if this is 
still a real problem.

Thank you,

Eric Kenny

Network Architect | Infrastructure Technology Services Harvard University 
Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person 

Latest Gen Cisco WLAN Experiences?

[Lee H Badman]

Hopefully everyone has having a good semester start, given the circumstances. 
I'd like to pick the brains of long-time Cisco wireless customers who have made 
the jump to the new stuff- 9800s, DNAC, .11ax (or not) as data points for our 
planning.

Please provide answers off-list, so the public bashing/fanboy affect is 
minimized, but I will share unfiltered (except for personal and school names) 
what I get back with anyone else  interested.

If you have used Cisco AireOS products for a while and have or are moving to 
the new stuff:


-  How big is you WLAN environment?

-  Why did you stay with Cisco?

-  How important is your Wave2 11ac installed AP base to your decision 
to stay with Cisco?

-  How important is "we have single VLANs to each AP + CAPWAP tunnels" 
versus "we'd have to redesign if we went with Mist, Meraki, etc" to staying 
with Cisco?

-  Have you been significantly frustrated by aspects of Cisco's AireOS 
products and support? If so, have you found the new stuff any less frustrating?

-  From the support perspective, do you feel that Cisco earned their $ 
with responses to your problems on the AireOS products? Has that changed better 
or worse with the new stuff?

-  Do you feel that Cisco's latest license paradigms on 9800s, DNAC, 
APs, location services, etc are fair and reasonable versus product quality and 
quality of support?

-  Have you found the Wireless Business Unit corporate culture 
satisfactory throughout the old and new product sets?

If you have changed from Cisco to another vendor rather than move to the new 
product sets, I'd also be interested in hearing the why behind your decision 
and the difficulty or ease of changing.

Kind regards, and thanks.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on CA certificates

[Lee H Badman]

Should be syslog, RADIUS log, or other data that gives away the failure.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Friday, September 11, 2020 3:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 
tightens restrictions on CA certificates

Jamie,
Not getting an IP address (assuming no IP infrastructure / routing failure) 
could definitely be a result of a certificate failure during the 4-way 
handshake, therefore causing an 802.1X failure. I believe there is a particular 
step in the 4-way handshake that likely indicates a certificate failure, but I 
don't remember off the top of my head which one it is.
Thanks,
Brad

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Price, Jamie G
Sent: Friday, September 11, 2020 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 
tightens restrictions on CA certificates

On our Cisco controllers, I see some devices "connected" and they should be 
issued a DHCP address in this network. They are not getting an IP address 
(0.0.0.0). Is this a symptom they are not passing with the cert? Thus failing 
802.1x?

Thank you

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Higgins, Benjamin J
Sent: Friday, September 11, 2020 7:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 
tightens restrictions on CA certificates

Can confirm that this "feature" has prevented SecureW2 from onboarding Android 
11 devices to our network.  While the app appears to *deliver* the certificates 
- they are in the drop down when you edit the WiFi Profile - if you attempt to 
connect to the network is sits and spins.  If you edit the profile again, you 
will find that the SecureW2 delivered certificate is no longer in the drop down 
list.  Only "Use system certificates" or "Do not validate" is there...

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jonathan Waldrep
Sent: Friday, September 11, 2020 8:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on 
CA certificates

On 2020-09-10 22:19:21, Johnson, Christopher wrote:
> This popped up in my news feed, that's going to affect the user experience 
> even more for onboarding apps for those with private CAs I'd imagine.
> 
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhttptoolkit.tech%2Fblog%2Fandroid-11-trust-ca-certificatesdata=02%7C01%7Cbjhiggins%40WPI.EDU%7C5ac7d0e54c9043231cc208d8564faaa5%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637354247483916966sdata=OLv50t%2FT%2Fjj9eK1Dhj05DgE2YspIyuAKrdT5HIbpQs8%3Dreserved=0
> 
> "In Android 11, to install a CA certificate, users need to manually:
> 
>   *   Open settings
>   *   Go to 'Security'
>   *   Go to 'Encryption & Credentials'
>   *   Go to 'Install from storage'
>   *   Select 'CA Certificate' from the list of types available
>   *   Accept a large scary warning
>   *   Browse to the certificate file on the device and open it
>   *   Confirm the certificate install
> 
> Applications and automation tools can send you to the general 'Security' 
> settings page, but no further: from there the user must go alone (fiddly if 
> not impossible with test automation tools)

tldr: I don't think this impacts certificates installed for Wi-Fi networks. 
They are handled differently. I would like someone who has experience with 
actually writing an on-boarding app to chime in, though.

Longer dive:
It is worth noting that when you manually install a CA in Android, it asks if 
you want to install it for "VPN and apps" or "Wi-Fi" (at least on Android 9, 
which is what I'm on). This indicates there is something different on the back 
end.

>From the article, it seems to stem from Google locking down the 
>KeyChain.createInstallIntent() API method [1] in the android.security package. 
>Ultimately what we are after is setting up a wireless profile. How does that 
>work? Well, there is an android.net.wifi package [2]. Let's look there.

There is a WifiConfiguration class, but there is a note that it was deprecated 
in API level 29 (Android 10), and to use WifiNetworkSpecifier.Builder instead 
[3]. The article is specifically about Android 11, so we don't care about older 
versions.

In the WifiNetworkSpecifier.Builder class, there is 

Re: [WIRELESS-LAN] MDNS Traffic - problem with wifi on campus

[Lee H Badman]

Has anyone simply tried to disable multicast on the WLAN?

Lee Badman (mobile)

On Sep 1, 2020, at 8:42 PM, Debbie Unterseher 
<0058e3b52c23-dmarc-requ...@listserv.educause.edu> wrote:


We have had poor wifi at our university since school started August 10. We have 
less students than we did last semester, and less students in classes because 
of social distancing. I am not the network person. However I know I have had 
good luck at finding answers from other people, so I thought I would share this 
with you all to see if you have any input. Most of this means nothing to me. 
Would be happy for any suggestions you have! Below are the two emails that the 
IT department just sent - one to me and one to the whole campus. Thanks again 
for any input.
~~
Let me just say in non-technical terms, I have heard that there is a point that 
the traffic through the access points just stops, and my understanding is that 
the Ubiquiti APs get super hot and some have failed. Some will work after 
cooling down for several minutes. The HP and Ubiquitis are reacting the same, 
but the Ubiquitis are worse.  We did just switch from Moodle to Canvas, and 
some classes are being taught via Zoom.

~~
Information Systems would like to give an update on what we have found, so far, 
in our work to solve the WiFi problems that have been experienced this semester.

Our working theory is that over the summer updates to the networking for 
computers and mobile devices have changed to include new features. 
Occasionally, the new features cause problems with our local infrastructure. 
Right now our wireless network is overloaded with a lot of unnecessary traffic. 
On a small network with a few devices such as a home, this traffic would not be 
a problem and is very useful for interacting with printers, cameras, or other 
devices. On a large network with 1800 devices just on the student network, it 
can be a big problem. We are trying to resolve how to control this traffic. 
This does not have anything to do with our Internet connection speed, which is 
doing very well. It is mainly centered around activity happening on the student 
network, which of course is our largest network.

We have been continually testing and making changes to our network. Some of you 
may have seen us monitoring classes or even asking people in a class to turn 
off or on certain devices. While there is not much activity for us to monitor 
on Tuesdays and Thursdays, Mondays, Wednesdays, and Fridays are busy times for 
testing. We made some significant configuration changes and will be testing 
them tomorrow.

Below are some details for the technically curious:

Here is what we know:

  *   Very high volume of multicast traffic
  *   Seems to be mostly mDNS protocol
  *   IPv4 and IPv6 are used for transport
  *   Affects WiFi more than wired network
  *   Affects both HP and Ubiquiti devices

Here is what we think:

  *   Clients have been updated to use newer protocols
  *   mDNS is used mostly to talk to IoT devices
  *   mDNS is similar to AppleTalk's NBP and is very chatty
  *   Our Ubiquiti APs fail, some may not be useful for production anymore
  *   HP APs that are 802.11ac compatible fail but will recover
  *   It seems that 802.11n units are more resilient or at least they can 
recover on their own
  *   Problem seems to be localized in (four classrooms)

Here is what we are doing:

  *   Upgraded firmware on our switches
  *   Changed WiFiTX protection to "No MAC protection" which excludes 803.11b 
devices
  *   Turned on Spanning Tree and IGMP helpers to WiFi
  *   Changed DTIM to 3
  *   Downgraded the firmware on our working Ubiquiti APs
  *   Experimenting with replacing all 802.11ac units with .11n devices
  *   Controlling broadcasts at switch and AP level
  *   Disabled mDNS at switch level for IPv4 on capable switches
  *   Trying to disable mDNS over IPv6 at switch level
  *   Considering requesting all clients stop using IPv6

Have received permission from Nicole to disrupt Nursing classes in LLC. Will do 
so if action is relevant
We have done some experiments with turning off all devices or just phones, but 
need more data.


Email directly to me from networking guy:

Here is an article that explains the type of thing we think may be
causing problems on our WiFi:
https://framebyframewifi.net/2018/01/15/beware-of-mdns-floods-from-buggy-android-clients/

I have done a number of packet captures and found in problem areas we
have a high percentage of mdns traffic (Multicast DNS, basically peer to
peer chatting and device discovery.  As best we can tell we do not need
any mdns on our campus for academic functions.  Some IoT things in the
dorms on the Student network many need this, but not much else.

