Re: [WIRELESS-LAN] AAA Override Bug?

[Joachim Tingvold]

On 15 Sep 2017, at 20:52, Hector J Rios wrote:

80MR4:AAA override VLAN lost on inter-controller roaming
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb21254
That definitely sounds like it could be our problem. I’ll look into 
it. Thanks!


Even if you're hitting this bug, we've encountered similar behavior 
before (not related to roaming); we use AAA override for all clients, 
and never actually let clients fall into the default WLAN interface. 
Regardless, we've seen clients in this default WLAN interface (and even 
getting IP addresses). It's been somewhat random, and with a very low 
number of clients, but not a behavior we want (since clients potentially 
might get access to resources they shouldn't).


To mitigate this we set the default WLAN interfaces to a VLAN not even 
present on the trunk towards the WLC, so that clients that might end up 
there won't be able to reach anything. We probably should've filed a bug 
when we first noticed this behavior, but the fix was quicker than going 
through the TAC-dance, and has worked ever since (-:


--
Joachim

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] AAA Override Bug?

[Hector J Rios]

That definitely sounds like it could be our problem. I’ll look into it. Thanks!

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mccormick, Kevin
Sent: Friday, September 15, 2017 10:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AAA Override Bug?

Are you hitting this bug?

80MR4:AAA override VLAN lost on inter-controller roaming

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb21254

Kevin 
McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website<http://www.wiu.edu/utech> | 
Facebook<https://www.facebook.com/uTechWIU> | 
Twitter<https://twitter.com/WIU_uTech>
[Image removed by sender.]

On Fri, Sep 15, 2017 at 10:06 AM, Yahya M. Jaber 
<yahya.ja...@kaust.edu.sa<mailto:yahya.ja...@kaust.edu.sa>> wrote:
I used to have 8.0.140.0 and now 8.0.140.9 both were working fine with AAA 
override.
Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Sep 15, 2017 17:39, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:

This week we identified a bug in our wireless software that is affecting 
eduroam. The behavior we are seeing is the following: when an LSU user connects 
to eduroam we look up their AD group membership. If it is a student, the user 
is placed on network “Y”; if it is an employee (faculty/staff), the user is 
placed on network “Z”. We have noticed employees being incorrectly placed on 
the student network (which is the default WLAN interface). We haven’t yet 
identified why this is happening but we are working with our Cisco. We do have 
AAA override enabled. We have WiSM2s running 8.0.140.0 code. We have confirmed 
that our RADIUS server is sending the correct VLAN id attribute. Anybody 
noticed the same behavior?



Hector Rios

Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] AAA Override Bug?

[Jeffrey D. Sessler]

That bug is fixed in 8.0.150.0 released about two weeks ago.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mccormick, Kevin
Sent: Friday, September 15, 2017 8:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AAA Override Bug?

Are you hitting this bug?

80MR4:AAA override VLAN lost on inter-controller roaming

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb21254

Kevin 
McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website<http://www.wiu.edu/utech> | 
Facebook<https://www.facebook.com/uTechWIU> | 
Twitter<https://twitter.com/WIU_uTech>
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Fri, Sep 15, 2017 at 10:06 AM, Yahya M. Jaber 
<yahya.ja...@kaust.edu.sa<mailto:yahya.ja...@kaust.edu.sa>> wrote:
I used to have 8.0.140.0 and now 8.0.140.9 both were working fine with AAA 
override.
Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Sep 15, 2017 17:39, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:

This week we identified a bug in our wireless software that is affecting 
eduroam. The behavior we are seeing is the following: when an LSU user connects 
to eduroam we look up their AD group membership. If it is a student, the user 
is placed on network “Y”; if it is an employee (faculty/staff), the user is 
placed on network “Z”. We have noticed employees being incorrectly placed on 
the student network (which is the default WLAN interface). We haven’t yet 
identified why this is happening but we are working with our Cisco. We do have 
AAA override enabled. We have WiSM2s running 8.0.140.0 code. We have confirmed 
that our RADIUS server is sending the correct VLAN id attribute. Anybody 
noticed the same behavior?



Hector Rios

Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] AAA Override Bug?

[Mccormick, Kevin]

Are you hitting this bug?

80MR4:AAA override VLAN lost on inter-controller roaming

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb21254

Kevin McCormick

Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 298-1335 <3092981335> | Morgan Hall 106b
Connect with uTech: Website  | Facebook
 | Twitter



On Fri, Sep 15, 2017 at 10:06 AM, Yahya M. Jaber 
wrote:

> I used to have 8.0.140.0 and now 8.0.140.9 both were working fine with AAA
> override.
>
> Yahya Jaber.
> CCIE Wireless.
> 055-869-7555
> ITNC Engineering.
> KAUST.
>
>
>
> Sent from an Android
>
> On Sep 15, 2017 17:39, Hector J Rios  wrote:
>
> This week we identified a bug in our wireless software that is affecting
> eduroam. The behavior we are seeing is the following: when an LSU user
> connects to eduroam we look up their AD group membership. If it is a
> student, the user is placed on network “Y”; if it is an employee
> (faculty/staff), the user is placed on network “Z”. We have noticed
> employees being incorrectly placed on the student network (which is the
> default WLAN interface). We haven’t yet identified why this is happening
> but we are working with our Cisco. We do have AAA override enabled. We have
> WiSM2s running 8.0.140.0 code. We have confirmed that our RADIUS server is
> sending the correct VLAN id attribute. Anybody noticed the same behavior?
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
>
> --
> This message and its contents including attachments are intended solely
> for the original recipient. If you are not the intended recipient or have
> received this message in error, please notify me immediately and delete
> this message from your computer system. Any unauthorized use or
> distribution is prohibited. Please consider the environment before printing
> this email.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] AAA Override Bug?

[Yahya M. Jaber]

I used to have 8.0.140.0 and now 8.0.140.9 both were working fine with AAA 
override.

Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Sep 15, 2017 17:39, Hector J Rios  wrote:

This week we identified a bug in our wireless software that is affecting 
eduroam. The behavior we are seeing is the following: when an LSU user connects 
to eduroam we look up their AD group membership. If it is a student, the user 
is placed on network “Y”; if it is an employee (faculty/staff), the user is 
placed on network “Z”. We have noticed employees being incorrectly placed on 
the student network (which is the default WLAN interface). We haven’t yet 
identified why this is happening but we are working with our Cisco. We do have 
AAA override enabled. We have WiSM2s running 8.0.140.0 code. We have confirmed 
that our RADIUS server is sending the correct VLAN id attribute. Anybody 
noticed the same behavior?



Hector Rios

Louisiana State University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.