Re: [WIRELESS-LAN] Aruba information sharing Zoom call

[Julian Y Koh]

On Sep 17, 2021, at 21:29, Patrick McEvilly 
mailto:patrick_mcevi...@harvard.edu>> wrote:

This group has been a great help to us as we dealt with several issues over the 
past two weeks related to our Aruba wireless infrastructure.


Just to add our experiences to the mix…..Aruba came out with a more widely 
available 8.7.1.5 C build last week.  We installed it on our beta/test 
controller cluster on Friday and are planning on doing one of our campus 
controller clusters tomorrow morning and then the other on Wednesday.  The 
other published mitigations have had us in a stable state over the past 10 days 
or so.  Then we are all waiting for the 8.7.1.6 GA build in a couple of weeks.  
Fingers crossed…..thanks to everyone here and at Aruba who has been sharing 
very helpful information and working with us through all of this.


--
Julian Y. Koh
Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Jeffrey D. Sessler]

When I read the uiowa wifi SLA link, I can't help but think it's boarding on an 
excuse, rather than a true SLA between the service operator and the customer.  
Don't misunderstand, there are technical limitations to WiFi, but we can also 
engineer around many of them assuming the organization considers the service 
strategically important to its mission and invests appropriately. If one isn't 
sure if it is strategically important, I would spend a little time perception 
checking within one's organization including sr. leadership.  I've run across 
many education organizations that will state WiFi is of strategic importance, 
but their capital investment per FTE is often significantly lower than their 
investment in say general software licensing.  It goes without saying, if the 
organization is spending $300/FTE on software licensing and only $50/FTE on 
capital investments in WiFi, it's likely there is a misalignment between 
strategic importance and funding.

I've also run into many an organization that invests oddly in WiFi.  They under 
capitalize the infrastructure but have 3-4 WiFi engineers that spend all their 
time trying to work around the under investment.  Imagine reducing the number 
of engineers from 4 to 1 and investing that $300-500K per year in WiFi 
infrastructure and assurance tools. It seems obvious, but sometimes 
self-preservation within a service organization can get in the way of solid 
service/business decisions.

Before going down the road of defining what constitutes "good wifi," it would 
be beneficial for folks to understand their current state, including the 
creation of an SLA around what you already have.  Parallel to this, meet with 
your customers to understand their needs, develop a new SLA, get leadership buy 
in, and out of that will come the answer for what constitutes "good wifi" to 
your organization.

Lastly, even a basic SLA can be immensely helpful in tempering the divide 
between what you have and what someone expects. As an alternative to 
techsplaining away the service quality issues, your customers know exactly what 
the service is and is not, including by location.  Imagine something as basic 
as:

Residential Hallls

  *   Dense deployment of WiFi. Designed to meet the demanding needs of 
high-def steaming and gaming.
  *   Design assumes an average of four devices per resident.
  *   Minimum of one access point per every other room.
  *   Near equivalent to a gigabit wired port.

Academic Spaces

  *   Classrooms
 *   Support for interactive applications
 *   Designed for twelve FTE per access point
 *   Minimum of one access point per classroom
 *   Minimal support for high-def streaming outside of instructor or 
in-room conferencing
  *   Conference Rooms
  *   Study Spaces
Outdoor Spaces

  *   
 *   Designed for coverage
 *   Basic email, texting
 *   Reliable streaming unlikely
Best,
Jeff


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of LaPorte, David
Sent: Friday, September 24, 2021 2:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: 
[WIRELESS-LAN] Wi-Fi expectations/service levels and validation

You don't often get email from 
david_lapo...@harvard.edu<mailto:david_lapo...@harvard.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
Yes, thanks to you and all who have responded.  It's been good to hear that 
we're not alone in finding this exercise very challenging, and it's been great 
to see some of the great pages and thoughts provided.  I'll be sure to share 
what  we come up with.

Have a nice weekend!
Dave

-

David LaPorte
Harvard University Information Technology
P: (617) 496-3446

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Sullivan, Don mailto:dsulli...@samford.edu>>
Date: Friday, September 24, 2021 at 2:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: 
[WIRELESS-LAN] Wi-Fi expectations/service levels and validation
I appreciate you sharing this also. Nice writeup.

Don Sullivan
Network Administrator
Technology Services

205-726-2111 | office
dsulli...@samford.edu<mailto:dsulli...@samford.edu>
LinkedIn<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__linkedin.com_in_donaldasullivan%26d%3DDwMFAg%26c%3DWO-RGvefibhHBZq3fL85hQ%26r%3DMOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg%26m%3D66eczq-lhTWokgpC7ISIJDuVbvQX-2k0CVYLoxVs9ws%26s%3DqBxdFcU71fVnkYBunsJsm6IReqMLjuJVuB_MYG91IdQ%26e%3D=04%7C01%7CJeff%40scrippscollege.edu%7Ca2fcd0e464904972c7b608d97f9f3cde%7C472746

RE: [WIRELESS-LAN] Protecting Cisco 1815w APs

[Gray, Sean]

Hi Matt,

Thanks for sharing. The RJ-45 block-outs may also be a good investment for us.

Thanks

Sean

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Matthew Craig
Sent: September 23, 2021 1:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Suspicious emails should be forwarded to 
phish...@uleth.ca<mailto:phish...@uleth.ca>.

We use standard flush-mount boxes, such that there is no protruding box to 
tamper with most of time; the device is flush with the wall.  If a protruding 
box must be installed, there really is no way to prevent people from making 
holes in it or ripping it off.


We utilize the locking screw with cover-up sticker that comes with the device.  
This helps… one has to go through the trouble of discovering the sticker and 
having a sufficient screwdriver to back the screw out, or straight up ripping 
it off the wall (which can be difficult)

For the RJ-45 ports, if we don’t want them to be used (such as the passthrough 
if not used), we use RJ-45 block-outs

Cisco offers Physical Security Kits we keep in stock that has additional screws 
and stickers plus the RJ-45 block-outs: AIR–SEC–50=

If we need bulk RJ-45 block-outs for a large project or something, we buy: 
https://www.amazon.com/Lindy-RJ45-Port-Blockers-40471/dp/B00F3VBOU6/ref=pd_bxgy_147_img_2?ie=UTF8=1=XG25B9TBZNJX5B4YXE4Z



All of these above really help.




If we don’t want an ethernet cable removed we use port-lock kits, although this 
is rarely used: 
https://www.cdw.com/product/Panduit-outlet-port-lock-kit/1648217?cm_cat=google_ite=1648217_pla=NA-NA-Panduit_CN_ven=acquirgy_id=CjwKCAjwy7CKBhBMEiwA0Eb7au_NZdEqvxzyZ2RGMPSAOGiK-G4pC_EpSZvKNBgjXTxWKMAI1MOfZxoCfsoQAvD_BwE:G:s=CjwKCAjwy7CKBhBMEiwA0Eb7au_NZdEqvxzyZ2RGMPSAOGiK-G4pC_EpSZvKNBgjXTxWKMAI1MOfZxoCfsoQAvD_BwE_kwcid=AL!4223!3!496173788312!!!g!325109538940!!12244136370!117820874592




Our most common issue is people using the device to step up higher on the wall 
or smashing it with furniture.  I am unaware of any way to truly prevent this.  
We are a charge-back shop, so any replacement is bought by the building owner 
(sometimes they choose to simply not replace them and go without), so its not a 
big deal to us personally.



-
Matt







On Sep 23, 2021, at 11:19 AM, Eric Jensen 
mailto:epjen...@alaska.edu>> wrote:

WARNING: This email originated external to the NMSU email system. Do not click 
on links or open attachments unless you are sure the content is safe.
Hi Sean,

We have quite a number of the 1815W access points deployed throughout our 
campus housing as well.  We haven't noticed much issue with the LAN ports on 
the bottom getting damaged, but we have had occasional issues with students 
disconnecting them.  Ours are primarily mounted on surface mount j-boxes, so 
students will typically just remove a knockout hole and fish the cable out to 
disconnect, but we've had some get pried off as well, which, thankfully, has 
primarily just damaged the mounting plate.  We haven't done much to prevent it, 
but we do shut the switchport down to the room whenever an AP is disconnected, 
to provide an opportunity for educating the user.  Additionally, this year we 
had stickers printed to place on each AP with (very brief) instructions for 
connecting to our different wireless options, as well as to the wired ports on 
the bottom of the unit, and include our helpdesk website and phone number.  The 
idea being that having readily available instructions/help will reduce work for 
us as well as frustration for the students.  Don't really have any hard numbers 
as to how much it has helped, but our Residence Life staff were pretty 
enthusiastic about the idea.

All of that said, I know Oberon makes an enclosure that works with those APs 
(https://oberoninc.com/products/1017-wh/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Foberoninc.com%2Fproducts%2F1017-wh%2F=04%7C01%7Cmatcraig%40nmsu.edu%7C650989b12373408afd3508d97eb6511e%7Ca3ec87a89fb84158ba8ff11bace1ebaa%7C1%7C0%7C637680143776063162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=nDw14UfDoUP0v1aV1LRKOdh%2FxHHUyn%2BTpppwqUXKbzk%3D=0>),
 which you could utilize if the problem is pervasive enough.  However, for us 
it's a low enough occurrence rate, and the 1815W units are inexpensive enough, 
that it would be far more costly to install the enclosures, in both time and 
money, than it is to deal with the occasional disconnected/damaged AP.

Cheers,

Eric

--
--

---
Eric Jensen
Senior Network Communications Specialist
University of Alaska -

Re: [WIRELESS-LAN] [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[LaPorte, David]

Yes, thanks to you and all who have responded.  It’s been good to hear that 
we’re not alone in finding this exercise very challenging, and it’s been great 
to see some of the great pages and thoughts provided.  I’ll be sure to share 
what  we come up with.

Have a nice weekend!
Dave

—

David LaPorte
Harvard University Information Technology
P: (617) 496-3446

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Sullivan, Don 

Date: Friday, September 24, 2021 at 2:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: 
[WIRELESS-LAN] Wi-Fi expectations/service levels and validation
I appreciate you sharing this also. Nice writeup.