Please note that this is not a problem just for Android on our networks
however, in fact most of the mdns traffic we are seeing is more 

RE: [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

[Lee H Badman]

I’d also suggest using 40 MHz channels in 2.4 GHz, because then the jigabits 
get there faster in luxuriously wide fastlanes.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Johnson, Christopher
Sent: Wednesday, August 26, 2020 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

Now be honest. If Phase 1 was “Use all 11 Channels” – was Phase 2 - Disable any 
“multicast/broadcast filtering mechanisms” 

Sorry. Just popped in there since I just finished writing a message about why 
“unfiltered multicast/broadcast” traffic is bad mojo – and why can’t just “turn 
it on”. 
Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook and 
Twitter
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, August 26, 2020 12:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu]
The four-channel plan made sense when AP density was lower and before OFDM 
(back when spectral density graphs had long tails.)  I’m not sure if it was 
every really better than a 3-channel plan, but there was a case for it.  Even 
if it was better for 802.11b, 802.11g and the iPhone made it obsolete.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Seth Bean
Sent: Wednesday, August 26, 2020 12:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

I briefly tried the 4 channel (1,4,7,11) plan and it was awful. I have found 
shutting off the 2.4 radio in dense environments works in a 3 channel plan.

Seth Bean
Administrator of Networks and Telecommunications
MCLA APA Chapter President
Massachusetts College of Liberal Arts
413.662.5022
413.663.1276
375 Church Street
North Adams,
MA 01247


“National Top Ten
Public Liberal Arts College”
2019 US News & World Report

MCLA

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of SWARTZ, POLA 
mailto:pola_swa...@dpsk12.org>>
Sent: Wednesday, August 26, 2020 12:18:24 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

CAUTION: This email originated from outside of MCLA. Do not click links or open 
attachments unless you recognize the sender and know the content is safe.


Amen


Smile,
Pola Swartz
WAN/Wireless Infrastructure Manager
Department of Technology Services
780 Grant St., Denver, CO 80203
#p 720-423-3603 | c 303-905-9520 | 
dpsk12.org
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/DPS-Logo.jpg]

[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Facebook.jpg]
 
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Twitter.jpg]
 

 
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Instagram.jpg]
 

  
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Youtube.jpg]
 

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

[Lee H Badman]

Perhaps his name is Channel McFly, and he’s looking to raise a Ruckus.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Dan Lauing
Sent: Wednesday, August 26, 2020 12:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations

I have never heard of that before. That is extremely interesting.

On Wed, Aug 26, 2020 at 11:18 AM SWARTZ, POLA 
mailto:pola_swa...@dpsk12.org>> wrote:

Amen


Smile,
Pola Swartz
WAN/Wireless Infrastructure Manager
Department of Technology Services
780 Grant St., Denver, CO 80203
#p 720-423-3603 | c 303-905-9520 | dpsk12.org
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/DPS-Logo.jpg]

[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Facebook.jpg]
 
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Twitter.jpg]
  
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Instagram.jpg]
   
[http://thecommons.dpsk12.org/cms/lib/CO01900837/Centricity/Domain/42/Youtube.jpg]
 
Students First . Integrity . Equity.  Collaboration. Accountability . Fun
Never out smart your common sense...



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Brady J. Ballstadt mailto:bjbal...@uark.edu>>
Sent: Wednesday, August 26, 2020 10:15 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] 2.4Ghz channel designations


Find a new consultant.



Brady Ballstadt



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of John Rodkey mailto:rod...@westmont.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, August 26, 2020 at 11:13 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 2.4Ghz channel designations



For many years I have consistently used channels 1, 6, and 11 as 
non-overlapping channels wherever 2.4Ghz is deployed.  I have a consultant who 
is suggesting using all 11 channels in our high density dorm situations, 
arguing that  signal interference will affect throughput less than the delays 
from protocols where the 3 channels are within hearing distance of each other.



This doesn't make sense to me.  If you in your situation have found using all 
11 channels to be an effective solution vs the 3 channel non-overlapping 
approach, could you explain to me why you made that choice, and what your 
on-the-ground experience is with this configuration?



Thank you!



John Rodkey

Director of Servers and Networks

Westmont College



Verification: Unsure if this is a legitimate email to an email list? Make sure 
it is recorded at 
https://my.westmont.edu/it_emails



"God-fearing faith... is neither brash nor foolhardy and does not tempt God." - 
Martin Luther

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

WARNING: This email originated outside of Denver Public Schools. Do not click 
links, buttons or open attachments UNLESS you recognize the sender and know the 
content is safe. If you feel this message may be harmful, please use the Report 
Phish button.


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the 

RE: [WIRELESS-LAN] 2.4Ghz channel designations

[Lee H Badman]

Does this consultant have any actual experience? Or… training?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of John Rodkey
Sent: Wednesday, August 26, 2020 12:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 2.4Ghz channel designations

For many years I have consistently used channels 1, 6, and 11 as 
non-overlapping channels wherever 2.4Ghz is deployed.  I have a consultant who 
is suggesting using all 11 channels in our high density dorm situations, 
arguing that  signal interference will affect throughput less than the delays 
from protocols where the 3 channels are within hearing distance of each other.

This doesn't make sense to me.  If you in your situation have found using all 
11 channels to be an effective solution vs the 3 channel non-overlapping 
approach, could you explain to me why you made that choice, and what your 
on-the-ground experience is with this configuration?

Thank you!

John Rodkey
Director of Servers and Networks
Westmont College


Verification: Unsure if this is a legitimate email to an email list? Make sure 
it is recorded at https://my.westmont.edu/it_emails



"God-fearing faith... is neither brash nor foolhardy and does not tempt God." - 
Martin Luther

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: IoT and Wireless

[Lee H Badman]

One thing to consider- Wi-Fi often is NOT the best technology for IoT. LoRaWAN 
and others can be much more effective.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Price, Jamie G
Sent: Monday, August 24, 2020 11:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] IoT and Wireless

Team,

Hi, I wanted to query the group and ask what IoT means to you and your position 
and school.

I have some ideas, but if you wouldn’t mind a list of 5-10, general statements 
on your vision of IoT, or initiatives you’re currently working on or thinking 
of- would love to hear them.

For instance, we now have COVID check-in stations. Wi-Fi must go where it never 
has been before for personnel, student and client intake forms.

Anyone integrating their lighting?
Anyone implementing wayfinding?

è What should a person in my position be doing/considering, if they aren’t? 
Totally boss me. 

Thanks,
Jamie


Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
jamie.pr...@cuanschutz.edu
www.cuanschutz.edu

[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 



What causes bad Wi-Fi?
The plug-and-play auto-optimizations marketed by your favorite Access Point 
(AP) manufacturers aren’t all the same. The complexities of an increased shift 
in demand overnight due to a software update, latency-sensitive services like 
voice over Wi-Fi, and real-time location services turn a simple plug-and-play 
solution into a custom deployment that needs proper planning and regular 
maintenance. Bad Wi-Fi can be a result of insufficient coverage, but it can 
also be caused by a range of improper settings and external interferers that 
APs alone may not be able to detect.
Coverage and Capacity – If your network doesn’t meet the minimum requirements 
for coverage and capacity, the devices on your network will not be able to 
perform the necessary applications.
Channel Overlap – Channel overlap can wreak havoc on your network. 
Interferences from neighboring APs and networks will cause bad Wi-Fi.
Interference – Both Wi-Fi and non Wi-Fi signals can cause interferences on your 
network. Wireless cameras, microphones, or even microwaves can cause a 
disruption on your network.
https://www.ekahau.com/blog/request-for-sidekick/?utm_campaign=2020.07.GL.EM.Sidekick%20Campaign_source=email_term=Sidekick%20blog%20%26%20approval%20letter_content=2020.07.GL.EM%20Sidekick%20Campaign








**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

[Lee H Badman]

Glad it's working out for you, Jeff. I didn't mention a bad relationship with 
the vendor, BTW.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jeffrey D. Sessler
Sent: Friday, July 17, 2020 11:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

I don't know Lee, within our consortium of 5 undergrad and 2 grad universities, 
all running AireOS-based WLCs, the reliability has been exceptional.  My last 
show-stopper (WLC crash) was way back in 5.x days.  Sure, there have been AP 
radio code challenges, but most of those were wayward client devices that had 
to have their behavior dealt with at the AP radio code level.

This is purely my experience, but when I ran into those AP<->client radio 
issues with my first customer ship 3800's, the Cisco wireless BU worked 
directly with us on resolution, with rapid radio code updates to work around 
the client challenges.  I couldn't ask for a better relationship with a vendor.

It surprises me that any vendor's WiFi in EDU's work reliably given the myriad 
of client devices, OS versions, and chipsets we deal with. It was certainly the 
case when my consortium had Aruba too, that the grass wasn't greener... they 
had their gopher problems, and Cisco had prairie dogs.

I do think the future is in SaaS/IaaS, where the vendor has much better 
visibility on its installed base, and can capture assurance data to help with 
rapid code improvement. The reality is, must customers aren't sophisticated 
enough, or have the teams in-place, to diagnose WiFi issues, but a vendor with 
insight into their installed-base deployment would.

All my best,
Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Lee H Badman
Sent: Friday, July 17, 2020 8:15 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Agreed. I'd go so far as to say that I have never seen or heard of a buggier 
product set than the AireOS WLCs. I can't imagine Airespace would have survived 
over time had Cisco not bought them to get into the thin AP paradigm given the 
chronic code issues.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Gray, Sean
Sent: Friday, July 17, 2020 10:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Hopefully that means we are moving back to functionality over features for a 
few patches. That's certainly not been the case for newer WLC code trains

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jake Snyder
Sent: July 16, 2020 3:12 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Please forward suspicious emails to 
phish...@uleth.ca<mailto:phish...@uleth.ca>.

Typically I've monitored the release cycle on patches to determine how "bad" 
things were.

In the olden days, Cisco would release a patch when a fixed number of serious 
issues were resolved.  You could then track how many serious bugs were being 
fixed by the interval between patches.  Quicker patches means more issues with 
a higher severity.  If the intervals between patches went down, things were 
starting to stabilize.  So if you saw a patch two months in a row, it might be 
a "let's wait for the next one."

