RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues
Making sure you have the UDP ports permitted for Zoom is important to ensure quality. Whilst Zoom will work with just TCP 80 and 443 enabled, clients that are restricted to using those ports will more frequently run into quality issues, and from our experience will more frequently be forced to loadbalance between different Zoom data centres mid-call. If you have access to your Zoom admin portal with relevant rights it can give you a good deal of granularity on where specific client connections on specific calls went wrong. https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom As an aside, MS Teams also uses UDP 3478 and 3479, but also 3480 and 3481, so if you were going to be adding some rules to help permit realtime calls and were not going to restrict it to published IP ranges adding those two extra ports might help you. __ Tomo | Infrastructure Architect | Information Technology – Operations and Assurance London Business School | Regent's Park | London NW1 4SA | UK D: +44 (0)20 7000 | T: +44 (0)20 7000 7000 E: t...@london.edu<mailto:t...@london.edu> | W: www.london.edu<http://www.london.edu/> Connect with us: LinkedIn<https://www.linkedin.com/school/5954> | Twitter<https://twitter.com/LBS> | Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> | Instagram<https://www.instagram.com/londonbschool/?hl=en> [cid:image002.jpg@01D7015C.1827F5D0] From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Sullivan, Don Sent: 12 February 2021 16:01 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues Ok, I’m going to throw something out there that may sound stupid, but I am ok with appearing stupid. When a client initiates a zoom call is that done via UDP or TCP? If it is done via UDP, can the session fail over to using TCP SSL connectivity in the middle of the call? Can that in turn create a situation where the wireless session disassociates and then tries to reassociate? I ask these questions because when I have been looking at drops during a Zoom call I have been seeing the wireless client disassociating and re associating at the same time the Zoom dashboard says the client lost their network connection. Those of you using Voyance (ENI) will see it in the time line as a “bad roam”. I am wondering if I am seeing a wireless network issue or is it a client and/or Zoom issue. I have seen it on both Windows and Macs. Just wondering if this is a one off or consistent with what others are seeing. Don Sullivan Network Administrator Technology Services 205-726-2111 | office dsulli...@samford.edu<mailto:dsulli...@samford.edu> LinkedIn<http://linkedin.com/in/donaldasullivan> www.samford.edu<http://www.samford.edu> 800 Lakeshore Drive Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [Samford Samford University Logo] From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Hales, David Sent: Friday, February 12, 2021 09:21 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [EXTERNAL]Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues I was just following this thread along until a ticket dropped in my lap this morning with a large Zoom session that apparently was cratering all over the place. After reviewing the connection report from Zoom for the session in question, there’s a pretty strong correlation between clients connecting over SSL having very absurdly high latency and jitter as opposed to clients connecting via UDP. There were a handful of folks in the session off campus and those running SSL had the same problems. Of course, there were far fewer off campus folks running SSL type connections since most home routers let just about anything go outbound. If this ends up being a cause of major issues, then folks switching to hotspots will indeed feel like that solved their problems in many cases, causing them to further curse the “crappy campus network”. ☹ Zoom uses a fallback to TCP/443 SSL connectivity when it can’t get through on its default UDP port (8801) or TCP port (8801). I’m starting to suspect that the SSL fallback might have some significant issues and am going to investigate allowing the UDP connections through our firewalls for Zoom sessions. I’d be curious to see if any of the other folks getting big spikes of Zoom complaints could provide further corroboration for this theory? David Hales Network Systems Administrator Information Technology Services Tennessee Tech University 1010 N. Peachtree Av., CLEM117 Cookeville, TN 38505 P: 931-372-3983 E: dha...@tntech.edu<mailto:dha.