Don Sullivan
Network Administrator
Technology Services

205-726-2111 | office
dsulli...@samford.edu<mailto:dsulli...@samford.edu>
LinkedIn<https://urldefense.proofpoint.com/v2/url?u=http-3A__linkedin.com_in_donaldasullivan=DwMFAg=WO-RGvefibhHBZq3fL85hQ=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg=66eczq-lhTWokgpC7ISIJDuVbvQX-2k0CVYLoxVs9ws=qBxdFcU71fVnkYBunsJsm6IReqMLjuJVuB_MYG91IdQ=>
www.samford.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.samford.edu=DwMFAg=WO-RGvefibhHBZq3fL85hQ=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg=66eczq-lhTWokgpC7ISIJDuVbvQX-2k0CVYLoxVs9ws=FV7QtVVYn6xY1AEK1-CEjhV3gUVGEYZYBP6vmZDF7ak=>
800 Lakeshore Drive
Birmingham, AL 
35229<https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_maps-3Fq-3D800-2BLakeshore-2BDrive-2C-2BBirmingham-2C-2BAL-2B35229-2C-2BUS=DwMFAg=WO-RGvefibhHBZq3fL85hQ=MOrPzn96ki798xbUwXJc6Hbb8ZwV-Df1GCkE26WPyzg=66eczq-lhTWokgpC7ISIJDuVbvQX-2k0CVYLoxVs9ws=eIYvXWA1-neKcMLK2TAQwhoO5apjnHOoSmGA1FFNluE=>

[Samford Samford University Logo]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Besko, Lisa
Sent: Friday, September 24, 2021 13:29
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi 
expectations/service levels and validation

Thanks for sharing that, Neil.  It’s a good write up.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Johnson, Neil M
Sent: Friday, September 24, 2021 1:45 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi 
expectations/service levels and validation

We often refer people to this document penned by my predecessor when they try 
to do things like have an auditorium of students all connect to Zoom and then 
complain about the WiFi.

https://its.uiowa.edu/support/article/2790<https://urldefense.com/v3/__https:/its.uiowa.edu/support/article/2790__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KY0COV6k$>

-Neil

--
Neil Johnson – University of Iowa

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Enfield, Chuck
Sent: Thursday, September 23, 2021 4:02 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and 
validation

The jury is still out on whether there is such a thing as good WI-Fi..

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of LaPorte, David
Sent: Thursday, September 23, 2021 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

Hi All,

Coming out of a very rough fall semester start that left many of our users 
suffering with “bad” Wi-Fi, we’ve since (understandably) been asked what 
constitutes “good” Wi-Fi.  We have not previously published information to our 
community on what they should expect or on how they can validate those 
expectations.  Does anyone have any knowledge articles or links they could 
share?

Thanks!
Dave


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.educause.edu*2Fcommunity=04*7C01*7Ccae104*40PSU.EDU*7Cdc4a67a6d34d4d8bdd9a08d97ed15a1c*7C7cf48d453ddb4389a9c1c115526eb52e*7C0*7C0*7C637680259896097840*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000=qM*2Bd*2BWeoQU60QSjFSAk08oIcJgMZ6UKBErNxjRQ4t70*3D=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-Kc1lBSh7$>

**
Replies to EDUCAUSE Community Group 

RE: [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Sullivan, Don]

I appreciate you sharing this also. Nice writeup.

Don Sullivan
Network Administrator
Technology Services

205-726-2111 | office
dsulli...@samford.edu<mailto:dsulli...@samford.edu>
LinkedIn<http://linkedin.com/in/donaldasullivan>
www.samford.edu<http://www.samford.edu>
800 Lakeshore Drive
Birmingham, AL 
35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US>

[Samford Samford University Logo]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Besko, Lisa
Sent: Friday, September 24, 2021 13:29
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXTERNAL]Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi 
expectations/service levels and validation

Thanks for sharing that, Neil.  It's a good write up.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Johnson, Neil M
Sent: Friday, September 24, 2021 1:45 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi 
expectations/service levels and validation

We often refer people to this document penned by my predecessor when they try 
to do things like have an auditorium of students all connect to Zoom and then 
complain about the WiFi.

https://its.uiowa.edu/support/article/2790<https://urldefense.com/v3/__https:/its.uiowa.edu/support/article/2790__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KY0COV6k$>

-Neil

--
Neil Johnson - University of Iowa

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Enfield, Chuck
Sent: Thursday, September 23, 2021 4:02 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and 
validation

The jury is still out on whether there is such a thing as good WI-Fi..

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of LaPorte, David
Sent: Thursday, September 23, 2021 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

Hi All,

Coming out of a very rough fall semester start that left many of our users 
suffering with "bad" Wi-Fi, we've since (understandably) been asked what 
constitutes "good" Wi-Fi.  We have not previously published information to our 
community on what they should expect or on how they can validate those 
expectations.  Does anyone have any knowledge articles or links they could 
share?

Thanks!
Dave


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.educause.edu*2Fcommunity=04*7C01*7Ccae104*40PSU.EDU*7Cdc4a67a6d34d4d8bdd9a08d97ed15a1c*7C7cf48d453ddb4389a9c1c115526eb52e*7C0*7C0*7C637680259896097840*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000=qM*2Bd*2BWeoQU60QSjFSAk08oIcJgMZ6UKBErNxjRQ4t70*3D=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-Kc1lBSh7$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KVXc0V0S$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KVXc0V0S$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://secure-web.cisc

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Besko, Lisa]

Thanks for sharing that, Neil.  It's a good write up.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Johnson, Neil M
Sent: Friday, September 24, 2021 1:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Wi-Fi 
expectations/service levels and validation

We often refer people to this document penned by my predecessor when they try 
to do things like have an auditorium of students all connect to Zoom and then 
complain about the WiFi.

https://its.uiowa.edu/support/article/2790<https://urldefense.com/v3/__https:/its.uiowa.edu/support/article/2790__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KY0COV6k$>

-Neil

--
Neil Johnson - University of Iowa

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Enfield, Chuck
Sent: Thursday, September 23, 2021 4:02 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and 
validation

The jury is still out on whether there is such a thing as good WI-Fi..

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of LaPorte, David
Sent: Thursday, September 23, 2021 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

Hi All,

Coming out of a very rough fall semester start that left many of our users 
suffering with "bad" Wi-Fi, we've since (understandably) been asked what 
constitutes "good" Wi-Fi.  We have not previously published information to our 
community on what they should expect or on how they can validate those 
expectations.  Does anyone have any knowledge articles or links they could 
share?

Thanks!
Dave


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/nam10.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.educause.edu*2Fcommunity=04*7C01*7Ccae104*40PSU.EDU*7Cdc4a67a6d34d4d8bdd9a08d97ed15a1c*7C7cf48d453ddb4389a9c1c115526eb52e*7C0*7C0*7C637680259896097840*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000=qM*2Bd*2BWeoQU60QSjFSAk08oIcJgMZ6UKBErNxjRQ4t70*3D=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-Kc1lBSh7$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KVXc0V0S$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!jr3Zq9t2XdCg14wqO3EufaYVyW2EtU248J9eOcUFuviAll7KenZ-KVXc0V0S$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Johnson, Neil M]

We often refer people to this document penned by my predecessor when they try 
to do things like have an auditorium of students all connect to Zoom and then 
complain about the WiFi.

https://its.uiowa.edu/support/article/2790

-Neil

--
Neil Johnson - University of Iowa

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Thursday, September 23, 2021 4:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [External] Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and 
validation

The jury is still out on whether there is such a thing as good WI-Fi..

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of LaPorte, David
Sent: Thursday, September 23, 2021 4:33 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

Hi All,

Coming out of a very rough fall semester start that left many of our users 
suffering with "bad" Wi-Fi, we've since (understandably) been asked what 
constitutes "good" Wi-Fi.  We have not previously published information to our 
community on what they should expect or on how they can validate those 
expectations.  Does anyone have any knowledge articles or links they could 
share?

Thanks!
Dave


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ccae104%40PSU.EDU%7Cdc4a67a6d34d4d8bdd9a08d97ed15a1c%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637680259896097840%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=qM%2Bd%2BWeoQU60QSjFSAk08oIcJgMZ6UKBErNxjRQ4t70%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Coehoorn, Joel]

In the recent past, I've defined good (at least: acceptable) wifi as when a
single device can maintain sustained throughput of 25Mbps downstream under
typical conditions with no undue additional latency: enough for a Netflix
to serve 4K Ultra HDR video. Less than that and other services like game
downloads and FaceTime can start to suffer as well, and more than that
isn't really useful... even a person watching the video and doing something
else on the same device is either no longer paying enough attention to the
movie to notice when Netflix downgrades the video quality or doesn't mind
that whatever they downloaded in the background took a little longer,
because they were watching a movie. A device can multitask effectively, but
a person's attention is finite.

I like thinking this way rather than in terms of things like signal
strength because it helps keep me focused on results. Obviously signal
strength has a lot to do meeting that goal everywhere, as does radio
placement and configuration, etc. But this also gives me permission to miss
a goal at the end of a hallway, if I can see connections are still good
enough for functional use. Obviously we can meet this goal without
provisioning 25Mbps of bandwidth for every device, and in most places
meeting this objective everywhere means the vast majority of locations you
can do **MUCH** better most of the time.

One challenge here is the "typical conditions" part of the definition,
because that changes every year. Going forward, I also need to think more
about this in terms of upstream bandwidth, too, as covid has taken the
already-common two-way video chat services and kicked it up a notch or
three.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Sep 23, 2021 at 6:17 PM Oliver, Jeff  wrote:

> Hey Dave,
>
>
>
> And a follow up question would be ‘what makes it bad?’
>
>
>
> We have had wifi blues during semester startup a number of times over the
> years. Some have been coverage related, some have been throughput related,
> some have been router/DHCP related, and we have even had some that were
> protocol related. Really depends on what your complaints are and what
> they point to…
>
>
>
> Having the right tools to validate or invalidate concerns are important
> whether they be vendor supplied or 3rd party.
>
>
>
>
>
> Cheers,
>
> Jeff
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Kushner, Jeff
> *Sent:* September 23, 2021 3:13 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> Caution: This email was sent from someone *outside of the University of
> Lethbridge*. Do not click on links or open attachments unless you know
> they are safe. Suspicious emails should be forwarded to phish...@uleth.ca.
>
>
>
> It is interesting, when I started doing wireless almost 20 years ago,
> before lightweight really existed, wireless was always positioned as a best
> effort and wired was definitely the way to go if a reliable connection was
> required. Today, wireless has become a replacement for wired in many
> locations, but our success is almost our downfall, the proliferation of
> wireless devices and interferers makes the delivery of quality wireless
> connections a constant battle. Not to mention the wide variety of client
> devices. And lets not even mention the manufacturers and issues with the
> firmware and software. I guess we can call all the aggravation a form of
> job security.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Thursday, September 23, 2021 5:02 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> *Message sent from a system outside of UConn.*
>
>
>
> The jury is still out on whether there is such a thing as good WI-Fi..
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *LaPorte, David
> *Sent:* Thursday, September 23, 2021 4:33 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Wi-Fi expectations/service levels and validation
>
>
>
> Hi All,
>
>
>
> Coming out of a very rough fall semester start that left many of our users
> suffering with “bad” Wi-Fi, we’ve since (understandably) been asked what
> constitutes “good” Wi-Fi.  We have not previously published information to
> our community on what they should expect or on how they can validate those
> expectations.  