Not sure that will hold true, now that Cisco is saying that "all" releases will 
be stable-train moving forward for ISE.  I see it's been a while from 2.7 to 
2.7p1.  That could be a good sign.  Typically I would wait 2 months before 
upgrading to make sure there weren't repeated patches.  You see this even with 
some long-lived trains that have patches 8,9,10,11 all very close together.


On Jul 16, 2020, at 2:02 PM, Ciesinski, Nick 
mailto:ciesi...@uww.edu>> wrote:

ISE 2.7 is a stable 

RE: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

[Lee H Badman]

Agreed. I'd go so far as to say that I have never seen or heard of a buggier 
product set than the AireOS WLCs. I can't imagine Airespace would have survived 
over time had Cisco not bought them to get into the thin AP paradigm given the 
chronic code issues.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Gray, Sean
Sent: Friday, July 17, 2020 10:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Hopefully that means we are moving back to functionality over features for a 
few patches. That's certainly not been the case for newer WLC code trains

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Jake Snyder
Sent: July 16, 2020 3:12 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Icing ISE 2.1 but where to jump

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Please forward suspicious emails to 
phish...@uleth.ca.

Typically I've monitored the release cycle on patches to determine how "bad" 
things were.

In the olden days, Cisco would release a patch when a fixed number of serious 
issues were resolved.  You could then track how many serious bugs were being 
fixed by the interval between patches.  Quicker patches means more issues with 
a higher severity.  If the intervals between patches went down, things were 
starting to stabilize.  So if you saw a patch two months in a row, it might be 
a "let's wait for the next one."

Not sure that will hold true, now that Cisco is saying that "all" releases will 
be stable-train moving forward for ISE.  I see it's been a while from 2.7 to 
2.7p1.  That could be a good sign.  Typically I would wait 2 months before 
upgrading to make sure there weren't repeated patches.  You see this even with 
some long-lived trains that have patches 8,9,10,11 all very close together.


On Jul 16, 2020, at 2:02 PM, Ciesinski, Nick 
mailto:ciesi...@uww.edu>> wrote:

ISE 2.7 is a stable release. Cisco released very few new features and instead 
focused a lot of bug fixes in 2.6 and 2.7.


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco pre-DNA Spaces Location Service, Contact Tracing

[Lee H Badman]

Thanks, Richard. Great info.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Letts, Richard J
Sent: Friday, May 29, 2020 12:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco pre-DNA Spaces Location Service, Contact 
Tracing

The stream of authentication records with called-station-id and account should 
be enough to do rudimentary contact tracing over a broad area (coverage of an 
AP)

I'd want to avoid the slippery slope of this being used as a proxy for class 
attendance and their academic record because I don't want all of our wireless 
troubleshooting logs to suddenly be in scope for FERPA. 

Also, I heard once that cisco were taking future-possibility of  contact 
tracing out of DNA-spaces marketing materials because cisco's legal freaked on 
the possible privacy implications of what the marketing department had dreamed 
up. We do not have DNA spaces.

Richard Letts

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jeffrey D. Sessler
Sent: Thursday, May 28, 2020 12:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco pre-DNA Spaces Location Service, Contact 
Tracing

Lee,

Even without location services, one can get association data for a device and 
use that for rudimentary contact tracing.  I used it over the summer for a 
possible COVID case, and it was helpful in determining where the person was 
not. That is, it's not accurate enough to exclude people from the local area, 
but if the devices weren’t seen in other buildings, that was helpful.  I don't 
know that it would scale come students returning, and we're going to need 
something like Spaces to help.  Spaces looked very expensive however. 

We make use of an emergency notification product called Everbridge, and they 
are pitching a contact tracing support add-on to their mobile app where they 
bridge data from WiFi associations, door swipe, meal cards, and so on, all in 
an effort to provide more accurate information on a device/person.  Of course, 
that raises privacy concerns, so I'm still hopeful we'll see something 
compelling come from the Apple/Google partnership where we aren't holding onto 
data that must be protected and managed.

Jeff

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Wednesday, May 27, 2020 10:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco pre-DNA Spaces Location Service, Contact Tracing

I hope everyone on the list is doing well.

We are getting multiple vendor pitches these days for contact tracing 
“solutions”. From Cisco, our main network vendor, their pitch relies on DNA 
Spaces. We don’t use that yet,  and it’s no secret what is happening to many of 
our budgets.

 My question is specifically for Cisco legacy location services users. Are you 
all doing anything specific in anticipation of possibly needing to provide 
Wi-Fi location data for contact tracing? Are you being specifically asked about 
it by your management? 

I haven’t decided yet weather the vendors are being generally altruistic or 
opportunistic on this topic yet.

Regards,

Lee Badman (mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Cisco pre-DNA Spaces Location Service, Contact Tracing

[Lee H Badman]

Thanks, Jeff. My thoughts are pretty close to yours on all of this, but it's 
good to hear from others. Should be interesting days to come.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jeffrey D. Sessler
Sent: Thursday, May 28, 2020 12:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco pre-DNA Spaces Location Service, Contact 
Tracing

Lee,

Even without location services, one can get association data for a device and 
use that for rudimentary contact tracing.  I used it over the summer for a 
possible COVID case, and it was helpful in determining where the person was 
not. That is, it's not accurate enough to exclude people from the local area, 
but if the devices weren’t seen in other buildings, that was helpful.  I don't 
know that it would scale come students returning, and we're going to need 
something like Spaces to help.  Spaces looked very expensive however. 

We make use of an emergency notification product called Everbridge, and they 
are pitching a contact tracing support add-on to their mobile app where they 
bridge data from WiFi associations, door swipe, meal cards, and so on, all in 
an effort to provide more accurate information on a device/person.  Of course, 
that raises privacy concerns, so I'm still hopeful we'll see something 
compelling come from the Apple/Google partnership where we aren't holding onto 
data that must be protected and managed.

Jeff

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Wednesday, May 27, 2020 10:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco pre-DNA Spaces Location Service, Contact Tracing

I hope everyone on the list is doing well.

We are getting multiple vendor pitches these days for contact tracing 
“solutions”. From Cisco, our main network vendor, their pitch relies on DNA 
Spaces. We don’t use that yet,  and it’s no secret what is happening to many of 
our budgets.

 My question is specifically for Cisco legacy location services users. Are you 
all doing anything specific in anticipation of possibly needing to provide 
Wi-Fi location data for contact tracing? Are you being specifically asked about 
it by your management? 

I haven’t decided yet weather the vendors are being generally altruistic or 
opportunistic on this topic yet.

Regards,

Lee Badman (mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco pre-DNA Spaces Location Service, Contact Tracing

[Lee H Badman]

I hope everyone on the list is doing well.

We are getting multiple vendor pitches these days for contact tracing 
“solutions”. From Cisco, our main network vendor, their pitch relies on DNA 
Spaces. We don’t use that yet,  and it’s no secret what is happening to many of 
our budgets.

 My question is specifically for Cisco legacy location services users. Are you 
all doing anything specific in anticipation of possibly needing to provide 
Wi-Fi location data for contact tracing? Are you being specifically asked about 
it by your management? 

I haven’t decided yet weather the vendors are being generally altruistic or 
opportunistic on this topic yet.

Regards,

Lee Badman (mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Meraki at large universities

[Lee H Badman]

Throwing my .02 in. We have long used Meraki as our branch Wi-Fi solution in 
around 10 sites, and in recent years full-stack branch networking. We use 
802.1X-based auth, guest Wi-Fi, pretty much everything. We have as many as 35 
APs in a single building/complex, and as many as 4 APs in a bigger conference 
space. Our reliability has been generally superb, with the rare exception every 
couple of years.

No complaints.

-Lee Badman


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Angelo Santabarbara
Sent: Tuesday, May 12, 2020 9:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Meraki at large universities

Take this with a grain of salt as perhaps they've solved some of their problems 
we experienced with our deployment about 5 years ago.  We switched from Cisco 
to Meraki in 2013.  We had about half the campus (~450 AP's) moved over when we 
stopped the process in 2015 due to poor performance and poor client roaming.  
We did a lot of troubleshooting with them, but in our dorm environments it just 
worked very poorly.  We also had strange network behaviors elsewhere on campus 
especially after certain firmware updates that we had to have Meraki roll back. 
Also settings set in the dashboard often didn't take immediate effect so plan 
on setting, waiting a little bit, and then testing.  We do use FortiNAC (aka 
Bradford Network Sentry), but that wasn't the problem.  Ultimately we moved to 
Ruckus and ripped all the Meraki back out and have been very happy with that 
solution.  Meraki does have a nice dashboard, but some configuration is not 
possible without contacting Meraki directly.

Angelo D. Santabarbara
Director Networks & Systems | Siena College
518-782-6996

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Are You Ready for WiFi6E

[Lee H Badman]

Not trying to be a wise-guy. In my mind, based on everything else we're seeing, 
I presume that licensing it for profit is a given. I hope I'm wrong though.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rios, Hector J
Sent: Friday, April 24, 2020 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Are You Ready for WiFi6E

Lee,

Don't give the vendors more ideas please. If I see a "champion's league" 
licensing level, I'll quit.

Hector Rios

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Lee H Badman
Sent: Friday, April 24, 2020 9:34 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Are You Ready for WiFi6E

Hi Hector,

More channels in and of itself is fantastic, even if we don't bond them up into 
huge wide ones. As for APs being hurried out, I'm more interested in how 
clients will roll out. I don't have a lot of faith in certain WLAN vendors 
getting 6 GHz right for a while, given track records to date of shotgunning 
alpha quality code onto the market. Also halfway expect the license-happy 
idiocy that's becoming pervasive to apply to new hardware and what you are 
"allowed" to do in 6 GHz, despite it being unlicensed by the FCC.