RE: [WIRELESS-LAN] Theater wifi - to have or not to have
I can think of some performers who have actively encouraged their audience to take pictures/videos and share them (live) on social media. Having decent connectivity obviously can support such activities. Install it! Tomo | Infrastructure Architect | Information Technology – Operations and Assurance London Business School | Regent's Park | London NW1 4SA | UK D: +44 (0)20 7000 | T: +44 (0)20 7000 7000 E: t...@london.edu<mailto:t...@london.edu> | W: www.london.edu<http://www.london.edu/> Connect with us: LinkedIn<https://www.linkedin.com/school/5954> | Twitter<https://twitter.com/LBS> | Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> | Instagram<https://www.instagram.com/londonbschool/?hl=en> [cid:image001.jpg@01D58906.653EA0F0] From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Thomas Carter Sent: 22 October 2019 18:24 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have Add me to the “install it” list as we’re going through this exact thing with our theater department. They have pushed back with concerns that “people would be using devices instead of watching the performances”. But that venue is used for more than just plays and we can’t stop people from looking at cell phones. Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<http://www.austincollege.edu/> From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Dan Lauing Sent: Tuesday, October 22, 2019 12:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Theater wifi - to have or not to have I'll jump on the install train. Every time I try to save the university money, it only comes back to bite me in the rear. On Tue, Oct 22, 2019 at 12:11 PM Benedick, Jason mailto:bened...@stevenscollege.edu>> wrote: I’d install it, you can always disable SSIDs in those areas to prevent people from using it, but I’d bet there will be something that will require it sooner rather than later. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Bull, Mary Sent: Tuesday, October 22, 2019 12:34 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Theater wifi - to have or not to have This email originated from outside of Thaddeus Stevens College. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello all, I’m wondering if anyone here has dealt with a decision on wireless in the theaters, concert halls, or recital halls on their campus. We have a new arts complex coming on line in the next two years and there’s no clear direction from faculty on whether wireless for the audience is desirable. The previous main theater, and other currently used theaters on campus, did/do not have full connectivity for the audience (just a few aps tacked on the walls that were useless when the room was full). Facilities planning is favorable toward building it in, so I’d prefer that too, especially since it would be much harder or impossible to install if the faculty changes their mind in a few years once the building is complete. However, I’m not sure whether there is really an expectation from the audience that they should have wifi when they attend a show or concert. Has anyone dealt with this on their campus? What influenced your choice? Mary Bull William and Mary 757-221-2491 mb...@wm.edu<mailto:mb...@wm.edu> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.educause.edu%2fcommunity=E,1,XsLJ-nYhB1j4pWmapTeUPsS_DngRo5yaWiSEyIMxfqYW-pPqCceAo6u4a5snIDyMLEupSaQsyS0km8q_8IiLZXvsobhj_ABTwk1FhzgvAw,,=1> *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of th
RE: [WIRELESS-LAN] Eduroam and Govroam
Hi Jeff I’m not sure that’s entirely the case, or it wouldn’t be over here. The University, by providing govroam, would be acting like any other Wifi hotspot service, albeit without a captive portal because of the 802.1x roaming. You can see the authentication outer-ID username and accept/reject message like you can for any other eduroam or govroam user, but that’s about it. Would Starbucks get implicated in a PII leak if I went and exposed a bunch of data of my enterprise data over their Wifi? I would suggest not, but I would be in line for disciplinary action, and the data controller of the enterprise data would be hauled over the coals by the regulator if it was found that inappropriate measures hadn’t been taken by the data controller to ensure the employee did the right thing through a combination of technical measures and procedures. I would suggest it’s down to the public sector IT departments to ensure that their users access and use the data that they have access to appropriately, and that they should treat govroam like any other untrusted network, albeit with easy upfront authentication to get onto the network. You would hope that there would be additional layers of security and technical/process measures in place to protect the transactions of the public sector employee but that really is the remit of their data controller and IT people, not your network? I should have said in my previous email, I understand govroam is not just a UK thing, other European countries are also joining in. _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms & Security | Information Technology. London