RE: [WIRELESS-LAN] Protecting Cisco 1815w APs

[Besko, Lisa]

We use the stickers and the security screw.  It has not been any more of an 
issue than the Enterprise units.  Has anyone used the Kensington lock slot on 
the left side?

Lisa

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Gray, Sean
Sent: Thursday, September 23, 2021 5:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

Thanks Eric,

I like the sticker option, that may stop the tinkerers out there. Oberon are 
certainly on our list of places to look for a protective box.

Thanks

Sean

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Eric Jensen
Sent: September 23, 2021 11:19 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Suspicious emails should be forwarded to 
phish...@uleth.ca<mailto:phish...@uleth.ca>.

Hi Sean,

We have quite a number of the 1815W access points deployed throughout our 
campus housing as well.  We haven't noticed much issue with the LAN ports on 
the bottom getting damaged, but we have had occasional issues with students 
disconnecting them.  Ours are primarily mounted on surface mount j-boxes, so 
students will typically just remove a knockout hole and fish the cable out to 
disconnect, but we've had some get pried off as well, which, thankfully, has 
primarily just damaged the mounting plate.  We haven't done much to prevent it, 
but we do shut the switchport down to the room whenever an AP is disconnected, 
to provide an opportunity for educating the user.  Additionally, this year we 
had stickers printed to place on each AP with (very brief) instructions for 
connecting to our different wireless options, as well as to the wired ports on 
the bottom of the unit, and include our helpdesk website and phone number.  The 
idea being that having readily available instructions/help will reduce work for 
us as well as frustration for the students.  Don't really have any hard numbers 
as to how much it has helped, but our Residence Life staff were pretty 
enthusiastic about the idea.

All of that said, I know Oberon makes an enclosure that works with those APs 
(https://oberoninc.com/products/1017-wh/<https://urldefense.com/v3/__https:/oberoninc.com/products/1017-wh/__;!!HXCxUKc!lDE1sZDOE1r1P1oJYBuPRSP6eedjo_U23Eu3Yf5Zdbldk0JpC2fOMHdsCO-n$>),
 which you could utilize if the problem is pervasive enough.  However, for us 
it's a low enough occurrence rate, and the 1815W units are inexpensive enough, 
that it would be far more costly to install the enclosures, in both time and 
money, than it is to deal with the occasional disconnected/damaged AP.

Cheers,

Eric

--
--

---
Eric Jensen
Senior Network Communications Specialist
University of Alaska - Office of Information Technology
email:  epjen...@alaska.edu<mailto:eric.jen...@alaska.edu>
phone:  907-450-8326
---

On Thu, Sep 23, 2021 at 8:55 AM Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:
Hi Everyone,

I hope you are all surviving another semester start up without too much pain!

We have a large number of wall mounted Cisco 1815w access points on campus. 
Lately we have noticed that the LAN ports are getting damaged and are looking 
at way to stop people tampering with the patch cables.

I’m interested to see if anyone else has experienced this problem and am 
wondering what steps they took to protect their access points?

Thanks

Sean

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!lDE1sZDOE1r1P1oJYBuPRSP6eedjo_U23Eu3Yf5Zdbldk0JpC2fOMPer_F17$>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!HXCxUKc!lDE1sZDOE1r1P1oJYBuPRSP6eedjo_U23Eu3Yf5Zdbldk0JpC2fOMPer_F17$>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the pers

RE: [WIRELESS-LAN] Protecting Cisco 1815w APs

[Gray, Sean]

Thanks Eric,

I like the sticker option, that may stop the tinkerers out there. Oberon are 
certainly on our list of places to look for a protective box.

Thanks

Sean

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Eric Jensen
Sent: September 23, 2021 11:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

Caution: This email was sent from someone outside of the University of 
Lethbridge. Do not click on links or open attachments unless you know they are 
safe. Suspicious emails should be forwarded to 
phish...@uleth.ca<mailto:phish...@uleth.ca>.

Hi Sean,

We have quite a number of the 1815W access points deployed throughout our 
campus housing as well.  We haven't noticed much issue with the LAN ports on 
the bottom getting damaged, but we have had occasional issues with students 
disconnecting them.  Ours are primarily mounted on surface mount j-boxes, so 
students will typically just remove a knockout hole and fish the cable out to 
disconnect, but we've had some get pried off as well, which, thankfully, has 
primarily just damaged the mounting plate.  We haven't done much to prevent it, 
but we do shut the switchport down to the room whenever an AP is disconnected, 
to provide an opportunity for educating the user.  Additionally, this year we 
had stickers printed to place on each AP with (very brief) instructions for 
connecting to our different wireless options, as well as to the wired ports on 
the bottom of the unit, and include our helpdesk website and phone number.  The 
idea being that having readily available instructions/help will reduce work for 
us as well as frustration for the students.  Don't really have any hard numbers 
as to how much it has helped, but our Residence Life staff were pretty 
enthusiastic about the idea.

All of that said, I know Oberon makes an enclosure that works with those APs 
(https://oberoninc.com/products/1017-wh/), which you could utilize if the 
problem is pervasive enough.  However, for us it's a low enough occurrence 
rate, and the 1815W units are inexpensive enough, that it would be far more 
costly to install the enclosures, in both time and money, than it is to deal 
with the occasional disconnected/damaged AP.

Cheers,

Eric

--
--

---
Eric Jensen
Senior Network Communications Specialist
University of Alaska - Office of Information Technology
email:  epjen...@alaska.edu<mailto:eric.jen...@alaska.edu>
phone:  907-450-8326
---

On Thu, Sep 23, 2021 at 8:55 AM Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:
Hi Everyone,

I hope you are all surviving another semester start up without too much pain!

We have a large number of wall mounted Cisco 1815w access points on campus. 
Lately we have noticed that the LAN ports are getting damaged and are looking 
at way to stop people tampering with the patch cables.

I’m interested to see if anyone else has experienced this problem and am 
wondering what steps they took to protect their access points?

Thanks

Sean

Sean Gray | B.Sc (Hons)
Voice, Collaboration & Wireless Network Analyst
ITS, University of Lethbridge


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

[Matthew Craig]

We use standard flush-mount boxes, such that there is no protruding box to 
tamper with most of time; the device is flush with the wall.  If a protruding 
box must be installed, there really is no way to prevent people from making 
holes in it or ripping it off.


We utilize the locking screw with cover-up sticker that comes with the device.  
This helps… one has to go through the trouble of discovering the sticker and 
having a sufficient screwdriver to back the screw out, or straight up ripping 
it off the wall (which can be difficult)

For the RJ-45 ports, if we don’t want them to be used (such as the passthrough 
if not used), we use RJ-45 block-outs

Cisco offers Physical Security Kits we keep in stock that has additional screws 
and stickers plus the RJ-45 block-outs: AIR–SEC–50=

If we need bulk RJ-45 block-outs for a large project or something, we buy: 
https://www.amazon.com/Lindy-RJ45-Port-Blockers-40471/dp/B00F3VBOU6/ref=pd_bxgy_147_img_2?ie=UTF8=1=XG25B9TBZNJX5B4YXE4Z



All of these above really help.




If we don’t want an ethernet cable removed we use port-lock kits, although this 
is rarely used: 
https://www.cdw.com/product/Panduit-outlet-port-lock-kit/1648217?cm_cat=google_ite=1648217_pla=NA-NA-Panduit_CN_ven=acquirgy_id=CjwKCAjwy7CKBhBMEiwA0Eb7au_NZdEqvxzyZ2RGMPSAOGiK-G4pC_EpSZvKNBgjXTxWKMAI1MOfZxoCfsoQAvD_BwE:G:s=CjwKCAjwy7CKBhBMEiwA0Eb7au_NZdEqvxzyZ2RGMPSAOGiK-G4pC_EpSZvKNBgjXTxWKMAI1MOfZxoCfsoQAvD_BwE_kwcid=AL!4223!3!496173788312!!!g!325109538940!!12244136370!117820874592




Our most common issue is people using the device to step up higher on the wall 
or smashing it with furniture.  I am unaware of any way to truly prevent this.  
We are a charge-back shop, so any replacement is bought by the building owner 
(sometimes they choose to simply not replace them and go without), so its not a 
big deal to us personally.




-
Matt







On Sep 23, 2021, at 11:19 AM, Eric Jensen 
mailto:epjen...@alaska.edu>> wrote:

WARNING: This email originated external to the NMSU email system. Do not click 
on links or open attachments unless you are sure the content is safe.
Hi Sean,

We have quite a number of the 1815W access points deployed throughout our 
campus housing as well.  We haven't noticed much issue with the LAN ports on 
the bottom getting damaged, but we have had occasional issues with students 
disconnecting them.  Ours are primarily mounted on surface mount j-boxes, so 
students will typically just remove a knockout hole and fish the cable out to 
disconnect, but we've had some get pried off as well, which, thankfully, has 
primarily just damaged the mounting plate.  We haven't done much to prevent it, 
but we do shut the switchport down to the room whenever an AP is disconnected, 
to provide an opportunity for educating the user.  Additionally, this year we 
had stickers printed to place on each AP with (very brief) instructions for 
connecting to our different wireless options, as well as to the wired ports on 
the bottom of the unit, and include our helpdesk website and phone number.  The 
idea being that having readily available instructions/help will reduce work for 
us as well as frustration for the students.  Don't really have any hard numbers 
as to how much it has helped, but our Residence Life staff were pretty 
enthusiastic about the idea.

All of that said, I know Oberon makes an enclosure that works with those APs 
(https://oberoninc.com/products/1017-wh/),
 which you could utilize if the problem is pervasive enough.  However, for us 
it's a low enough occurrence rate, and the 1815W units are inexpensive enough, 
that it would be far more costly to install the enclosures, in both time and 
money, than it is to deal with the occasional disconnected/damaged AP.

Cheers,

Eric

--
--

---
Eric Jensen
Senior Network Communications Specialist
University of Alaska - Office of Information Technology
email:  epjen...@alaska.edu
phone:  907-450-8326
---

On Thu, Sep 23, 2021 at 8:55 AM Gray, Sean 
mailto:sean.gr...@uleth.ca>> wrote:
Hi Everyone,

I hope you are all surviving another semester start up without too much pain!

We have a large number of wall mounted Cisco 1815w access points on campus. 
Lately we have noticed that the LAN ports are getting damaged and are looking 
at way to stop people tampering with the patch cables.

I’m interested to see if anyone else has experienced this problem and am 
wondering what steps they took to protect their access points?