Lee Badman

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rios, Hector J 
mailto:hector.r...@austin.utexas.edu>>
Sent: Friday, April 24, 2020 10:15:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Are You Ready for WiFi6E

Now that the FCC has approved the 6GHz band, I wonder what others are doing in 
terms of planning. There is a lot to think about and unlike prior 
announcements, this one really is a game changer. Here are some thoughts:

*Vendors should be rushing to make APs and make them available possibly this 
year.
*The assumption is that the new radios will be tri radios. I'm sure vendors 
will get creative.
*More radios chains and more features (BLE, USB, Zigbee) mean more power needs.
*Faster more efficient technology means faster speeds required: 2.5G/5G.
*Will your existing infrastructure be capable to handle the new technology? 
Today, most likely not.
*If in the middle of a lifecycle, do you continue or do you wait?

For those that are super excited, here are some last things to think about:

Higher modulations require higher levels of SNR. Higher frequencies have 
shorter wavelengths and more trouble getting through objects. Bonding channels 
raises your noise floor and also requires higher receiver sensitivity. There 
are a ton of other things to consider. What say you?

Regards,

Hector Rios
The University of Texas at Austin



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

This message is from an external sender. Learn more about why this 
matters.<https://ut.service-now.com/sp?id=kb_article=KB0011401>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Are You Ready for WiFi6E

[Lee H Badman]

Hi Hector,

More channels in and of itself is fantastic, even if we don't bond them up into 
huge wide ones. As for APs being hurried out, I'm more interested in how 
clients will roll out. I don't have a lot of faith in certain WLAN vendors 
getting 6 GHz right for a while, given track records to date of shotgunning 
alpha quality code onto the market. Also halfway expect the license-happy 
idiocy that's becoming pervasive to apply to new hardware and what you are 
"allowed" to do in 6 GHz, despite it being unlicensed by the FCC.

Lee Badman

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rios, Hector J 

Sent: Friday, April 24, 2020 10:15:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Are You Ready for WiFi6E

Now that the FCC has approved the 6GHz band, I wonder what others are doing in 
terms of planning. There is a lot to think about and unlike prior 
announcements, this one really is a game changer. Here are some thoughts:

*Vendors should be rushing to make APs and make them available possibly this 
year.
*The assumption is that the new radios will be tri radios. I’m sure vendors 
will get creative.
*More radios chains and more features (BLE, USB, Zigbee) mean more power needs.
*Faster more efficient technology means faster speeds required: 2.5G/5G.
*Will your existing infrastructure be capable to handle the new technology? 
Today, most likely not.
*If in the middle of a lifecycle, do you continue or do you wait?

For those that are super excited, here are some last things to think about:

Higher modulations require higher levels of SNR. Higher frequencies have 
shorter wavelengths and more trouble getting through objects. Bonding channels 
raises your noise floor and also requires higher receiver sensitivity. There 
are a ton of other things to consider. What say you?

Regards,

Hector Rios
The University of Texas at Austin



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [EXT] [WIRELESS-LAN] NAC/authentication implementations

[Lee H Badman]

Where wired 802.1X is a goal, have you seen real-world security issues happen 
in your environments that this will solve, or is the target one of evolution 
and prevention?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of McClintic, Thomas
Sent: Monday, April 13, 2020 3:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations

We are currently in the beginning of implementing NAC on the wire. We are using 
a phased approach to ease clients into it.

Phase 1a) Introduce open MAC authentication to all ports, this helps verify 
connectivity and licensing.
Phase 1b) Rollout certificate enrollment via AD and JAMF for EAP-TLS usage
Phase 2a) Enable EAP-TLS authentication along with open MAC and registered 
MACs, enable AD and JAMF computers for wired authentication
Phase 2b) Captive portal for open MAC authentication that enables users to 
enroll for certificate (using CPPM Onboarding)
Phase 3) Begin enforcing EAP-TLS or restricted MAC authentication (to 
authenticate non-EAL-TLS devices), no authentication leaves you in a 
captive-portal, bypass this portal and you are restricted to an internet only 
segmented network

We are currently on phase 2a, but are still working on the design and 
implementation. We are going very slow to minimize impact to users while trying 
to increase our security of restricting open port access. The ultimate goal 
will be to know who or what is on each port and enable our security group to 
dictate the policies.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Johnston, Ryan
Sent: Monday, April 13, 2020 2:28 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations


 EXTERNAL EMAIL 

  1.  If you have a NAC solution do you do port based auth?
 *   Yes.  We use Clearpass to implement.
  2.  If you have a NAC solution do you do eap-tls? If so how are you handling 
the certification “push” to devices?
 *   Yes our primary preferred authentication protocol is EAP-TLS, however 
we do offer and support EAP-PEAP and PSK methods for devices that do not 
support tls certificates or have a bad user experience with them (looking at 
you chromebooks!).  We use a product called SecureW2 for self-service user 
onboarding to WiFi which inserts the certificate into the device.
  3.  What were the major pain points during implementation?
 *   Client onboarding via a local captive portal.  Client captive portal 
browsers are volatile and can their behavior can severely affect the client 
experience.
  4.  What were the major use cases you were resolving/resolved?
 *   We were looking to move away from EAP-PEAP largely for security and 
convenience reasons.  One particular pain point was the regularly scheduled 
expiration of user account passwords.  This in turn would knock a device with 
saved EAP-PEAP credentials off of the network.  Our client certificates are 
valid for a longer period of time and largely avoid this issue.  Network access 
is tied to a combination of valid certificate and valid account lifecycle check.
  5.  Anything you would do differently if you do it again?
 *   I would have liked to have spent more time polishing the onboarding 
experience.  Our deployment timeline however did not allow for it.  As other 
threads on this list have mentioned, if you go down this road you will be 
served well by testing your workflow extensively and often.  Each device type 
has different behaviors of captive portal behavior as well as the possibility 
of application changes with new device software updates.


Ryan

--
Ryan Johnston he/him/his
Associate Director of Infrastructure
DePaul University
55 E Jackson Blvd | Chicago, Illinois 60604
https://www.depaul.edu
 |  
https://helpdesk.depaul.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Brady J. Ballstadt
Sent: Monday, April 13, 2020 9:24 AM
To: 

RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?

[Lee H Badman]

Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID 
(is not eduroam here) using VLAN steering to get them into their own private IP 
space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jess Walczak
Sent: Tuesday, March 31, 2020 2:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks?

Sending out a question as to how you do your wifi that serves your wireless 
door locks.  Do you have them on your branded wifi/eduroam, their own SSID, or 
a shared IoT or infrastructure SSID?  Is it a hidden SSID?  Do you have them 
using a simple PSK or do you onboard it with a tool like ISE or Clearpass.  Do 
you install a cert?

Our institution has purchased Assa Abloy model IN120 door locks.  We are a 
Cisco shop and we have ISE, so we could easily onboard using their Mac Address 
Bypass device profiling, but that would consume an expensive license, so 
perhaps other folks have done something simpler and found it to work well and 
to be enough security/segmentation.

Thanks!--JW

Jess Walczak
Network Engineer
Innovation & Technology Services
University of St. Thomas | stthomas.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

[Lee H Badman]

I wish all Enterprise vendors did this. Everything else feels like gratuitous 
complexity for the sake of having more to license. If the goal is "make it like 
at home" the notion of device registration smells funny. Although I yield this 
is not a simple discussion.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Paul Smith 

Sent: Wednesday, March 4, 2020 10:35:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

That’s exactly how our Aerohive private client groups work. One SSID across 
residences. Students get a PPSK and all devices using that key can talk to each 
other. Job done.

Paul Smith
Network Specialist (Wireless)
University of Bristol
IT Services
31 Great George St
Bristol
BS1 5QD

I try to follow the University email charter –
bristol.ac.uk/media-library/sites/hr/documents/wellbeing/email-charter.pdf


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: 04 March 2020 15:31
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

Just a quick aside on this:

We are dealing with same questions for long term, but one thing that I think 
gets lost in these “solutions”- students don’t register anything at home. Would 
be awesome if a bazillion PPSKs were available on same SSID.

Here kid, your SSID is THIS, your password is THIS. Go to it. Nothing more 
needed and no one can see each other. All the casty stuff works with no network 
tricks.

That would be the Holy Grail, to me.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Craig D Rice
Sent: Wednesday, March 4, 2020 10:19 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

We are an Aruba shop and are evaluating AirGroup + ClearPass to provide 
students a more home-like experience in their residence halls. That is, we 
would like students to be able to register and see only their registered 
devices.

If a user registers a device in ClearPass, is that device visible to 
non-registered devices (or devices registered to another user) -- even if the 
devices are associated with the same AP?

We have received conflicting answers from our Aruba SEs, account exec, and TAC, 
so we are hoping to learn how to limit device visibility from others who are 
using ClearPass.

Thanks for your advice!
Craig
--

Craig D. Rice
Director of Enterprise Infrastructure | IT
[St. Olaf College]
Office: +1-507-786-3631
1510 St. Olaf Avenue Northfield, MN 55057-1097  USA
stolaf.edu
<http://stolaf.edu/>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

[Lee H Badman]

Just a quick aside on this:

We are dealing with same questions for long term, but one thing that I think 
gets lost in these “solutions”- students don’t register anything at home. Would 
be awesome if a bazillion PPSKs were available on same SSID.

Here kid, your SSID is THIS, your password is THIS. Go to it. Nothing more 
needed and no one can see each other. All the casty stuff works with no network 
tricks.

That would be the Holy Grail, to me.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Craig D Rice
Sent: Wednesday, March 4, 2020 10:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

We are an Aruba shop and are evaluating AirGroup + ClearPass to provide 
students a more home-like experience in their residence halls. That is, we 
would like students to be able to register and see only their registered 
devices.