Business School | Regent's Park | London NW1 4SA | United Kingdom. Switchboard +44 (0)20 7000 7000 | Direct line +44 (0)20 7000 www.london.edu<http://www.london.edu/> London experience. World impact. Connect with us: [twitter.jpg] <https://twitter.com/LondonBSchool> Follow us on Twitter<https://twitter.com/LondonBSchool> [facebook.jpg] <http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> Become a fan on Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler Sent: 04 January 2018 18:26 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Eduroam and Govroam Seems ripe for PII to leak via independently run WiFi networks that broadcast govroam, yet are under no obligation to “do the right thing” with the public sector data flowing over their private networks. And by providing this at the university, does the university suddenly become a party to legal action should there be a data leak while a public sector employee is using govroam at their campus? This seems like a big InfoSec headache I’d rather avoid altogether. Jeff From: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Tomo <t...@london.edu<mailto:t...@london.edu>> Reply-To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Thursday, January 4, 2018 at 9:54 AM To: "wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] Eduroam and Govroam I can fill in a bit of background here, as I was party to some of the early meetings about the London govroam project. The Wifi provision in the public sector in the UK is a bit of a uncoordinated mess. Every bit of the public sector does their own thing. Public sector colleagues can’t use each others Wifi. So a social worker attending a police station can’t just roam onto the police wifi. A librarian from one council area can’t roam onto another council library wifi elsewhere. And a community healthcare worker has to mess around with guest access when doing outreach at the local hospital. The assumption is that public sector colleagues have plenty of places where they could consume the wifi, and probably do via some guest mechanism, but waste a lot of time (and hence our money) doing that; or end up surviving on 3G/4G services. And there are plenty of mobile notspots. The people who run the UK academic network and eduroam – JISC – have stood up the National Radius Proxy infrastructure for govroam in the UK, and are trying to encourage the public sector to sign up. In places they are pushing against an open door, in others people can’t (yet) see the point. There has been an initial focus on this in L
RE: [WIRELESS-LAN] Eduroam and Govroam
I can fill in a bit of background here, as I was party to some of the early meetings about the London govroam project. The Wifi provision in the public sector in the UK is a bit of a uncoordinated mess. Every bit of the public sector does their own thing. Public sector colleagues can’t use each others Wifi. So a social worker attending a police station can’t just roam onto the police wifi. A librarian from one council area can’t roam onto another council library wifi elsewhere. And a community healthcare worker has to mess around with guest access when doing outreach at the local hospital. The assumption is that public sector colleagues have plenty of places where they could consume the wifi, and probably do via some guest mechanism, but waste a lot of time (and hence our money) doing that; or end up surviving on 3G/4G services. And there are plenty of mobile notspots. The people who run the UK academic network and eduroam – JISC – have stood up the National Radius Proxy infrastructure for govroam in the UK, and are trying to encourage the public sector to sign up. In places they are pushing against an open door, in others people can’t (yet) see the point. There has been an initial focus on this in London, hence the blog posting you’ve picked up on. JISC have encouraged Universities who are already running eduroam to also turn on govroam. For most of us it’s a pretty simple thing to do, although it’s another SSID. It helps them in their conversations with the public sector to be able to say that your people (police, ambulance, fire, healthcare, social care, council workers) can hop onto good quality Wifi in all these places if you sort out govroam. And in big cities like London that’s a lot of places. So what’s in it for the Universities? At the start the benefit is limited – but when the local council start to turn up govroam (and alongside that eduroam) in their buildings our students can consume their wifi in the local council libraries and sports facilities; maybe at a council office if they need to visit. In some cities where the council provide wide area public wifi you can get a considerable benefit. And when any public sector employees who are govroam enabled arrive on our campuses to assist students or our staff, they can get on with their jobs by being well connected. It’s a long road, the benefits won’t be quick or easy. For some parts of public sector it might require a contract renewal to come up before action is taken, and in general the public sector moves slowly. But if enough of us do it, slowly they will come and join the Wifi roaming