Re: [WIRELESS-LAN] Protecting Cisco 1815w APs

[Eric Jensen]

Hi Sean,

We have quite a number of the 1815W access points deployed throughout our
campus housing as well.  We haven't noticed much issue with the LAN ports
on the bottom getting damaged, but we have had occasional issues with
students disconnecting them.  Ours are primarily mounted on surface mount
j-boxes, so students will typically just remove a knockout hole and fish
the cable out to disconnect, but we've had some get pried off as well,
which, thankfully, has primarily just damaged the mounting plate.  We
haven't done much to prevent it, but we do shut the switchport down to the
room whenever an AP is disconnected, to provide an opportunity for
educating the user.  Additionally, this year we had stickers printed to
place on each AP with (very brief) instructions for connecting to our
different wireless options, as well as to the wired ports on the bottom of
the unit, and include our helpdesk website and phone number.  The idea
being that having readily available instructions/help will reduce work for
us as well as frustration for the students.  Don't really have any hard
numbers as to how much it has helped, but our Residence Life staff were
pretty enthusiastic about the idea.

All of that said, I know Oberon makes an enclosure that works with those
APs (https://oberoninc.com/products/1017-wh/), which you could utilize if
the problem is pervasive enough.  However, for us it's a low enough
occurrence rate, and the 1815W units are inexpensive enough, that it would
be far more costly to install the enclosures, in both time and money, than
it is to deal with the occasional disconnected/damaged AP.

Cheers,

Eric

--
--

---
Eric Jensen
Senior Network Communications Specialist
University of Alaska - Office of Information Technology
email:  epjen...@alaska.edu 
phone:  907-450-8326
---

On Thu, Sep 23, 2021 at 8:55 AM Gray, Sean  wrote:

> Hi Everyone,
>
>
>
> I hope you are all surviving another semester start up without too much
> pain!
>
>
>
> We have a large number of wall mounted Cisco 1815w access points on
> campus. Lately we have noticed that the LAN ports are getting damaged and
> are looking at way to stop people tampering with the patch cables.
>
>
>
> I’m interested to see if anyone else has experienced this problem and am
> wondering what steps they took to protect their access points?
>
>
>
> Thanks
>
>
>
> Sean
>
>
>
> *Sean Gray* | B.Sc (Hons)
>
> Voice, Collaboration & Wireless Network Analyst
>
> ITS, University of Lethbridge
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [EXTERNAL] Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

[Jason Mallon]

We have been running 8.10.151 on five HA pairs for over a year now without any 
code related issues.  There are currently somewhere between 9000 and 9500 APs 
ranging from 2700s to 9130s.  We were just made aware of bug CSCvx98176 by our 
SE, but have decided not to upgrade to 8.10.162 without seeing the bug.

Jason Mallon
Network Engineer
Office of Information Technology
The University of Alabama<https://www.ua.edu/>
jemal...@ua.edu<mailto:jemal...@ua.edu>
[The University of Alabama stacked logo with box A]<https://www.ua.edu/>


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Misra, Sapna 

Date: Tuesday, September 21, 2021 at 8:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on 
Stability?
We have been running 8.10.151.0 in our standalone cluster with ~100 APs for 
about 2 months now and it has been running stable.

Best,
Sapna Misra | Principal Network Engineer | Information Technology | Vanderbilt 
University Medical Center
sapna.tripa...@vumc.org<mailto:sapna.tripa...@vumc.org> | Phone 615-875-8876

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tariq Adnan
Sent: Tuesday, September 21, 2021 6:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

Just checking if there is any consensus on a stable code in 8.10 train?

Cisco is 
recommending<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fwireless%2Fwireless-lan-controller-software%2F200046-tac-recommended-aireos.html=04%7C01%7Cjemallon%40ua.edu%7C05b69d9839254578ccdf08d97d069cad%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637678290501410014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=njwNzNtA8Js2s7yaBe0QP4C4Z7nn%2F%2BjFmao5N0LbWWE%3D=0>
 both 8.10.151 and 8.10.162, has anyone tried the latter (.162) and how stable 
it is?

[cid:image002.png@01D7AECD.46FC0850]


We have 2 pairs of 8540s; one will remain on 8.5 because of 3600 APs, other 
will need to be upgraded (currently running 8.10.121.7).

Thanks,

-
Cheers,

Kind regards,
Tariq

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Lee H Badman
Sent: Thursday, 3 June 2021 12:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

Hi all,

After a tumultuous series of code versions, awhile back we settled on 8.5.151.0 
and hung on to it like grim death because it was very, very reliable.

Given that 8.5 code goes end-of-support at end of 2021, combined with latest 
rounds of announced vulnerabilities, I’m looking for recommendations in the 
8.10 train based on wanting stability above all. We have 3800s and 3700s 
currently, likely to stay that way through the next academic year.

Has anyone found an 8.10. code version for the 8540 that supports the 3700 and 
3800 while providing good daily stability?

Thanks,


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2FzpQUCjZ1N7inD5mn5TWj-B6%3Fdomain%3Danswers.syr.edu=04%7C01%7Cjemallon%40ua.edu%7C05b69d9839254578ccdf08d97d069cad%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637678290501420008%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=69Kcap3DOLHELuDuAre9PNLVDylowDsyWcJkrxUd4wM%3D=0>
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect-au.mimecast.com%2Fs%2F71w8Ck81N9tOAWBOWsVVm4m%3Fdomain%3Deducause.edu=04%7C01%7Cjemallon%40ua.edu%7C05b69d9839254578ccdf08d97d069cad%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637678290501430003%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=m%2FNW%2BEXuxiWMSm2EnmYReNHwp4ZbYamfWTij%2BGRqm2s%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional partic

RE: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Muraca, Peppino P.]

Hi Jon, thank you for this information geoguard  cleared our ip from black list 
. Thank you for the information !!

Thank you
Pino

Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
C:508-243-5910
pmur...@stonehill.edu<mailto:pmur...@stonehill.edu>




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jon Young
Sent: Friday, September 17, 2021 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is 
connected to the internet using a VPN or proxy service)

There have been several threads over this on the NANOG list with a sudden 
uptick in this issue for several of the streaming services.  My takeaway from 
the posts is that amazon has been easier to deal with than some other others 
(.e.g., Disney+) and that the best contact to resolve this for amazon prime is 
n...@geoguard.com<mailto:n...@geoguard.com> as geoguard is apparently the prime 
(sorry, couldn't resist) source for amazon.  The website 
https://thebrotherswisp.com/index.php/geo-and-vpn/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthebrotherswisp.com%2Findex.php%2Fgeo-and-vpn%2F=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=W7jkkDvZAr1bEeqvA2hbpkIxh9snIsnbt14eMZ69%2FSw%3D=0>
 was also referenced as a good source of contacts for several of the providers.

Jon Young
Vantage TCG

On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>> wrote:
If you aren't blocking P2P anonymizer clients, where user devices are endpoints 
for folks in other regions, Amazon and others may blacklist your IP range.  
These clients may show up with students from other countries, or students who 
have returned from being abroad.

If you have something like Cisco's Umbrella, they have an entire anonymizer 
category you can block, but to be 100% effective, you need to block external 
DNS access so that is harder to circumvent.

Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Muraca, Peppino P. 
mailto:pmur...@stonehill.edu>>
Date: Friday, September 17, 2021 at 6:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)
You don't often get email from 
pmur...@stonehill.edu<mailto:pmur...@stonehill.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip's for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.

Thank you
Pino

[cid:image001.png@01D7AE01.60977D20]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=QNnM6SMtYTc8PLVD7FgZtI7i20AqnY9PNbK4lmQoa0M%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589570380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=0eiRMcKXuxHQqi5hkVgCQ6FdTzc2Gbluv0pm%2BCcfQmw%3D=0>

**
Replies to EDUCAUSE Co

Re: [WIRELESS-LAN] [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Coehoorn, Joel]

I remember a lot of us had to do this when Disney+ first launched, as well.
If you're using NAT to put many students behind the same IP (as I suspect
most of us are on the IPv4 range, at least), they'll see too many accounts
coming from the same IP and assume some form of foul play.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 17, 2021 at 10:41 AM Muraca, Peppino P. 
wrote:

> Hi Jon, thank you for this info I will be sending them an email!
>
>
>
> Again Thank you very much !
>
>
>
> Pino
>
>
>
> Peppino Muraca
>
> Manager of Network Services
>
> Stonehill College
>
> W:508-565-1193
>
> C:508-243-5910
>
> pmur...@stonehill.edu
>
>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jon Young
> *Sent:* Friday, September 17, 2021 10:37 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your
> device is connected to the internet using a VPN or proxy service)
>
>
>
> There have been several threads over this on the NANOG list with a sudden
> uptick in this issue for several of the streaming services.  My takeaway
> from the posts is that amazon has been easier to deal with than some other
> others (.e.g., Disney+) and that the best contact to resolve this for
> amazon prime is n...@geoguard.com as geoguard is apparently the prime
> (sorry, couldn't resist) source for amazon.  The website
> https://thebrotherswisp.com/index.php/geo-and-vpn/
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthebrotherswisp.com%2Findex.php%2Fgeo-and-vpn%2F=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=W7jkkDvZAr1bEeqvA2hbpkIxh9snIsnbt14eMZ69%2FSw%3D=0>
> was also referenced as a good source of contacts for several of the
> providers.
>
>
>
> Jon Young
>
> Vantage TCG
>
>
>
> On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler <
> j...@scrippscollege.edu> wrote:
>
> If you aren’t blocking P2P anonymizer clients, where user devices are
> endpoints for folks in other regions, Amazon and others may blacklist your
> IP range.  These clients may show up with students from other countries, or
> students who have returned from being abroad.
>
>
>
> If you have something like Cisco’s Umbrella, they have an entire
> anonymizer category you can block, but to be 100% effective, you need to
> block external DNS access so that is harder to circumvent.
>
>
>
> Jeff
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Date: *Friday, September 17, 2021 at 6:17 AM
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
> You don't often get email from pmur...@stonehill.edu. Learn why this is
> important <http://aka.ms/LearnAboutSenderIdentification>
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.)
> we have called Amazon and they told us to contact our ISP . We only see
> this on our wireless networks. Talking with our ISP it seems this is
> happening more and more and what basically has happened is out NAT ip’s for
> out wireless have been black listed and now we have to remove our selves
> from these lists. Has anyone else come across this yet ? if so how
> successful has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=QN

RE: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Muraca, Peppino P.]

Hi Jon, thank you for this info I will be sending them an email!

Again Thank you very much !

Pino

Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
C:508-243-5910
pmur...@stonehill.edu<mailto:pmur...@stonehill.edu>




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jon Young
Sent: Friday, September 17, 2021 10:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is 
connected to the internet using a VPN or proxy service)

There have been several threads over this on the NANOG list with a sudden 
uptick in this issue for several of the streaming services.  My takeaway from 
the posts is that amazon has been easier to deal with than some other others 
(.e.g., Disney+) and that the best contact to resolve this for amazon prime is 
n...@geoguard.com<mailto:n...@geoguard.com> as geoguard is apparently the prime 
(sorry, couldn't resist) source for amazon.  The website 
https://thebrotherswisp.com/index.php/geo-and-vpn/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthebrotherswisp.com%2Findex.php%2Fgeo-and-vpn%2F=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=W7jkkDvZAr1bEeqvA2hbpkIxh9snIsnbt14eMZ69%2FSw%3D=0>
 was also referenced as a good source of contacts for several of the providers.