If a user registers a device in ClearPass, is that device visible to 
non-registered devices (or devices registered to another user) -- even if the 
devices are associated with the same AP?

We have received conflicting answers from our Aruba SEs, account exec, and TAC, 
so we are hoping to learn how to limit device visibility from others who are 
using ClearPass.

Thanks for your advice!
Craig
--

Craig D. Rice
Director of Enterprise Infrastructure | IT
[St. Olaf College]
Office: +1-507-786-3631
1510 St. Olaf Avenue Northfield, MN 55057-1097  USA
stolaf.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Xbox One and WPA3

[Lee H Badman]

This is PSK (?) and not 802.1X? Sanity check. Also, are you running the SSID 
with WPA, WPA2, and WPA3 all simultaneously enabled?

Anything exciting in the packet captures?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mallon, Jason
Sent: Wednesday, March 4, 2020 10:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Xbox One and WPA3

Hey everybody,
We are currently testing WPA3 in a couple of our dorms and academic buildings 
using 8.10.112 on the Cisco 8540 controller.  We started hitting bugs with the 
1815w on 8.5.140 and were encouraged to upgrade to 8.8 or 8.10 per TAC.  
Through discussions with our SE we found that 8.10 is going to be the long live 
release and decided to go that path.  We tested what we could in the office, 
and there were no issues with this.  We have been running this code since last 
year without any issues.  At some point after the semester started we started 
getting tickets for Xbox One that are on the 8.10 code level.  I know the SSID 
is functioning properly because of all the other devices that are connected 
including PS4s.  All of the Xbox owners that have complained have given the 
same error message.  Just curious if anybody else is seeing this issue.

“your security protocol will not work xbox one "Your console supports WPA/WPA2 
(personal), WPA2 (personal), and WEP network security protocols, but your 
router is using something else. You'll need to change your routers 
configuration.""

Thanks,
Jason Mallon | Network Engineer III
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp]
OIT
The University of Alabama
jemal...@ua.edu
[/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp]

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Implementing registration based Guest Wi-Fi

[Lee H Badman]

The various devices are all over the place in behavior, requirements, and 
capabilities. There is no one single answer. Cisco has a 36-page guide for 
configuring the WLAN for Chromecast, and some of what it wants you to do 
arguably will not scale very well.

I don't envy what you are taking on.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mangaiah Chowdary Garikapati
Sent: Monday, February 24, 2020 11:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi

Hello,

At NIU, we are currently undergoing a project to move away from open access 
Guest Wireless to a registration based Guest Wireless using Cisco ISE and we 
are having following issues and any help or suggestions on these are much 
appreciated.


  1.  In the new system, devices are not able to see each other for casting 
purposes, is there any option we need to select to enable various casting and 
mirroring capabilities in the new registration based Guest Wireless?
  2.  We are also using 'Mydevices' portal to add devices which doesn't have 
capabilities to register / authenticate (e.g. Chromecast, Roku etc.) but this 
is looking like a hit and miss where some devices connect immediately and some 
take at least an hour to two to be recognized and allowed to connect to the AP. 
Any suggestions why this could be happening?

Thank you,
Mangaiah Chowdary Garikapati
Project Manager
PMO | Division of Information Technology
3100 Sycamore Road | DeKalb, IL 60115
mgarikapa...@niu.edu
[125-signature]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

[Lee H Badman]

Very well-articulated, Chuck. After the Marriot and related decisions, 
then-commissioner Ajit Pai wrote some really good dissenting views… like “we 
can’t fine them because our own regulations are so ambiguous” kind of stuff. 
When he became the head of the FCC, I was really hoping he’d revisit the mess 
and clear it up. That hasn’t happened, sadly.

FWIW, here’s what I was thinking back then in an open letter to the FCC 
https://wirednot.wordpress.com/2015/08/19/an-open-letter-to-the-fcc/ and then a 
blog that covered life as a network admin trying to deal with the problem 
devices 
https://wirednot.wordpress.com/2015/11/07/three-inconvenient-truths-and-some-conspiracy-theory-about-the-fccs-mi-fi-enforcements/

It’s still a crazy thorny topic, in my mind.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, January 29, 2020 1:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz 
spectrum


The difference between Mi-Fi and sandwiches is that there's no Federal Sandwich 
Commission claiming exclusive authority to regulate sandwiches.  Our 
institutions are free to pass policies consistent with the law, but it's clear 
from this thread that we don’t know precisely what the law allows in this case.



Here's the relevant excerpt from Penn State’s policy manual:



The University also reserves the right to control and/or manage use of the 
frequency spectrum within the boundaries of all University locations. 
Individuals of the University are required to report transmitting devices and 
their characteristics to University officials, if so requested. The University 
reserves the right to require those units or individuals found to have such 
devices that interfere or are suspected to interfere with operation of 
centrally managed University systems, to discontinue use of such devices, and, 
if necessary, to remove them from University property.



I have concerns about this policy that would keep me from trying to enforce it:



  1.  The University must manage the spectrum assigned to it, but I'm pretty 
sure the FCC controls the spectrum and that the unlicensed spectrum isn’t ours 
to manage.
  2.  Who are these university officials that can request reporting?  I have no 
reason to think I or my staff are among them, but perhaps we are.
  3.  I suspect the University can ban categories of devices from campus as it 
sees fit, including RF transmitters.  If instead of making this about spectrum 
we just banned RF transmitters of any kind, or even specific kinds, we could 
probably get away with it.  But we’re on much shakier ground if we allow such 
devices and choose to selectively prohibit them based on what we deem to be 
adverse effects on the spectrum associated with their legal use.  That’s a 
backhanded way of controlling the unlicensed spectrum and I don’t think the FCC 
will like it.



Nevertheless, if concern #2 was addressed I’d be willing to attempt 
enforcement.  Our Office of General Counsel is responsible for making sure our 
policies are legal – not me.

Chuck Enfield
Manager, Wireless & Cellular
Penn State IT
119L USB2, UP, PA 16802
Office: 814.863.8715


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hunter Fuller
Sent: Wednesday, January 29, 2020 12:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz 
spectrum



I'm not sure everyone is really speaking the same language here.



If my University passed a policy that said students can't have sandwiches on 
campus, that would be enforceable and they could even be subject to 
disciplinary committee if they brought a sandwich to campus.



If you replace a sandwich with a Mi-Fi device, I'm not sure how that's any 
different.



That being said, we do not have such a policy - just one forbidding them from 
connecting their routers and such to our network. That's fine for us, and we 
just try to educate people - 90% of the time it works every time.



--

Hunter Fuller

Router Jockey

VBH Annex B-5

+1 256 824 5331



Office of Information Technology

The University of Alabama in Huntsville

Network Engineering



On Wed, Jan 29, 2020 at 9:52 AM Jake Snyder 
mailto:jsnyde...@gmail.com>> wrote:

>

> Unfortunately, aside from talking to the person there isn’t much you can do.  
> The person in question isn’t “jamming,” they are using spectrum and 
> completely entitled to do so.

>

> Simplistically, you can prevent devices the university owns from connecting 
> to 

Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

[Lee H Badman]

You can ask. And inform about how a hotspot is crushing an AP and several 
people's connectivity.

Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Paul B. Henson 

Sent: Tuesday, January 28, 2020 6:58:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz 
spectrum

On Tue, Jan 28, 2020 at 06:02:01PM +, David Pifer wrote:
> We have a standard as follows “Personal wireless access points,
> network switches, and routers are not permitted on campus as they can
> interfere with the functioning of the campus network.”

Hmm... By this do you mean "are not permitted to be connected to the
campus network"? Cause if somebody's got a wifi router connected to a
cell phone data network you can't legally tell them they can't use it...
Whether it's on the same channel as your wifi or not.

--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  hen...@cpp.edu
California State Polytechnic University  |  Pomona CA 91768

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Chromecasts and App on Phones

[Lee H Badman]

Here’s one of the few Cisco config guides out there, if you haven’t seen it 
yet: 
https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_mDNS_gateway_chromecast_support_feature_deployment_guide.html

It’s a bit of a mess at scale. No fault of Cisco’s… this is one of those 
“consumer meets enterprise” train wrecks.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kushner, Jeff
Sent: Monday, January 27, 2020 1:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Chromecasts and App on Phones

Hello,

We have the same situation as Dennis and are also curious to hear the answers.

Thanks
Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Carson, Dennis
Sent: Monday, January 27, 2020 11:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Chromecasts and App on Phones


Hello,



We use Cisco AP’s. We have one ssid for students, but it has multiple subnets. 
When the Chromecast and Phone end up on different subnets, they don’t seem to 
be able to connect.

Do any colleges have any workarounds or solutions for this?

Also, with the way these devices work, does anyone know if they need to be on 
the same subnet after the initial registration? Ie IF we use a hotspot to 
register them, will they work when they go back to their dorm?

Thank you,
Dennis



[Cal U Logo]
The content of this email is confidential and intended only for the 
recipient(s) specified. If you received this message by mistake, please reply 
so the sender can correct the error, and then delete this email immediately. Do 
NOT forward it to a third party without the written consent of the sender. 
California University of Pennsylvania is a public agency; consequently, this 
email may be subject to disclosure under the commonwealth’s Right-to-Know Law.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Android Rogue Hunting App

[Lee H Badman]

Excellent point, Rand- this is called “Body Fade” (for real) in the larger 
realm of radio direction-finding, a.k.a fox hunting. If you master it, it is 
very handy. But it does get a bit tougher when the rogue is above or below you 
on another floor.

FWIW, here’s a blog article I wrote that explains and shows an example of Body 
Fade in the real world for rogue hunting.

https://wirednot.wordpress.com/2018/09/17/catching-up-with-netscout-at-mfd3-big-news-and-body-fade-explained/

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hall, Rand
Sent: Monday, January 27, 2020 8:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Rogue Hunting App

This is not a novel idea, but your torso attenuates enough signal to make a 
good "opposite" directional antenna. Hold the device close to your chest and do 
a slow 360.