party. Honest self-disclosure: we haven’t quite yet had time to enable govroam, but we will soon. One of our buildings is shared with the local council and we need to mess around to provide their Wifi SSIDs on our Infrastructure. When they sign up for an sort our govroam, we wouldn’t need to do that. Hope that helps understanding. It’s not a quick win, more of the start of a journey. _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms & Security | Information Technology. London Business School | Regent's Park | London NW1 4SA | United Kingdom. Switchboard +44 (0)20 7000 7000 | Direct line +44 (0)20 7000 www.london.edu<http://www.london.edu/> London experience. World impact. Connect with us: [twitter.jpg] <https://twitter.com/LondonBSchool> Follow us on Twitter<https://twitter.com/LondonBSchool> [facebook.jpg] <http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> Become a fan on Facebook<http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Atkins Sent: 04 January 2018 17:06 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Eduroam and Govroam Thanks Philippe, that long term explanation makes sense. Like Lee, we have students abroad. I sent a quick FYI to our Infosec team to let them know users may eventually see eduroam at new locations and reminded them proper device configuration is important. Our joke/explanation in the past had been about seeing eduroam along the toll road and that you shouldn’t join it. So much for that one. Mike Atkins Network Engineer Office of Information Technology University of Notre Dame From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Philippe Hanset Sent: Thursday, January 04, 2018 11:39 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Eduroam and Govroam Mike et al., We are starting a Govroam pilot here in the US (www.govroam.us<http://www.govroam.us>) with local an
RE: HP is reportedly trying to buy Aruba Networks -confirmed
Announcement on the Aruba website http://www.arubanetworks.com/aruba-and-hp/?source=homepage _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms Security. Direct line +44 (0)20 7000 www.london.edu | London experience. World impact. Connect with us: Follow us on Twitter Become a fan on Facebook -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W (Network Services) Sent: 02 March 2015 12:29 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks And is they push that, they will drive most of Aruba's existing customers to Cisco or elsewhere. People are not going to rip out a Cisso or Juniper infrastructure to deploy HP. Bruce Osborne Wireless Engineer IT Infrastructure Media Solutions (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 -Original Message- From: Thomas Carter [mailto:tcar...@austincollege.edu] Sent: Thursday, February 26, 2015 4:33 PM Subject: Re: HP is reportedly trying to buy Aruba Networks Yes, edge switches, but HP can sell the whole campus from firewalls to routers to core switches to APs to software (clearpass, airwave, etc) to truly compete with the likes of Cisco. They're pushing the converged campus to sound like a marketing wonk. Whether or not they screw it up is what we'll have to wait and see. Thomas Carter Network and Operations Manager Austin College 903-813-2564 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, February 26, 2015 2:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks On 02/26/2015 02:23 PM, Thomas Carter wrote: I kept telling our Dell reps that Dell needs to buy into wireless and grab Aerohive or Ruckus. They would just mention the Aruba deal; we'll see what happens with that. I do think this can be good for Aruba. I see it as this - Cisco is a company that does $50B revenue annually and spends $6B in RD. I know that's not all wireless, but Aruba has $725M annual revenue with $170M RD. They need the financial backing to stay in second and maybe close the gap on Cisco. If integrated well, HP could have a compelling package with ProCurve and Aruba all managed under AirWave with some magic SDN sprinkled in there somewhere. But Aruba already has their own package with their MAS switches! My biggest fear is that HP is buying Aruba the wireless company, not Aruba the client access company. This would lead them to keeping the APs and controllers, while putting all of the rest of the goodies that let us to selecting them (Clearpass, Airwave's cross vendor capabilities, their switches) in jeopardy of either being tossed outright or left hanging around atrophying. -- Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] BARCO ClickShare CSC-1