Jon Young
Vantage TCG

On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>> wrote:
If you aren't blocking P2P anonymizer clients, where user devices are endpoints 
for folks in other regions, Amazon and others may blacklist your IP range.  
These clients may show up with students from other countries, or students who 
have returned from being abroad.

If you have something like Cisco's Umbrella, they have an entire anonymizer 
category you can block, but to be 100% effective, you need to block external 
DNS access so that is harder to circumvent.

Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Muraca, Peppino P. 
mailto:pmur...@stonehill.edu>>
Date: Friday, September 17, 2021 at 6:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)
You don't often get email from 
pmur...@stonehill.edu<mailto:pmur...@stonehill.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip's for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.

Thank you
Pino

[cid:image001.png@01D7ABB8.E3F9CC90]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589560389%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=QNnM6SMtYTc8PLVD7FgZtI7i20AqnY9PNbK4lmQoa0M%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C5f7dec59907b4723af2208d979e8b1d3%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C1%7C637674862589570380%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=0eiRMcKXuxHQqi5hkVgCQ6FdTzc2Gbluv0pm%2BCcfQmw%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the 

Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Jon Young]

There have been several threads over this on the NANOG list with a sudden
uptick in this issue for several of the streaming services.  My takeaway
from the posts is that amazon has been easier to deal with than some other
others (.e.g., Disney+) and that the best contact to resolve this for
amazon prime is n...@geoguard.com as geoguard is apparently the prime
(sorry, couldn't resist) source for amazon.  The website
https://thebrotherswisp.com/index.php/geo-and-vpn/ was also referenced as a
good source of contacts for several of the providers.

Jon Young
Vantage TCG

On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler 
wrote:

> If you aren’t blocking P2P anonymizer clients, where user devices are
> endpoints for folks in other regions, Amazon and others may blacklist your
> IP range.  These clients may show up with students from other countries, or
> students who have returned from being abroad.
>
>
>
> If you have something like Cisco’s Umbrella, they have an entire
> anonymizer category you can block, but to be 100% effective, you need to
> block external DNS access so that is harder to circumvent.
>
>
>
> Jeff
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Date: *Friday, September 17, 2021 at 6:17 AM
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
> You don't often get email from pmur...@stonehill.edu. Learn why this is
> important 
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.)
> we have called Amazon and they told us to contact our ISP . We only see
> this on our wireless networks. Talking with our ISP it seems this is
> happening more and more and what basically has happened is out NAT ip’s for
> out wireless have been black listed and now we have to remove our selves
> from these lists. Has anyone else come across this yet ? if so how
> successful has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Jeffrey D. Sessler]

If you aren’t blocking P2P anonymizer clients, where user devices are endpoints 
for folks in other regions, Amazon and others may blacklist your IP range.  
These clients may show up with students from other countries, or students who 
have returned from being abroad.

If you have something like Cisco’s Umbrella, they have an entire anonymizer 
category you can block, but to be 100% effective, you need to block external 
DNS access so that is harder to circumvent.

Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Muraca, Peppino P. 

Date: Friday, September 17, 2021 at 6:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)
You don't often get email from pmur...@stonehill.edu. Learn why this is 
important
Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip’s for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.

Thank you
Pino

[cid:image001.png@01D7AB92.8EF49ED0]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Muraca, Peppino P.]

Hi everyone, so far I have checked what our ISP has sent us and I can't seem to 
find the smoking gun. I think this will be something we will have to go through 
amazon to try or help get resolved but Im sure that will not be easy at all.


Here is the link of resources I have seen others use to get the VPN issue 
cleared up on streaming services.

https://thebrotherswisp.com/index.php/geo-and-vpn/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthebrotherswisp.com%2Findex.php%2Fgeo-and-vpn%2F=04%7C01%7Cpmuraca%40stonehill.edu%7C392313ee03b44322b1fc08d979dc3e59%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C0%7C637674809111060407%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=HpqCVQRr8Jtx9OuZAfyme4vFpOR%2FwaKjFfzddQE2WGE%3D=0>

Thanks


Peppino Muraca
Manager of Network Services
Stonehill College
W:508-565-1193
C:508-243-5910
pmur...@stonehill.edu<mailto:pmur...@stonehill.edu>




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Joe Walker
Sent: Friday, September 17, 2021 9:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is 
connected to the internet using a VPN or proxy service)

We recently had this issue as well and funneling through the different levels 
of support on the Amazon Prime TV side just to talk to someone that knew what I 
was talking about was infuriating to say the least. I did receive an email this 
morning from Amazon saying the issue was "resolved" but I haven't yet verified. 
 As far as I can tell there isn't any sort of documentation anywhere from 
Amazon that shows the criteria for what they deem to be a VPN or proxy nor is 
there any documentation on how to appeal/remove your IP's from this list.



Joe Walker
Network and Telecommunication Services
Kansas State University
(785)532-4997
f...@ksu.edu<mailto:f...@ksu.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Muraca, Peppino P. 
mailto:pmur...@stonehill.edu>>
Sent: Friday, September 17, 2021 8:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)


This email originated from outside of K-State.


Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip's for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.



Thank you

Pino



[cid:image001.png@01D7ABA9.92E51B70]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C0a155f3dd94a4087938b08d979de6bdd%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C0%7C637674818475989652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=LhMDyGh0E7KuGqZQ%2FXP9T7SoEOmHuXeYHS3JLXL1SOQ%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cpmuraca%40STONEHILL.EDU%7C0a155f3dd94a4087938b08d979de6bdd%7C2d1c5372f88f46c1a557ed75b9b2893c%7C1%7C0%7C637674818475989652%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=LhMDyGh0E7KuGqZQ%2FXP9T7SoEOmHuXeYHS3JLXL1SOQ%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Matthew Burge]

We also had this issue recently.  I never even got to someone that knew what 
was going on, they just said they would put a ticket in.  A day or two later 
and I get a resolved response but I have no idea what they did.  We have not 
had any more complaints but I'm betting that Amazon will have this issue pop up 
again at the start of the next semester.

Matt Burge
ECSE Advanced # 199
Wireless Engineer 1
Louisiana State University
Ph# (225)578-0009



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Joe Walker
Sent: Friday, September 17, 2021 8:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected 
to the internet using a VPN or proxy service)

We recently had this issue as well and funneling through the different levels 
of support on the Amazon Prime TV side just to talk to someone that knew what I 
was talking about was infuriating to say the least. I did receive an email this 
morning from Amazon saying the issue was "resolved" but I haven't yet verified. 
 As far as I can tell there isn't any sort of documentation anywhere from 
Amazon that shows the criteria for what they deem to be a VPN or proxy nor is 
there any documentation on how to appeal/remove your IP's from this list.



Joe Walker
Network and Telecommunication Services
Kansas State University
(785)532-4997
f...@ksu.edu<mailto:f...@ksu.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Muraca, Peppino P. 
mailto:pmur...@stonehill.edu>>
Sent: Friday, September 17, 2021 8:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)


This email originated from outside of K-State.


Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip's for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.



Thank you

Pino



[cid:image001.png@01D7AB9D.DE0D55B0]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cmburge%40LSU.EDU%7Cd9ffb4d0d4254a04052008d979de6b4a%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637674818455792403%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ULl0Ngk9uoY2f%2FneMJKIbWMnCQcslXLmAUr0TV55I0Q%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cmburge%40LSU.EDU%7Cd9ffb4d0d4254a04052008d979de6b4a%7C2d4dad3f50ae47d983a09ae2b1f466f8%7C0%7C0%7C637674818455802358%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=gk8bCvXy2REWYjfykQJ370j%2BJv70nEJdrXDQBDVHLds%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Sidharth Nandury]

Interestingly, we had one student report this as of yet. We've seen this
generally with gaming websites such as steam. We've reached out to the
student to test again after Joe mentioned it as "Resolved", but please do
update the list if anyone else has more use cases to know that it is in
fact resolved. If not, we might try to provide the few users a public IP
space as a workaround and test further.

Sid

On Fri, Sep 17, 2021 at 9:24 AM Joe Walker  wrote:

> We recently had this issue as well and funneling through the different
> levels of support on the Amazon Prime TV side just to talk to someone that
> knew what I was talking about was infuriating to say the least. I did
> receive an email this morning from Amazon saying the issue was "resolved"
> but I haven't yet verified.  As far as I can tell there isn't any sort of
> documentation anywhere from Amazon that shows the criteria for what they
> deem to be a VPN or proxy nor is there any documentation on how to
> appeal/remove your IP's from this list.
>
>
>
>
> Joe Walker
>
> Network and Telecommunication Services
>
> Kansas State University
>
> (785)532-4997
>
> f...@ksu.edu
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Sent:* Friday, September 17, 2021 8:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
>
> This email originated from outside of K-State.
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.) we
> have called Amazon and they told us to contact our ISP . We only see this
> on our wireless networks. Talking with our ISP it seems this is happening
> more and more and what basically has happened is out NAT ip’s for out
> wireless have been black listed and now we have to remove our selves from
> these lists. Has anyone else come across this yet ? if so how successful
> has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>


-- 

[image: Denison University] 

*Sidharth S. Nandury*
(He, Him, His)
*Infrastructure and Operations Manager*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Burton
Hall 
Office: 740-587-5533 <1-740-587-5533> | Mobile: 516-314-4413
<1-516-314-4413>
nandu...@denison.edu 
https://denison.edu/campus/technology/service-desk

NOTICE: This email message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely for
the use of the addressee. If the reader of this message is not the intended
recipient, you are hereby notified that any reading, dissemination,
distribution, copying, or other use of this message or its attachments is
strictly prohibited. If you have received this message in error, please
notify the sender immediately by phone or by email, and delete this message
and all copies and backups thereof.

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Joe Walker]

We recently had this issue as well and funneling through the different levels 
of support on the Amazon Prime TV side just to talk to someone that knew what I 
was talking about was infuriating to say the least. I did receive an email this 
morning from Amazon saying the issue was "resolved" but I haven't yet verified. 
 As far as I can tell there isn't any sort of documentation anywhere from 
Amazon that shows the criteria for what they deem to be a VPN or proxy nor is 
there any documentation on how to appeal/remove your IP's from this list.



Joe Walker
Network and Telecommunication Services
Kansas State University
(785)532-4997
f...@ksu.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Muraca, Peppino P. 

Sent: Friday, September 17, 2021 8:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Amazon prime video error (Your device is connected to 
the internet using a VPN or proxy service)


This email originated from outside of K-State.