Rand

Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532
rand.h...@merrimack.edu

If I had an hour to save the world, I would spend 55 minutes defining the 
problem and five minutes finding solutions. – Einstein


On Sun, Jan 26, 2020 at 8:54 PM Letts, Richard J 
mailto:rle...@purdue.edu>> wrote:
FYI

In order for an application to do WIFI scanning in Android 10 You have to turn 
on Location Permissions
Specific details here:
https://developer.android.com/guide/topics/connectivity/wifi-scan


(I use Wifi analyser on android 10. It works OK, but it’s not a quality tool 
for locating rogues. Something with a directional antenna would do a lot better)


Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Walter Reynolds
Sent: Wednesday, January 8, 2020 3:20 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Rogue Hunting App


It looks like it was started in Android 9 but there is supposed to be a toggle 
in Developer options called "Wi-Fi scan throttling" to disable it on Android 10.

So ignore the man behind the curtain.

Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Wed, Jan 8, 2020 at 3:05 PM Walter Reynolds 
mailto:wa...@umich.edu>> wrote:
I will try to find the reference, but I think Android changes are preventing 
use of tools like this starting with Android 10


Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Wed, Jan 8, 2020 at 2:06 PM Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:
Happy New Year to all you happy wi-fi people!

Does anyone have any Android software products they recommend for Rogue 
hunting? Unfortunately Ekahau Mobile Survey (EMS) has been canned, so we are 
looking for alternatives to put to use on an Android tablet. Ideally it should 
be something simple to use, that allows non-technical users to quickly narrow 
down the location of rogues.

Thanks

Sean

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

Hi Norman,

To me, 11ax APs shouldn't even be on the Enterprise market yet. I know that 
doesn't touch your question, and we all have our own "you do what you gotta do" 
realities. 

Thanks for reading through that long post.

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Norman Elton
Sent: Friday, January 10, 2020 10:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

I agree with 100% of that. But here's a question ...

>> I absolutely will not sacrifice an otherwise sound WLAN by tweaking 
>> configs or code upgradin for some small minority of poorly designed 
>> or suddenly misbehaving clients that can be fixed from the client 
>> side

What about Intel's AX driver bugs? I absolutely hate the idea of disabling AX 
to support a few clients. But how many people are telling their helpdesk to 
upgrade drivers on whatever BYOD laptop shows up?
What about a conference with 200 laptops that suddenly finds that half are 
unsupported?

But, once it's disabled, will we ever re-enable AX? It's easy to say that we'll 
disable it "short term", but we know those drivers won't magically update 
themselves. We could be looking at crippling our wireless indefinitely :-/.

Our current AX test environment has it turned off on the 2.4 radio, so that at 
least those users can connect someplace. Leave 5 GHz for those that can support 
AX. I don't like the compromise, but the alternative ("hey we're trying out a 
brand new wireless network that won't work for random people") is equally 
unappetizing.

Sigh.

Norman Elton
William & Mary

On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
> I know a lot of people are likely following along, so I’ll throw one more 
> rant nugget out there (and this is not meant to distract from Ryan’s original 
> question):
>
>
>
> Over the many years I’ve been doing this, I have found that MOST problems on 
> a healthy, well-designed wireless network are absolutely client-related. Even 
> on the likes of Active Directory managed PCs where the assumption is that 
> Windows updates make everything fine. These updates don’t tend to touch WLAN 
> adapter, BIOS, and chipset drivers which are often the root cause of wireless 
> issues.
>
>
>
> Then there is the fallacy that the latest Intel/Broadcom driver is the 
> “best”. Sometimes you have to use an older one on a specific model PC or NIC- 
> especially where you are doing 802.1X. The whole effect is greatly magnified 
> in the BYOD world that many of us live in with endless mainstream and not so 
> mainstream client OS’s. Is it the WLAN vendor’s job to make up for all the 
> goofy, ill-designed crap that’s out there? (Talking myself back from the 
> ledge here, before I go off on the Wi-Fi Alliance). This situation sucks 
> largely, and we’re stuck with it so we have to manage as best as we can.
>
>
>
> Then there are the optional features- for example, I’ve seen band 
> steering make life tough for Windows PCs seemingly out of the blue. 
> Except it wasn’t out of the blue- it was after Windows’ Patch Tuesday. 
> In this case, disabling long-enabled band steering “fixed” the problem 
> of users having wireless connectivity but not getting anywhere and 
> losing massive amounts of pings. BTW… band-steering is not part of the 
> 802.11 standard. Where does “fault” lie in this situation? Microsoft? 
> The WLAN adapter/driver vendor? The WLAN vendor? Me? It’s messy as 
> hell at times, given that “standards” are often a big fat lie when it 
> comes to wireless in my opinion. Disagree? I’ll fight ya J
>
>
>
> So… my premise is that MOST of the time the clients are the issue. And for 
> me, I absolutely will not sacrifice an otherwise sound WLAN by tweaking 
> configs or code upgrading for some small minority of poorly designed or 
> suddenly misbehaving clients that can be fixed from the client side, and I 
> don’t hold any WLAN vendor responsible for fixing the endless list of issues 
> in the client space.
>
>
>
> But when infrastructure code deficiencies DO hit, and all of the optional 
> features have been disabled and all of the client devices have been proven to 
> be as healthy as they can be first, it’s the worst of the worst situations 
> for those of us who run big networks because it’s truly out of our hands. 
> While I don’t expect Cisco or Aruba or whoever to make up for client 
> shortcomings or to jump

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

Controllers, NMS, etc- nice to make them all someone else’s problem.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Price, Jamie G
Sent: Thursday, January 9, 2020 1:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

We looked at MIST and Meraki, both great products. We feel our management went 
with ABC so Meraki it is.

In a nutshell (and I can expand upon the “whys”) you get so many more features, 
flexibilities, with an included management platform with either one of these 
vendors. Controllers are expensive bricks. The only real reason to stay with 
controllers is if you do not want a cloud base platform.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Elton
Sent: Thursday, January 9, 2020 11:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

The wireless-lan mailing list is always interesting, but this is by far the 
best thread yet :)

We are a longtime Aerohive customer, and are aware of Extreme’s plans. Happy to 
talk about my feelings regarding Aerohive off-list. Whomever explained that 
startups are responsive at first, and start to lose their luster as they grow 
... spot on.

We are testing Meraki, Juniper/Mist, and Arista/Mojo. As always, some of the 
shine wears off once you get into the product. I’ve found some surprising 
RADIUS bug on Mist. Their initial support is responsive, but the resolution is 
... forthcoming. We are a big Juniper shop, so are excited about their ability 
to monitor & manage (one day) our EX switches.

If you start and eval, make sure you open tickets and explore how their support 
operation responds to requests (and bugs!).

Norman



On Thu, Jan 9, 2020 at 12:47 PM Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:
At this time, this doesn’t appear to bother anything other than the 515s.  We 
have 315s on the same code and have not gotten reports.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Chu
Sent: Thursday, January 9, 2020 12:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

We have been running v8.5.0.4 (clustered controllers off of a mobility master) 
with a little over 4100 AP305’s and AP325’s for a couple of months and things 
have been stable here.  Prior to this, v8.3.0.8 was causing us a few issues.

Norman Chu
Systems Administrator, Network Infrastructure Team
IT Services
T:  514-398-7299
norman@mcgill.ca<mailto:norman@mcgill.ca>  |   
www.mcgill.ca/it<http://www.mcgill.ca/it>
805 rue Sherbrooke 
Ouest<https://www.google.com/maps/search/805+rue+Sherbrooke+Ouest?entry=gmail=g>,
 Burnside Hall, Montréal, QC. H3A-0B9  Canada
[1501096696117_IITSlogo4email-cleaner-350.png]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Michael Hulko
Sent: January 9, 2020 11:58 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

May not be completely related, but we have had issues with newer AX chipsets 
that utilize NDIS 6.3 code set.  Some of the advanced features had to be turned 
off as a work around such as packet coalescing etc.

ALthough we have no 515’s in our environment, we are progressing to 8.6 (as per 
our SE) in the coming weeks and this does not make me comfortable.  Any issues 
with the 300 series APs and 8.5x? May rethink and downgrade to 8.3x as it also 
seems to only support the AP103Hs as well.

M

On Jan 9, 2020, at 11:44 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
 wrote:

No insult meant to anyone’s intelligence, but are you also looking at client 
device drivers etc in the context of these issues? Depending on which client 
NIC is in play, the device makers haven’t been doing us any favors of late. Is 
very possible for example that hundreds of AD-managed laptops may all have same 
bum driver.

Just asking…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith 
Drive<https://www.google.com/maps/search/120+Smith+Drive+%0D%0ASyracuse,+New+York+13244?entry=gmail=g>
Syracuse, New York 
13244<https:/

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

Good information. And good discussion.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Miller, Keith C
Sent: Thursday, January 9, 2020 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Hi Lee,

While we’ve experienced the issue with Intel NICs not being able to see SSIDs 
advertised when .11ax is enabled, a driver update has typically resolved that 
problem. The problems we are seeing range across many different device 
platforms ranging from Apple devices (iPhones and MacBook Pros) to Lenovo 
laptops and Samsung phones. I definitely do not believe it’s client related at 
this point.

Regards,
Keith
O: (919)962-6564 M: (803)464-2397

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, January 9, 2020 at 11:45 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

No insult meant to anyone’s intelligence, but are you also looking at client 
device drivers etc in the context of these issues? Depending on which client 
NIC is in play, the device makers haven’t been doing us any favors of late. Is 
very possible for example that hundreds of AD-managed laptops may all have same 
bum driver.