We have one of these on our campus, as an ongoing trial in a couple of our teaching areas, in part as solution against AirPlay and other L2 mirroring technologies. The Clickshare just shows up as an interfering network in our campus Wifi (Aruba) and doesn't seem to create ongoing issues for either the campus Wifi or access to the ClickShare device. We asked the AV engineers to configure it to only use 5GHz but I'm sure whether they were able to do this. When it was commissioned, we just let our Aruba infrastructure deal with automatically reassigning RF as it sees fit. Being in an urban area with plenty of residential properties surrounding our campus, it's just yet another interfering Wifi network - 250 Access Points we run, 850+ interfering that we can see, the number depends how many Wifi enabled buses are driving past the campus... _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms Security. Direct line +44 (0)20 7000 www.london.edu | London experience. World impact. Connect with us: Follow us on Twitter Become a fan on Facebook -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia, Jr. Sent: 30 June 2014 16:26 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] BARCO ClickShare CSC-1 Does anyone have any experience with these? One just showed up on my campus and I'm expecting trouble integrating it into the RF environment, once we turn it on, since we have a very dense Cisco WiFi network in the area where it is going. http://www.barco.com/en/Products-Solutions/Presentation-collaboration/Clickshare-wireless-presentation-system/Full-featured-wireless-presentation-system-for-high-profile-meeting-rooms-and-boardrooms.aspx A penny for your thoughts... Thanks! -Rick -- Rick Coloccia, Jr. Network Manager State University of NY College at Geneseo 1 College Circle, 119 South Hall Geneseo, NY 14454 V: 585-245-5577 F: 585-245-5579 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Best practices for 802.1x (TTLS/PEAP) certificates
Craig You might want to check the documentation on the JANET Communities website where the people responsible for Eduroam in the UK have put together good instructions for all things Eduroam. Section 7 covers the certificates. https://community.ja.net/library/janet-services-documentation/implementing-eduroam-roadmap Good luck, _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms Security. Direct line +44 (0)20 7000 www.london.eduhttp://www.london.edu/ | London experience. World impact. Connect with us: [Description: twitter.jpg] https://twitter.com/LondonBSchool Follow us on Twitterhttps://twitter.com/LondonBSchool [Description: facebook.jpg] http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105 Become a fan on Facebookhttp://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Craig Simons Sent: 24 March 2014 18:03 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Best practices for 802.1x (TTLS/PEAP) certificates We're nearing the expiry of our current 802.1x certificate and we need to generate a new signing request. I see a reference on one page (https://confluence.terena.org/display/H2eduroam/eduroam+IdP) about configuring additional certificate properties. Not being a certificate guru, I'm normally just content to find whatever openssl command example to generate a new key and csr and have it signed, but it looks as though I might be missing some important details. Does anyone have any best practices or examples of how to properly generate an 802.1x signing request or are these things that are done through the CA interface? Regards, Craig SFU SIMON FRASER UNIVERSITY Network Services Craig Simons Network and Systems Administrator Phone: 778-782-8036 Cell: 604-649-7977 Email: craigsim...@sfu.camailto:craigsim...@sfu.ca Twitter: simonscraighttp://www.twitter.com/simonscraig ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.jpginline: image002.jpg
Apple posts DNS-SD/mDNS Internet Draft
Apologies for cross posting. Further to the work done by Lee Badman earlier this year and the Educause petition to Apple[1] regarding the supportability of their products on Enterprise networks, Tim Chown at the University of Southampton, UK has highlighted to me that Apple have released an Internet Draft that is a specific consequence of the petition. For those of you over in the US, Tim Chown is very much involved in new networking technologies JANET and GEANT (UK and Europe equilivants of Internet2), and he's Co-Chair of the IETF BoF considering this problem. As you can see in his e-mail below he would very much like to get some feedback from the community on the mdnsext list to help shape the problem statement. I think we need to thank Lee for initiating the petition, and a collective pat on the back for all signing the petition and then making Apple listen. Tomo. From: Tim Chown t...@ecs.soton.ac.uk Subject: Re: [WIRELESS-ADMIN] Petition to Apple for better Enterprise Support Date: 12 October 2012 12:37:42 BST To: wireless-ad...@jiscmail.ac.uk Reply-To: Wireless Issues in the JANET community wireless-ad...@jiscmail.ac.uk A heads up on the issue of service discovery for campus networks. There is a new mdnsext BoF planned for IETF85, which is about extending service discovery capabilities, to scenarios including campuses. An initial rather sketchy problem statement has been posted: http://tools.ietf.org/html/draft-lynn-mdnsext-requirements-00 Discussion on the problem statement is encouraged, preferably on the mdnsext list. You can join that list here: https://www.ietf.org/mailman/listinfo/mdnsext As a co-chair at least for the BoF, I can say that the more comments and discussion we have to gauge community opinion, the better. Tim [1] http://www.change.org/petitions/from-educause-higher-ed-wireless-networking-admin-group _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms Security | Information Technology. London Business School | Regent's Park | London NW1 4SA | United Kingdom. Switchboard +44 (0)20 7000 7000 | Direct line +44 (0)20 7000 | Email t...@london.edumailto:t...@london.edu www.london.eduhttp://www.london.edu London experience. World impact. Connect with us: [Description: twitter.jpg] https://twitter.com/LondonBSchool Follow us on Twitterhttps://twitter.com/LondonBSchool [Description: facebook.jpg] http://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105 Become a fan on Facebookhttp://www.facebook.com/pages/London-United-Kingdom/London-Business-School/14027365105 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.jpginline: image002.jpg