Hi everyone, has anyone come across this yet where Prime video will not play . 
this is what is on the screen ( Your device is connected to the internet using 
a VPN or proxy service. Please disable it and try again.) we have called Amazon 
and they told us to contact our ISP . We only see this on our wireless 
networks. Talking with our ISP it seems this is happening more and more and 
what basically has happened is out NAT ip’s for out wireless have been black 
listed and now we have to remove our selves from these lists. Has anyone else 
come across this yet ? if so how successful has it been to remove yourself from 
these lists.



Thank you

Pino



[cid:image003.png@01D7ABA4.C8387B50]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation

[Hurt,Trenton W.]

FYI for securew2 users.  Securew2 has a permanent fix for the desktop mode 
browser joinnow detection issue.  Need to republish any profiles to latest  
5.37.1 GA1 release

This is from the release notes...



Fixed issues for customized profiles in macOS and iOS Issues during the 
detection of regex-based macOS and iOS Landing pages are now fixed. JoinNow 
profile Landing pages now support Desktop mode based onboarding in iOS.

From: Hurt,Trenton W. 
Sent: Thursday, August 12, 2021 6:00 PM
To: The EDUCAUSE Wireless Issues Community Group Listserv 

Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation

So securew2 says...


When desktop mode is enabled, iPad will send the browser agent as macOS instead 
of iOS/iPad and hence you are noticing this behavior. But, when onboarding 
iOS/iPad devices using a captive portal enabled network, the CNA/limited 
browser would detect it correctly as iOS/iPad even if desktop mode is enabled 
for the browser.

Not sure if they are able to or working on anything else to fix or enhance this.




Sent from my mobile device.

Trent Hurt

5028521513

University of Louisville







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Walter Reynolds mailto:wa...@umich.edu>>
Sent: Thursday, August 12, 2021 12:47:38 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.
I have it with one of the older 10in iPad Pros as well.

While there is a work around it does not really scale that well.


Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Wed, Aug 11, 2021 at 8:33 PM Hurt,Trenton W. 
mailto:trent.h...@louisville.edu>> wrote:
I've seen it on 3 iPad Pro 12.9 gen5 iPadOS 14.6 and 14.7.1.  All show as 
Catalina but once disable desktop mode they detect as iPhone/iPad and onboard 
fine

Sent from my mobile device.

Trent Hurt

5028521513

University of Louisville







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Norton, Thomas (Network Operations) 
mailto:tnort...@liberty.edu>>
Sent: Wednesday, August 11, 2021 5:25:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.
Will double check our end as well, was testing the latest profile on my iPad 
pro today and did seem to detect properly using safari with profiles.

 Will test further tomorrow.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Turner, Ryan H 
mailto:rhtur...@email.unc.edu>>
Sent: Wednesday, August 11, 2021 5:06 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th 
generation



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]



I had this anecdotally reported to me today but was waiting to report it until 
I got some more information.  I will forward this on.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hurt,Trenton W.
Sent: Tuesday, August 10, 2021 2:44 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation



I'm seeing the latest iPad Pro gen 5 not getting detected correctly with 
securew2 in any browser I tried.  I've updated to latest 14.7.1 but saw this on 
14.6 as well.  The device is getting detected as OS X Catalina or above and 
even if I try manually selecting

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Chris Hart]

What rates did you set for the ARP policing?

Thanks

Chris Hart


[cid:image001.png@01D7A94B.455C09A0]
Chris Hart
Network Operations Engineer Lead
Tel: 847-467-7747
Email: ch...@northwestern.edu<mailto:ch...@northwestern.edu>
2020 Ridge Ave, Evanston, IL





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Viou, Robert
Sent: Saturday, September 11, 2021 9:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

After working with the Aruba TAC last night, these are the changes we made that 
appear to have corrected the issues we were seeing.
Disabling Airgroup temporarily stops the issue with Queuing of the Arp packets. 
But the changes that we added below allowed us to re-enable Airgroup with 
APGroup set in the Profile.
Still need to monitor to be sure it is fixed, but so far looks good.

Monitor/police non-gratuitous ARP attacks: ENABLED
Monitor/police non-gratuitous ARP attack action: DROP



Bob

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Saturday, September 11, 2021 9:12 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We had to make major changes to bring stability to Khrushchev environment.  I 
think we have at this point.

We had to significantly detune the ARP policing policies.

We had to block virtually every SNMP poller.

We had to reboot our controllers.

We had to put in place an ACL to block communication from the Mobility masters.

A ridiculous amount of work to basically get us where we were 2 years ago and 
we probably have 15% lower connections compared to then.  I am hoping that the 
upcoming firmware fix will allow us to at least reverse the ACL and SNMP 
pollers. At this point we are pretty blind into information on individual 
connections.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

On Sep 10, 2021, at 4:25 PM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

I haven’t heard anything as of yet. Although interestingly while doing a 
packet-capture to monitor arp/dhcp rates – noticed one client sending 
DHCPRequests about 3-4-5 times a minutes – and disassociating/re-associating 
constantly – and from the received signal strength of the client – there didn’t 
appear to be any reason for this iPhone – 14.7.X – to behave in such a matter. 
So I’m wondering if that’s not an isolated behavior.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://urldefense.com/v3/__https:/nam02.safelinks.protection.outlook.com/?url=https*3A*2F*2Fwww.facebook.com*2FISUITHelp*2F=04*7C01*7CRobert.Viou*40NDSU.EDU*7Cdd0c720e506c47cda65308d9752e34d8*7Cec37a091b9a647e598d0903d4a419203*7C1*7C0*7C637669663628347496*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000=TP7NNp8n1*2BVyS2hYfqa7cYLY0bjswlO0FqAqTKioBQk*3D=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!Dq0X2DkFhyF93HkjWTBQKhk!B0zi5_9S-YJgbcLXO3V2Gp9eodGAJkAvcl9Yf_7gjJ4zM_PVEU4Txe1S-wPrRjZULnc$>
 and 
Twitter<https://urldefense.com/v3/__https:/nam02.safelinks.protection.outlook.com/?url=https*3A*2F*2Ftwitter.com*2FISUITHelp=04*7C01*7CRobert.Viou*40NDSU.EDU*7Cdd0c720e506c47cda65308d9752e34d8*7Cec37a091b9a647e598d0903d4a419203*7C1*7C0*7C637669663628357488*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000=RMTjQdg9p3bfKvhQcn*2BylQWZg2I*2FI3MyRPn31Qnh5rs*3D=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!Dq0X2DkFhyF93HkjWTBQKhk!B0zi5_9S-YJgbcLXO3V2Gp9eodGAJkAvcl9Yf_7gjJ4zM_PVEU4Txe1S-wPrg4Vpb6Q$>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Viou, Robert
Sent: Friday, September 10, 2021 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Some people who received this message don't often get email from 
robert.v...@ndsu.edu<mailto:robert.v...@ndsu.edu>. Learn why this is 
important<https://urldefense.com/v3/__http:/aka.ms/LearnAboutSenderIdentification__;!!Dq0X2DkFhyF93HkjWTBQKhk!B0zi5_9S-YJgbcLXO3V2Gp9eodGAJkAvcl9Yf_7gjJ4zM_PVEU4Txe1S-wPrBMxB_YE$>
[This message came from an external source. If suspicious, report to 
ab...@ilstu.

Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

[Tim Cappalli]

TCP vs UDP

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turpin, Max 

Date: Monday, September 13, 2021 at 18:28
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Why will RadSec fix the issue?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:27 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

Switch to RadSec between your controllers and RADIUS server. Should eliminate 
the issue if you don't have any other config options.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee Weers 
Date: Monday, September 13, 2021 at 18:25
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Look at the load balancing on the firewalls. Depending on how it is setup, 
there is a way that all the traffic is sent to one firewall vs the other per 
session.  I know this can be done at the interface level. I don’t remember what 
they called it off the top of my head.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turpin, Max
Sent: Monday, September 13, 2021 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

Hey everyone,

Hoping everyone is having a peaceful start of the semester. Reaching out 
because we’re dealing with a doozy of a problem and hoping someone else may 
have dealt with this and can help.

We are running several pairs of Cisco 5520 controllers running 8.5.171 code. We 
have recently done a complete rebuild of our Clearpass environment split across 
two data centers and those are running 6.9.6. What we have found is that when 
sending traffic to this new cluster, some packets are greater than 1500 bytes 
and are getting fragmented in the environment. That would be all well and fine 
except our perimeter firewalls are active/active so in some cases, fragment 1 
goes to FW-A and fragment 2 goes to FW-B. Palo alto will drop fragments if does 
not have all parts. So these fragments are getting dropped and thus the EAP 
exchange is timing out.


  1.  As far as I’ve gotten from Cisco, 5520 controllers do not support jumbo 
frames
  2.  There is no support from Cisco on specifying an EAP-TLS fragment size 
(unlike Aruba)
  3.  I cannot move all the controllers inside the data centers as there are 
some remote controllers as part of this environment.

The only solution I can think of right now is to point the traffic to one 
firewall with policy routes with SLA tracking but that’s an administratively 
burdensome solution and frankly, kind of kludgy.

Have any of you dealt with this sort of issue? Any thoughts on this would be 
appreciated.

Thanks,
Max

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C95baac46bfbe4fbd445d08d976d314e2-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637671471268908152-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DUbn20rOFYRyYWaWLz8hlhWzAbeWGRj9rX9ZExWR2Mf4-253D-26reserved-3D0%26d%3DDwMF-g%26c%3DG2MiLlal7SXE3PeSnG8W6_JBU6FcdVjSsBSbw6gcR0U%26r%3DzobI7d8a-PnWsDxhdheA-Pkovo0vk-DVRBlpbuIQ8mE%26m%3Dz8STE2vHGTWY4lHzB1ludq3RWLUA9RQhWhFAff82Da8%26s%3DbYknutz_e69ijK-QpUcThQtaKDKHbWizz6N0kk5pPbk%26e%3D=04%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C29ed4aabe2034528178c08d976d37baf%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637671472976689869%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ksWHz35njdlH95RSvcETegEcn7tDwy3nsF5n2dOcl9k%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Davis, Jonathan Alan]

Hello All, I wanted to give you an update. First, I’ll provide a

-We (UNC-CH) seem to be in a stable situation. Clients are connecting and 
staying connected. STM is consuming reasonable levels of resources.
-We are blind. In addition to disabling the MM to MC communication, we had to 
disable all SNMP. We also have a bit of automation that utilizes SNMP, and that 
is also broken.
-There were TWO separate issues, and I’ll break those out below. It’s important 
to understand that the ARP issue is a separate issue from the STM issue. In our 
first couple of days working with Aruba, even TAC did not recognize our 
symptoms as two separate issues, and this is probably the thing that frustrated 
me the most.