Just asking…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of David Morton
Sent: Thursday, January 9, 2020 11:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Ryan, we have been experiencing some of the very same issues. Since installing 
515s and resulting 8.5.x code in our offices (always our first step to any 
migration) we too have experienced unexplained periods of no connectivity. In 
most or all the cases I’ve personally experienced, I believe that I remain 
connected at an 802.11 standpoint but will have that 30 seconds to a couple of 
minutes of no IP connectivity. We have now deployed 515s and 8.5.x in one of 
our residence halls so I am concerned about their experience as well. Just 
before the holiday break we had a series of very high-profile outages that 
impacted our students leading up to and during finals week. The issue got so 
bad that our CIO had to issue a letter to students explaining the problem and 
what we are doing about it. This is the first time that this level of 
communication was needed in my 15 years at the UW using Aruba.

We too are a heavy Juniper shop and have recently received a MIST demo kit. We 
haven’t done anything with it yet due to lack of resources, but if things 
continue on the current path we may give it a more serious look.

David


David Morton
Director, Network & Telecom Design/Architecture
University of Washington
dmorton @uw.edu
tel 206.221.7814

PS I am currently on medical leave so if you wish to reply off-list, please 
direct it to Amel Caldwell, amelc@ uw.edu<http://uw.edu>


On Jan 9, 2020, at 8:15 AM, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

All:

We’ve been an Aruba shop for a very long time and have around 10,000 access 
points.  While every relationship with vendors have their ups and downs, my 
frustration with the Aruba is finally peaking to the point that I am 
considering making the enormous move to choose a different vendor.  The biggest 
reason is with the 8.X code train, and bugs that we just don’t consider 
appropriate to use in production.  It has been one thing after the other, and 
my extremely talented and qualified Network Architect (Keith Miller) might as 
well be on the Aruba payroll as much work as he has been doing for them to 
solve bugs.  Just when we think we have one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We have them 
deployed in one of our IT buildings.  Periodically, people that are connected 
to these APs in the 5G band wi

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

Interesting. I wonder- does Aruba consider any of these APs or code versions 
that you all are struggling with to be “bleeding edge” or is it all mainstream, 
supposedly stable product at this point?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Martin Reynolds
Sent: Thursday, January 9, 2020 11:48 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Not sure if this could be of help but the issues with the 515 and 535 Aruba APs 
we use was driver related to the 802.11ax code that is on the AP's.  This is 
not an Aruba specific issue but affects other vendors as well.  The following 
link is for the updated Intel drivers.

https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html

In our case users could not see the ESSIDs at all where 515 APs were installed 
but could where other model of AP's (2xx and 3xx)were installed.  By using a 
different adapter from what is installed in the hardware (example USB-and not 
Intel) that allowed us to see the ESSIDs

Thanks,
Martin

On Thu, Jan 9, 2020 at 11:40 AM David Morton 
mailto:dmor...@uw.edu>> wrote:
Ryan, we have been experiencing some of the very same issues. Since installing 
515s and resulting 8.5.x code in our offices (always our first step to any 
migration) we too have experienced unexplained periods of no connectivity. In 
most or all the cases I’ve personally experienced, I believe that I remain 
connected at an 802.11 standpoint but will have that 30 seconds to a couple of 
minutes of no IP connectivity. We have now deployed 515s and 8.5.x in one of 
our residence halls so I am concerned about their experience as well. Just 
before the holiday break we had a series of very high-profile outages that 
impacted our students leading up to and during finals week. The issue got so 
bad that our CIO had to issue a letter to students explaining the problem and 
what we are doing about it. This is the first time that this level of 
communication was needed in my 15 years at the UW using Aruba.

We too are a heavy Juniper shop and have recently received a MIST demo kit. We 
haven’t done anything with it yet due to lack of resources, but if things 
continue on the current path we may give it a more serious look.

David


David Morton
Director, Network & Telecom Design/Architecture
University of Washington
dmorton @uw.edu
tel 206.221.7814

PS I am currently on medical leave so if you wish to reply off-list, please 
direct it to Amel Caldwell, amelc@ uw.edu


On Jan 9, 2020, at 8:15 AM, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

All:

We’ve been an Aruba shop for a very long time and have around 10,000 access 
points.  While every relationship with vendors have their ups and downs, my 
frustration with the Aruba is finally peaking to the point that I am 
considering making the enormous move to choose a different vendor.  The biggest 
reason is with the 8.X code train, and bugs that we just don’t consider 
appropriate to use in production.  It has been one thing after the other, and 
my extremely talented and qualified Network Architect (Keith Miller) might as 
well be on the Aruba payroll as much work as he has been doing for them to 
solve bugs.  Just when we think we have one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We have them 
deployed in one of our IT buildings.  Periodically, people that are connected 
to these APs in the 5G band will stop working.  To the user, they are browsing 
a site, then it becomes unresponsive.  If they are on their phone, they will 
disconnect from wifi and everything works fine on cell.  Nothing makes an 
802.11 network look worse than switching to cell and seeing a problem resolve.  
Normally, if the users disconnect then reconnect, their problems will go ahead 
(but I think they end up connecting in the 2.4G band).   We’ve been working on 
this problem with them for months.  It always seems as though we have to prove 
there is a real issue.  I’m fed up with it.  We are a sophisticated shop.  If 
we have a problem, 9 times out of 10 when we bring it to the vendor, it is a 
real problem.  I’m extra frustrated that due to issues we’ve seen in ResNet on 
the 8.3X train that we don’t want to abandon our 6 train on main campus.  To 
Aruba’s credit, we purchased around 1,000 515s last year (I think around 
February).  When they could not get good code to support them on, Aruba bought 
back half of them.  I asked for them to buy back half because I thought for 
sure with the 315s that we would have instead, the issues would be fixed by the 
time the 315s ran 

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Lee H Badman]

No insult meant to anyone’s intelligence, but are you also looking at client 
device drivers etc in the context of these issues? Depending on which client 
NIC is in play, the device makers haven’t been doing us any favors of late. Is 
very possible for example that hundreds of AD-managed laptops may all have same 
bum driver.

Just asking…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of David Morton
Sent: Thursday, January 9, 2020 11:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Ryan, we have been experiencing some of the very same issues. Since installing 
515s and resulting 8.5.x code in our offices (always our first step to any 
migration) we too have experienced unexplained periods of no connectivity. In 
most or all the cases I’ve personally experienced, I believe that I remain 
connected at an 802.11 standpoint but will have that 30 seconds to a couple of 
minutes of no IP connectivity. We have now deployed 515s and 8.5.x in one of 
our residence halls so I am concerned about their experience as well. Just 
before the holiday break we had a series of very high-profile outages that 
impacted our students leading up to and during finals week. The issue got so 
bad that our CIO had to issue a letter to students explaining the problem and 
what we are doing about it. This is the first time that this level of 
communication was needed in my 15 years at the UW using Aruba.

We too are a heavy Juniper shop and have recently received a MIST demo kit. We 
haven’t done anything with it yet due to lack of resources, but if things 
continue on the current path we may give it a more serious look.

David


David Morton
Director, Network & Telecom Design/Architecture
University of Washington
dmorton @uw.edu
tel 206.221.7814

PS I am currently on medical leave so if you wish to reply off-list, please 
direct it to Amel Caldwell, amelc@ uw.edu


On Jan 9, 2020, at 8:15 AM, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

All:

We’ve been an Aruba shop for a very long time and have around 10,000 access 
points.  While every relationship with vendors have their ups and downs, my 
frustration with the Aruba is finally peaking to the point that I am 
considering making the enormous move to choose a different vendor.  The biggest 
reason is with the 8.X code train, and bugs that we just don’t consider 
appropriate to use in production.  It has been one thing after the other, and 
my extremely talented and qualified Network Architect (Keith Miller) might as 
well be on the Aruba payroll as much work as he has been doing for them to 
solve bugs.  Just when we think we have one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We have them 
deployed in one of our IT buildings.  Periodically, people that are connected 
to these APs in the 5G band will stop working.  To the user, they are browsing 
a site, then it becomes unresponsive.  If they are on their phone, they will 
disconnect from wifi and everything works fine on cell.  Nothing makes an 
802.11 network look worse than switching to cell and seeing a problem resolve.  
Normally, if the users disconnect then reconnect, their problems will go ahead 
(but I think they end up connecting in the 2.4G band).   We’ve been working on 
this problem with them for months.  It always seems as though we have to prove 
there is a real issue.  I’m fed up with it.  We are a sophisticated shop.  If 
we have a problem, 9 times out of 10 when we bring it to the vendor, it is a 
real problem.  I’m extra frustrated that due to issues we’ve seen in ResNet on 
the 8.3X train that we don’t want to abandon our 6 train on main campus.  To 
Aruba’s credit, we purchased around 1,000 515s last year (I think around 
February).  When they could not get good code to support them on, Aruba bought 
back half of them.  I asked for them to buy back half because I thought for 
sure with the 315s that we would have instead, the issues would be fixed by the 
time the 315s ran out.  Not looking to be the case.

So, with that rant over, we are seriously considering looking to move away from 
Aruba (unless they get their act together really soon).  There are other bugs 
I’m not even mentioning here.  For those of you that made the switch to another 
vendor, I would be curious how long the honeymoon lasted, what were your 
motivators, and were you happy with the overall results?  Of course, this is a 
great opportunity to plug your vendor.  As I see it, we have 3 choices….  
Something from Cisco (we had Cisco long ago and dumped them for bugs), 
something from Extreme (we are a huge Extreme shop so 

Distech Building Controls

[Lee H Badman]

Curious if any schools have these products in use, and any good/bad/indifferent 
testimony on them from the network perspective?

Regards,

Lee Badman

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Ekahau versus iBwave

[Lee H Badman]

iBwave ‘s 3D modeling is slick, it does a nice job with inclined planes, and 
the mobile app is useful. They also have collaboration down very well.