RE: [WIRELESS-LAN] selectively disabling wireless in classrooms
We've had it asked several times here (including for cellular). Each time we point out that it's an academic/classroom management issue, and that there's no simple technology solution available at the moment to solve it. On each occasion we've managed to convince management that we can't do it, and asked for evidence from academics that say others are doing this and been deafened by the response. _ Tomo | Senior Infrastructure Engineer - Networks, Telecoms Security. Direct line +44 (0)20 7000 | Email t...@london.edu www.london.edu http://www.london.edu/ Connect with us: https://twitter.com/LondonBSchool Follow us on Twitter https://twitter.com/LondonBSchool http://www.facebook.com/pages/London-United-Kingdom/London-Business-Sch ool/14027365105 Become a fan on Facebook http://www.facebook.com/pages/London-United-Kingdom/London-Business-Sch ool/14027365105 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barber, Matt Sent: 23 September 2011 13:38 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] selectively disabling wireless in classrooms Hi Jim, I also get this question/request a couple times a year. I flat-out refuse to do it. There are so many issues (coverage of other spaces, the students have cellular connectivity too, managing the changes, etc.) but those play a very small part in us not doing it. We simply don't do it on principle. I don't feel that it is our responsibility to help manage the attention of the students in the classroom. Luckily I have support from the appropriate people on campus for that stance. I will say that very few faculty members have asked overall. Most of our faculty are happy to include online video, Blackboard, and now iPads in their instruction. Good luck! Matt Barber Network and Systems Manager Morrisville State College 315-684-6053 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James P Sent: Friday, September 23, 2011 8:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] selectively disabling wireless in classrooms Well, it's that time of year again the time when we get calls from a handful of faculty who want the ability to disable the wireless access point that covers their classroom during specific class periods (they also want cellular coverage disabled during those times -- yeah, right ..).When I point out that the AP that covers their classroom may also provide coverage for the one next door, or that with a controller-based architecture, shutting off one access point would likely just increase the signal coverage area of adjacent APs, the response I usually get back is well, I KNOW that other universities are doing it, so FIX IT. So, let me ask my biennial question: what ARE other universities doing in this regard?I was specifically given U of Michigan as an example. Anyone know what they're doing? Any successful implementation details from anyone dealing with this issue are welcome.And yes, I am biting my tongue to not say teach more engagingly. Thanks in advance! -- Jim Gogan / Univ of North Carolina ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. __ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email __ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. __ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email __ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. image001.jpgimage002.jpgimage004.jpg
RE: [WIRELESS-LAN] The strategic importance of 5GHz
The Airwave webinar (for which a link was sent round last week) mentioned that some vendors are looking at providing two Ethernet sockets on MIMO / 802.11n Access Points, so they could draw 2 x 802.3af power connections and one live Ethernet connection. _ Tomo | Senior Network Telecommunications Infrastructure Engineer Direct line: +44 (0)20 7000 | Email: [EMAIL PROTECTED] www.london.edu -Original Message- From: Frank Bulk - iNAME [mailto:[EMAIL PROTECTED] Sent: 27 June 2007 02:32 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The strategic importance of 5GHz Dale: I've heard from at least one vendor that a b/g radio with and 802.11n radio may operate within 802.3af power limits. But I've heard nothing absolutely definite so far and I anticipate that we'll know more by the end of the summer as these products move from short-run samples to production. The whole 802.11n PoE and GigE port thing really puts most organizations into a pickle...they can cheat with using 100BaseT at the edge but if