Issue number one: ARP
Our users complained they could not connect to the network and access resources 
for the first five to ten minutes of a class.
Apple IOS devices running version 14, and some Lenovo devices ARP their entire 
subnet after joining Wi-Fi. The Aruba controllers have security rules in place 
to prevent ARP flooding and DDOS attacks utilizing ARP. As clients joined the 
network before classes the devices would ARP the subnet, and once a threshold 
was reached, the controller would begin discarding ARP packets for all clients 
on that controller. The result was that devices would connect, get assigned an 
IP via DHCP, and then ARP to get the MAC of their default gateway. That packet 
would be discarded, and until the controller again allowed ARP to pass, clients 
weren’t able to find their gateway. Depending on the client, this usually 
resulted in them again restarting the 802.11 join process.  [Christopher 
Johnson, this is the behavior you are experiencing.]

You can see if you are being affected by running:
show datapath bwm table
and checking for contract 9 (ARP). You can also check this more specifically by 
running:
show datapath bwm type [type] contract 9
In our case, the full command was:
show datapath bwm type 0 contract 9

When we first addressed this issue, we had over 2 million drops (policed) 
packets on each controller. Our default configuration was 992pps. After 
consideration, we raised our rate to 9792 expecting that multiple clients will 
likely be ARPing the network at the same time and recognizing how large the 
subnet is… and hey, it seemed like a good idea. Since then, we average less 
than 1-3K drops at any given time, and our users are telling us they can 
connect and access the network on the first try.

We have seen no other detrimental effects of this change.

NEXT – STM
We disabled our connections between the MM and MC’s and restarted all 
controllers by controller cluster groups to ensure AP’s and Clients would stay 
connected. Once everything was restarted, we waited for students to migrate 
from ResNET to our Main Campus cluster.
We began getting the first complaints around 10am. After checking load 
distribution, we found that we had even distribution of AP’s across our 8 MC’s, 
but 90% of our clients were connected to only two of our eight controllers in 
that cluster despite our load balancing configuration. This continued to be an 
issue, and TAC confirmed that we were appropriately configured to load balance 
clients at 10%.
Despite disabling the MM to MC connections, we still had very high utilization 
by STM, and TAC decided controllers were unable to balance client connections 
due to that state.
The next step was to block SNMP on the controller firewalls. As you can all 
imagine, this was a difficult decision for us, but if clients can’t connect to 
Wi-Fi, we don’t need SNMP to tell us it’s down…the users do a great job of 
that! 
Once we disabled SNMP, STM processor usage fell to ~30-70% and clients began 
balancing appropriately across controllers.
So, as I said in my TLDR, we are flying blind, but user reports are coming in 
that the issue is much improved. Now we wait for Aruba to deliver our bug fix, 
and a bit of time for testing to ensure we don’t cause more issues.

I want to pause here and express my second large frustration with the 
situation. For the affected cluster, we are running eight 7240XM controllers, 
which according to Aruba should support 32K clients each, yet those two 
controllers were incapable of load balancing due to high STM utilization when 
each had only 8K clients.
Like many who have spoken up, we begin seeing issues as soon as client counts 
on a controller exceed 5K clients. I shudder to think what our experience would 
have been if we had half as many controllers in the cluster.

Marketecture != good design

JD
--
Jonathan Davis
Wireless Architect
The University of North Carolina at Chapel Hill
jonath...@unc.edu<mailto:jonath...@unc.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of James Andrewartha 

Date: Saturday, September 11, 2021 at 9:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in th

Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

[Turpin, Max]

Seems that Cisco on the 5520 platform doesn’t support RadSec. Because of course 
not, awesome. Too bad because that’s a really elegant potential solution.

I’ll take a look into the PA load balancing to see if anything can be done 
there but I’m not hopeful.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Turpin, Max" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:30 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

Gotcha, so that would then allow the session sharing between the firewalls. 
That is a solution I like.

Thanks Tim. Always helpful!

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:29 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

TCP vs UDP

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turpin, Max 

Date: Monday, September 13, 2021 at 18:28
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Why will RadSec fix the issue?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:27 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

Switch to RadSec between your controllers and RADIUS server. Should eliminate 
the issue if you don't have any other config options.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee Weers 
Date: Monday, September 13, 2021 at 18:25
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Look at the load balancing on the firewalls. Depending on how it is setup, 
there is a way that all the traffic is sent to one firewall vs the other per 
session.  I know this can be done at the interface level. I don’t remember what 
they called it off the top of my head.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turpin, Max
Sent: Monday, September 13, 2021 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

Hey everyone,

Hoping everyone is having a peaceful start of the semester. Reaching out 
because we’re dealing with a doozy of a problem and hoping someone else may 
have dealt with this and can help.

We are running several pairs of Cisco 5520 controllers running 8.5.171 code. We 
have recently done a complete rebuild of our Clearpass environment split across 
two data centers and those are running 6.9.6. What we have found is that when 
sending traffic to this new cluster, some packets are greater than 1500 bytes 
and are getting fragmented in the environment. That would be all well and fine 
except our perimeter firewalls are active/active so in some cases, fragment 1 
goes to FW-A and fragment 2 goes to FW-B. Palo alto will drop fragments if does 
not have all parts. So these fragments are getting dropped and thus the EAP 
exchange is timing out.


  1.  As far as I’ve gotten from Cisco, 5520 controllers do not support jumbo 
frames
  2.  There is no support from Cisco on specifying an EAP-TLS fragment size 
(unlike Aruba)
  3.  I cannot move all the controllers inside the data centers as there are 
some remote controllers as part of this environment.

The only solution I can think of right now is to point the traffic to one 
firewall with policy routes with SLA tracking but that’s an administratively 
burdensome solution and frankly, kind of kludgy.

Have any of you dealt with this sort of issue? Any thoughts on this would be 
appreciated.

Thanks,
Max

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Furldefense.proofpoint.com-252Fv2-252Furl-253Fu-253Dhttps-2D3A-5F-5Fnam06.safelinks.protection.outlook.com-5F-2D3Furl-2D3Dhttps-2D253A-2D252F-2D252Fwww.educause.edu-2D252Fcommunity-2D26data-2D3D04-2D257C01-2D257Ctim.cappalli-2D2540MICROSOFT.COM-2D257C95baac46bfbe4fbd445d08d976d314e2-2D257C72f988bf86f141af91ab2d7cd011db47-2D257C1-2D257C0-2D257C637671471268908152-2D257CUnknown-2D257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo

Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

[Turpin, Max]

Gotcha, so that would then allow the session sharing between the firewalls. 
That is a solution I like.

Thanks Tim. Always helpful!

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:29 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

TCP vs UDP

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turpin, Max 

Date: Monday, September 13, 2021 at 18:28
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Why will RadSec fix the issue?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:27 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

Switch to RadSec between your controllers and RADIUS server. Should eliminate 
the issue if you don't have any other config options.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee Weers 
Date: Monday, September 13, 2021 at 18:25
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Look at the load balancing on the firewalls. Depending on how it is setup, 
there is a way that all the traffic is sent to one firewall vs the other per 
session.  I know this can be done at the interface level. I don’t remember what 
they called it off the top of my head.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turpin, Max
Sent: Monday, September 13, 2021 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

Hey everyone,

Hoping everyone is having a peaceful start of the semester. Reaching out 
because we’re dealing with a doozy of a problem and hoping someone else may 
have dealt with this and can help.

We are running several pairs of Cisco 5520 controllers running 8.5.171 code. We 
have recently done a complete rebuild of our Clearpass environment split across 
two data centers and those are running 6.9.6. What we have found is that when 
sending traffic to this new cluster, some packets are greater than 1500 bytes 
and are getting fragmented in the environment. That would be all well and fine 
except our perimeter firewalls are active/active so in some cases, fragment 1 
goes to FW-A and fragment 2 goes to FW-B. Palo alto will drop fragments if does 
not have all parts. So these fragments are getting dropped and thus the EAP 
exchange is timing out.


  1.  As far as I’ve gotten from Cisco, 5520 controllers do not support jumbo 
frames
  2.  There is no support from Cisco on specifying an EAP-TLS fragment size 
(unlike Aruba)
  3.  I cannot move all the controllers inside the data centers as there are 
some remote controllers as part of this environment.

The only solution I can think of right now is to point the traffic to one 
firewall with policy routes with SLA tracking but that’s an administratively 
burdensome solution and frankly, kind of kludgy.

Have any of you dealt with this sort of issue? Any thoughts on this would be 
appreciated.

Thanks,
Max

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Furldefense.proofpoint.com-252Fv2-252Furl-253Fu-253Dhttps-2D3A-5F-5Fnam06.safelinks.protection.outlook.com-5F-2D3Furl-2D3Dhttps-2D253A-2D252F-2D252Fwww.educause.edu-2D252Fcommunity-2D26data-2D3D04-2D257C01-2D257Ctim.cappalli-2D2540MICROSOFT.COM-2D257C95baac46bfbe4fbd445d08d976d314e2-2D257C72f988bf86f141af91ab2d7cd011db47-2D257C1-2D257C0-2D257C637671471268908152-2D257CUnknown-2D257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-2D253D-2D257C3000-2D26sdata-2D3DUbn20rOFYRyYWaWLz8hlhWzAbeWGRj9rX9ZExWR2Mf4-2D253D-2D26reserved-2D3D0-2526d-253DDwMF-2Dg-2526c-253DG2MiLlal7SXE3PeSnG8W6-5FJBU6FcdVjSsBSbw6gcR0U-2526r-253DzobI7d8a-2DPnWsDxhdheA-2DPkovo0vk-2DDVRBlpbuIQ8mE-2526m-253Dz8STE2vHGTWY4lHzB1ludq3RWLUA9RQhWhFAff82Da8-2526s-253DbYknutz-5Fe69ijK-2DQpUcThQtaKDKHbWizz6N0kk5pPbk-2526e-253D-26data-3D04-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C29ed4aabe2034528178c08d976d37baf-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C6376714

Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

[Turpin, Max]

Why will RadSec fix the issue?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Tim Cappalli 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Monday, September 13, 2021 at 12:27 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls

Switch to RadSec between your controllers and RADIUS server. Should eliminate 
the issue if you don't have any other config options.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee Weers 
Date: Monday, September 13, 2021 at 18:25
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active 
firewalls
Look at the load balancing on the firewalls. Depending on how it is setup, 
there is a way that all the traffic is sent to one firewall vs the other per 
session.  I know this can be done at the interface level. I don’t remember what 
they called it off the top of my head.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turpin, Max
Sent: Monday, September 13, 2021 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco EAP-TLS fragmentation with active/active firewalls

Hey everyone,

Hoping everyone is having a peaceful start of the semester. Reaching out 
because we’re dealing with a doozy of a problem and hoping someone else may 
have dealt with this and can help.