Ekahau has Sidekick and ease of use, but is also getting more complicated on 
the license front. It’s a changing company- take from that what you like.

Both are excellent at their purpose.

My quick takes…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rick Brown
Sent: Thursday, November 21, 2019 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Ekahau versus iBwave

Do any of you have any bullet points comparing Ekahau design software to iBwave 
along with
any pros and cons you've found?

Thanks in advance!

Rick
--
[cid:image001.png@01D5A05C.BCB3C0F0]

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Early adopters on Cisco .11ax - on 8540s?

[Lee H Badman]

Would like to hear from anyone who may be running 8.10 code with 9100 APs, and 
any testimonials on your early findings? Not so much with performance but more 
so with stability or any problems/concerns noted when used on 8540 WLCs.

Thanks,

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: SMS gateways

[Lee H Badman]

Twillio. Works fantastic.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Entwistle, Bruce 
<0139f1156e70-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, November 13, 2019 6:25:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SMS gateways

We are looking at using the Guest portal of Clearpass for authenticating guest 
to our wireless network.  A part of this would be sending account information 
to guests through a SMS gateway.  Is there a recommended SMS gateway vendor 
that will work with Clearpass?

Thank you
Bruce Entwistle
Network Manager
University of Redlands


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

[Lee H Badman]

Just adding to the discussion, having been at this for a while. Make sure that 
your “no rogue” enforcement- in whatever form that takes- is backed up by 
clearly articulated policy that is endorsed by your CIO or equivalent. Make 
sure that policy is well communicated, and that your entire distributed 
computing/network support/ helpdesk staff are educated on it. Over time, strong 
alliances in this regard greatly reduce the number on rogues you’ll see to 
begin with, and it’s wonderful to find a rogue in your monitoring software and 
simply pick up the phone and ask a person in another department to please go 
find it and remove it. If you can develop those mature, high-functioning 
relationships, you greatly reduce the need for technical remedies.

In the dorms, try to make sure that your no rogue policy is agreed to by every 
student before they get a network login. Try to educate dorm directors and RAs 
on the topic, and why the policy is needed. I’ve called Dorm Directors when 
offending students ignore voice mail and email, and these folks have great 
interest in helping to get to the problem user for the greater good.

Researchers are perpetually going to be a headache. There is a lot of momentum 
in engineering schools on all sorts of wireless technology, and this group will 
have its own set of circumstances with rogues to navigate. Recognize them as a 
separate demographic, as you may need to bend, amend, and break policy in the 
name of academic activity. But you may also help enable fantastic wireless 
breakthroughs if you can find a workable balance.

The more rogues you scrutinize over time through whatever monitoring tools you 
have available combined with a thorough understanding of your entire networking 
environment, the better you get at pinpointing who has what device in play, or 
whether said device is worth trying to deal with, through a combination of 
detective skills and log data. I have mitigated at least 40 rogues this 
semester alone without leaving my desk and without blasting out deauths. Phone, 
email, and a 10,000 foot view are also effective tools once you know what to 
look for.

Regards,


Lee Badman (mobile)

On Oct 28, 2019, at 7:43 PM, Jake Snyder  wrote:

 Generally speaking there are 3 scenarios where you can safely use containment.

On wire rogue:  I own the network it's plugged in to.
If you can prove that the AP is plugged into your network against policy you 
can contain, since the network they are connecting to is yours.  However, this 
is not a good use of airtime, and is much more effective at wired side 
containment method.

Owned devices: I own the device connecting to another network.
If you own a device, and you see it connected to something that is not yours, 
you can contain it since you are interacting with a device your organization 
owns.  However, if it's a BYOD or employee/student device you are containing 
then that's likely not ok.

Pentesting: I have legal authorization from the device/network owner to contain.
You are a wireless pentester and have permissions to contain any device that is 
owned by and authorized by your customer.


I recorded my thoughts on the matter here:

https://www.youtube.com/watch?v=7e--Y-KjsEQ


Monitor and report, but action needs to be deliberate and targeted.  Otherwise, 
you are asking for a fine from the FCC.

Jake





On Oct 28, 2019, at 11:55 AM, Enfield, Chuck 
mailto:cae...@psu.edu>> wrote:

My main reason for worrying about people broadcasting our SSIDs is usability.

The $64 question for security is whether or not the Aruba IDS would detect a 
well-executed evil twin attack.  If the twin uses not just your ESSID but a 
valid BSSID from one of your APs in an area where the “spoofed” AP can’t detect 
it, would the IDS figure it out?  If so, then there may be some value in 
enabling automatic mitigation.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 12:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

Thank you for the response.

Thomas,
I'm definitely going to share the FCC announcement with my management and 
security officer to ensure that they are aware of this. That being said, we are 
not trying to prevent anyone from using a hotspot, but like Chuck mentioned are 
trying to protect our users from connecting to counterfeit "well-known" campus 
SSIDs. My thought is to only add "well-known" SSIDs in our list of protected 
networks.

Chuck,
Airwave can be an option for alerting, but as you said, it needs manual 
intervention. If our security officer decides to go against implementing this, 
my next suggestion would be using Airwave for manual intervention. Something 
else I can think of is the polling intervals duration and immediacy of action. 
If there is a malicious individual 

RE: Theater wifi - to have or not to have

[Lee H Badman]

Put it in while you can. Better to have and not need versus the opposite. Never 
know when some event will need it.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Bull, Mary
Sent: Tuesday, October 22, 2019 12:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Theater wifi - to have or not to have

Hello all,

I’m wondering if anyone here has dealt with a decision on wireless in the 
theaters, concert halls, or recital halls on their campus. We have a new arts 
complex coming on line in the next two years and there’s no clear direction 
from faculty on whether wireless for the audience is desirable. The previous 
main theater, and other currently used theaters on campus, did/do not have full 
connectivity for the audience (just a few aps tacked on the walls that were 
useless when the room was full). Facilities planning is favorable toward 
building it in, so I’d prefer that too, especially since it would be much 
harder or impossible to install if the faculty changes their mind in a few 
years once the building is complete. However, I’m not sure whether there is 
really an expectation from the audience that they should have wifi when they 
attend a show or concert.

Has anyone dealt with this on their campus? What influenced your choice?

Mary Bull
William and Mary
757-221-2491
mb...@wm.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

[Lee H Badman]

Wouldn’t it be awesome if there was a group… some kind of ORGANIZATION maybe, 
like an ALLIANCE that did interoperability testing to keep stuff like this at 
bay? Maybe a group made up wireless product manufacturers…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of John Rodkey
Sent: Thursday, October 10, 2019 12:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

Not only does the Intel wireless card problem on Windows computers prevent them 
from attaching, our experience is that none of the SSIDs are even visible to 
Windows computers when ax is turned on, even though ac and n are also turned 
on.  So from their point of view, the WAPs are broken, and we hear about it 
when the parents of students call people on the executive team wondering why IT 
is so incompetent they can't provide a wireless network similar to the one they 
rolled out in their home in a matter of minutes.  Now it's public relations and 
a political problem.

The only solution that we've found apart from going to each computer and hand 
installing the new drivers is turning off 802.11ax on our new, expensive WAPs, 
and waiting for , what? 2 years? , until either Microsoft makes these wireless 
upgrades mandatory security patches (unlikely), or the population of old 
Windows computers diminishes to only a handful.

John Rodkey
Director of Servers and Networks
Westmont College

On Wed, Oct 9, 2019 at 5:48 PM Sweetser, Frank E 
mailto:f...@wpi.edu>> wrote:
In theory, yes - I doubt that anyone is going to deploy 11ax with earlier 
standards disabled (except for base 11b data rates, anyway).  The problem is 
there's a bug in commonly deployed Intel driver versions which prevents the 
client from attaching to the network if 11ax rates are enabled at all:

https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jennifer Minella mailto:j...@cadinc.com>>
Sent: Wednesday, October 9, 2019 6:23 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs


I don’t believe ClearPass Device Insight shows driver details – I just skimmed 
through endpoint details page and attributes and don’t see it.

At the risk of asking a dumb question, is there a reason not to simply deploy 
the 500-series with backwards compatibility enabled? That would allow you to 
offer a seamless experience for clients in a mixed-PHY-standard environment and 
support current clients on n/ac and even a/b/g etc.



Cheers!

-jj

___

Jennifer Minella, CISSP, HP MASE

VP of Engineering & Security

Carolina Advanced Digital, Inc.

www.cadinc.com

j...@cadinc.com

919.460.1313 Main Office

919.539.2726 Mobile/text

[CAD LOGO EMAIL SIG]





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 7:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs



We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.htmldata=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3Dreserved=0)

We've been notifying clients and 

Re: [WIRELESS-LAN] Internet Connectivity Issues

[Lee H Badman]

Are you running AVC? If so, you might try disabling. It has caused us no end of 
trouble in the past, similar symptoms. One man’s opinion from past experience.

Lee Badman (mobile)

On Sep 23, 2019, at 7:49 PM, Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:

Hi Everyone,

We are getting reports of internet connectivity issues from our wireless users. 
The problem is very temperamental with users bouncing from being able to browse 
& access App content flawlessly, to experiencing a complete failure to browse 
to websites and refresh App content. As an example I was able to successfully 
test Instagram via Safari on an iPhone, and simultaneously fail to see the same 
content on the Instagram App on the same phone.

At this point we are struggling to narrow down the root cause. We have looked 
at everything from traffic volume to ISP instabilities. But as yet there is no 
consistent smoking gun. My reason for reaching out to the group is we are 
running slightly dated code on our HA pair of 5520s. We are running 8.8.111 and 
plan to upgrade to the latest release as soon as possible. But I’m wondering if 
anyone out there is running 8.8.111 that have seen or is seeing similar issues.

Thanks

Sean

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community