you really want to do full 802.11n on two radios it's going to necessitate a midspan, PoE injectors, or a new switch (and that will be at least a year away). If vendors can make an AP with an 802.11b/g radio and an 802.11n radio operate within 802.3af power limits that should give organizations the breathing room they need to upgrade their edge switching infrastructure over the next 3-5 years. Frank -Original Message- From: Dale W. Carder [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 3:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] The strategic importance of 5GHz On Jun 25, 2007, at 11:57 AM, Enfield, Chuck wrote: We currently only have one UTP cable to an AP location. The alternative is one GigE drop with either local power or proprietary UTP based power (including possible pre-standard 802.3at). One thing we did for the last 3 years is to pull siamese cable to each AP location, setting up the infrastructure in advance for a technology change. What will probably screw us as you mention is not enough PoE via 802.3af. Having an AP with bg on 2.4 and MIMO on 5 will probably require 802.3at. So in addition to replacing your AP's, you are now also forklifting your PoE switches... Dale ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. __ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System on behalf of the London Business School community. For more information please visit http://www.messagelabs.com/email __ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Guest access
We also have a commercial hotspot provided on our campus here at London Business School. TheCloud provides a service across our existing network of Access Points. The campus network access points have two SSIDs, and the public hotspot traffic runs in a separate VLAN across our LAN and over a VPN to their core network. The landing page that clients get when attached to commercial hotspot is slightly different from other sites in that there are links that allow free access to our website and portal (walled garden links) that were agreed when the service was set up, so a guest on our site need not pay to get to the majority of our campus resources, but can use a voucher, a supported roaming account, or a credit card to browse elsewhere. It was reasonably easy to set up, the service works well and is well received by our customers. I would imagine that hotspot operators in the US would be able to provide a similar service, and it can generate a revenue stream if that was required. -- Tomo. Network Telecoms Project Engineer, Information Systems Division London Business School, Sussex Place, Regents Park, London. NW1 4SA t: +44 (0)20 7000 direct --- +44 (0)20 7262 5050 general f: +44 (0)20 7000 7771 direct --- +44 (0)20 7724 7875 general e: mailto:[EMAIL PROTECTED] w: http://www.london.edu/technology/ On 31/03/2006 15:16, William Paraska wrote: That certainly is the question and one that ought to bother all of us. That is the reason that GSU has stopped providing access to non-University affiliated users. We push them to a commercial carrier that rides our same access points. They require identification and they track the bad actors. Bill Paraska Director, University Computing and Communications Information Systems and Technology (404) 651-0881 [EMAIL PROTECTED] 03/31/06 9:10 AM Ok, I have to ask the question that's been sitting on my mind for a while now. All the places that essentially allow unauthenticated wireless (including asking for an e-mail that anybody could easily just put [EMAIL PROTECTED]): How do you deal with abuse ? I realize that your choice of protocols likely limits the options, but it's still quite viable (for example posting of content to a message board, blog comment, or other public space that triggers legal or law enforcement response) ? Many of the safe harbor provisions protecting us legally are predicated on our ability to point the finger at the real offender. If we're unable to do so, we automatically become liable for the actions. How do you track down misbehaving guest users ? -S On Fri, 31 Mar 2006, Joyce, Todd N wrote: We allow these services for Guest Wireless Access and we are working to allow VPN to the outside. DNS - UDP 53 HTTP - TCP 80 HTTPS - TCP 443 Todd Joyce Network Services Radford University - The Smart Choice [EMAIL PROTECTED] (540) 831- Keep your boots and ChapStick and ice hotels. Give me shorts and sandals and a thirty-blocker. Temperance Brennan - Monday Mourning From: Entwistle, Bruce [mailto:[EMAIL PROTECTED] Sent: Thursday, March 30, 2006 7:33 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Guest access We have recently installed a wireless network on a portion of the campus. The student and administrators are all authenticated through a front end device which validates user accounts against an LDAP server running on a domain controller. However we now have the requirement for guests of the campus to connect to the wireless network. We have some ideas how we would like to handle this issue but are curious as to what others have done to accommodate these guest connections. Please let me know. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.