We are running several pairs of Cisco 5520 controllers running 8.5.171 code. We 
have recently done a complete rebuild of our Clearpass environment split across 
two data centers and those are running 6.9.6. What we have found is that when 
sending traffic to this new cluster, some packets are greater than 1500 bytes 
and are getting fragmented in the environment. That would be all well and fine 
except our perimeter firewalls are active/active so in some cases, fragment 1 
goes to FW-A and fragment 2 goes to FW-B. Palo alto will drop fragments if does 
not have all parts. So these fragments are getting dropped and thus the EAP 
exchange is timing out.


  1.  As far as I’ve gotten from Cisco, 5520 controllers do not support jumbo 
frames
  2.  There is no support from Cisco on specifying an EAP-TLS fragment size 
(unlike Aruba)
  3.  I cannot move all the controllers inside the data centers as there are 
some remote controllers as part of this environment.

The only solution I can think of right now is to point the traffic to one 
firewall with policy routes with SLA tracking but that’s an administratively 
burdensome solution and frankly, kind of kludgy.

Have any of you dealt with this sort of issue? Any thoughts on this would be 
appreciated.

Thanks,
Max

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C95baac46bfbe4fbd445d08d976d314e2-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637671471268908152-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DUbn20rOFYRyYWaWLz8hlhWzAbeWGRj9rX9ZExWR2Mf4-253D-26reserved-3D0=DwMF-g=G2MiLlal7SXE3PeSnG8W6_JBU6FcdVjSsBSbw6gcR0U=zobI7d8a-PnWsDxhdheA-Pkovo0vk-DVRBlpbuIQ8mE=z8STE2vHGTWY4lHzB1ludq3RWLUA9RQhWhFAff82Da8=bYknutz_e69ijK-QpUcThQtaKDKHbWizz6N0kk5pPbk=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C95baac46bfbe4fbd445d08d976d314e2-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637671471268918145-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C3000-26sdata-3DR7Db5W-252FbB2V1LoPCSYkBmn11M6JaybznRg9FhRtebDg-253D-26reserved-3D0=DwMF-g=G2MiLlal7SXE3PeSnG8W6_JBU6FcdVjSsBSbw6gcR0U=zobI7d8a-PnWsDxhdheA-Pkovo0vk-DVRBlpbuIQ8mE=z8STE2vHGTWY4lHzB1ludq3RWLUA9RQhWhFAff82Da8=fHGwESRqj5hQtBHbcAT8PSPYrpBELJ6CXFaEAVol3wA=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[James Andrewartha]

I'm not too familiar with how Aruba handles arps, does it do proxy arp? I have 
seen Apple devices go to sleep before all broadcast/multicast traffic is sent 
by the AP, although that was 5 years ago. So I can believe that a behaviour 
change could cause increased ARPs if the devices aren't seeing them.

Sent from my Galaxy



 Original message 
From: "Turner, Ryan H" 
Date: 12/9/21 09:16 (GMT+08:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We actually are allowing MORE ARPs. Apparently when policing kicks in, all 
connections are affecting. It can cause clients to freeze/not connect.  So we 
actually turned the knob in the opposite direction.  We were seeing counters to 
what amounts to large quantities of controllers pauses when the ARPs went over 
an arbitrarily set number.  Our wireless architect can reply with the details.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

On Sep 11, 2021, at 12:32 PM, Enfield, Chuck  wrote:


HI Ryan,

When you say that you detuned ARP policing, do you mean that the ARP policing 
on the underpinning network is now more aggressive (aka, dropping more ARP?)  I 
ask because I’ve been wondering why we aren’t seeing this problem when other 
schools that made the same changes we did still are.  We upgraded our 
underpinning network over the summer, and we’re dropping way more ARP than we 
were on the old network.  Your post just made me realize that may be protecting 
our controllers.  We’ve been considering changes, but we switched to an 
EVPN/VxLAN architecture.  We’re not completely sure what the consequences of 
this ARP policing is, so we’ve been holding off any changes.  If you had to 
police more aggressively to solve your problem, then we won’t start 
experimenting with out policers.

Thanks,

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Saturday, September 11, 2021 10:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We had to make major changes to bring stability to Khrushchev environment.  I 
think we have at this point.

We had to significantly detune the ARP policing policies.

We had to block virtually every SNMP poller.

We had to reboot our controllers.

We had to put in place an ACL to block communication from the Mobility masters.

A ridiculous amount of work to basically get us where we were 2 years ago and 
we probably have 15% lower connections compared to then.  I am hoping that the 
upcoming firmware fix will allow us to at least reverse the ACL and SNMP 
pollers. At this point we are pretty blind into information on individual 
connections.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office


On Sep 10, 2021, at 4:25 PM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

I haven’t heard anything as of yet. Although interestingly while doing a 
packet-capture to monitor arp/dhcp rates – noticed one client sending 
DHCPRequests about 3-4-5 times a minutes – and disassociating/re-associating 
constantly – and from the received signal strength of the client – there didn’t 
appear to be any reason for this iPhone – 14.7.X – to behave in such a matter. 
So I’m wondering if that’s not an isolated behavior.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FISUITHelp%2F=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621408058%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=BGYNDoJo6qpi83pjd9pMIP7EO9lv0sl4L4S4AkNKLfk%3D=0>
 and 
Twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FISUITHelp=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621418052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=wl8cYjmkPpNkBgtwT7j6IlVr0mOlFkLMIKo6knZ82fM%3D=0>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Viou, Robert
Sent: Friday, September 10, 2021 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] An

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Turner, Ryan H]

We actually are allowing MORE ARPs. Apparently when policing kicks in, all 
connections are affecting. It can cause clients to freeze/not connect.  So we 
actually turned the knob in the opposite direction.  We were seeing counters to 
what amounts to large quantities of controllers pauses when the ARPs went over 
an arbitrarily set number.  Our wireless architect can reply with the details.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

On Sep 11, 2021, at 12:32 PM, Enfield, Chuck  wrote:


HI Ryan,

When you say that you detuned ARP policing, do you mean that the ARP policing 
on the underpinning network is now more aggressive (aka, dropping more ARP?)  I 
ask because I’ve been wondering why we aren’t seeing this problem when other 
schools that made the same changes we did still are.  We upgraded our 
underpinning network over the summer, and we’re dropping way more ARP than we 
were on the old network.  Your post just made me realize that may be protecting 
our controllers.  We’ve been considering changes, but we switched to an 
EVPN/VxLAN architecture.  We’re not completely sure what the consequences of 
this ARP policing is, so we’ve been holding off any changes.  If you had to 
police more aggressively to solve your problem, then we won’t start 
experimenting with out policers.

Thanks,

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Saturday, September 11, 2021 10:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We had to make major changes to bring stability to Khrushchev environment.  I 
think we have at this point.

We had to significantly detune the ARP policing policies.

We had to block virtually every SNMP poller.

We had to reboot our controllers.

We had to put in place an ACL to block communication from the Mobility masters.

A ridiculous amount of work to basically get us where we were 2 years ago and 
we probably have 15% lower connections compared to then.  I am hoping that the 
upcoming firmware fix will allow us to at least reverse the ACL and SNMP 
pollers. At this point we are pretty blind into information on individual 
connections.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office


On Sep 10, 2021, at 4:25 PM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

I haven’t heard anything as of yet. Although interestingly while doing a 
packet-capture to monitor arp/dhcp rates – noticed one client sending 
DHCPRequests about 3-4-5 times a minutes – and disassociating/re-associating 
constantly – and from the received signal strength of the client – there didn’t 
appear to be any reason for this iPhone – 14.7.X – to behave in such a matter. 
So I’m wondering if that’s not an isolated behavior.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FISUITHelp%2F=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621408058%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=BGYNDoJo6qpi83pjd9pMIP7EO9lv0sl4L4S4AkNKLfk%3D=0>
 and 
Twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FISUITHelp=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621418052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=wl8cYjmkPpNkBgtwT7j6IlVr0mOlFkLMIKo6knZ82fM%3D=0>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Viou, Robert
Sent: Friday, September 10, 2021 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Some people who received this message don't often get email from 
robert.v...@ndsu.edu<mailto:robert.v...@ndsu.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]
In regards to:
> Aruba believes this is the cause of the new iOS operating system.  Our 
> environment is extremely heavy iOS.  We are talking to them now and will 
> assess the change.

Has Aruba menti

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Viou, Robert]

After working with the Aruba TAC last night, these are the changes we made that 
appear to have corrected the issues we were seeing.
Disabling Airgroup temporarily stops the issue with Queuing of the Arp packets. 
But the changes that we added below allowed us to re-enable Airgroup with 
APGroup set in the Profile.
Still need to monitor to be sure it is fixed, but so far looks good.

Monitor/police non-gratuitous ARP attacks: ENABLED
Monitor/police non-gratuitous ARP attack action: DROP



Bob

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Saturday, September 11, 2021 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We had to make major changes to bring stability to Khrushchev environment.  I 
think we have at this point.

We had to significantly detune the ARP policing policies.

We had to block virtually every SNMP poller.

We had to reboot our controllers.

We had to put in place an ACL to block communication from the Mobility masters.

A ridiculous amount of work to basically get us where we were 2 years ago and 
we probably have 15% lower connections compared to then.  I am hoping that the 
upcoming firmware fix will allow us to at least reverse the ACL and SNMP 
pollers. At this point we are pretty blind into information on individual 
connections.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office


On Sep 10, 2021, at 4:25 PM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

I haven’t heard anything as of yet. Although interestingly while doing a 
packet-capture to monitor arp/dhcp rates – noticed one client sending 
DHCPRequests about 3-4-5 times a minutes – and disassociating/re-associating 
constantly – and from the received signal strength of the client – there didn’t 
appear to be any reason for this iPhone – 14.7.X – to behave in such a matter. 
So I’m wondering if that’s not an isolated behavior.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FISUITHelp%2F=04%7C01%7CRobert.Viou%40NDSU.EDU%7Cdd0c720e506c47cda65308d9752e34d8%7Cec37a091b9a647e598d0903d4a419203%7C1%7C0%7C637669663628347496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=TP7NNp8n1%2BVyS2hYfqa7cYLY0bjswlO0FqAqTKioBQk%3D=0>
 and 
Twitter<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FISUITHelp=04%7C01%7CRobert.Viou%40NDSU.EDU%7Cdd0c720e506c47cda65308d9752e34d8%7Cec37a091b9a647e598d0903d4a419203%7C1%7C0%7C637669663628357488%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=RMTjQdg9p3bfKvhQcn%2BylQWZg2I%2FI3MyRPn31Qnh5rs%3D=0>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Viou, Robert
Sent: Friday, September 10, 2021 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Some people who received this message don't often get email from 
robert.v...@ndsu.edu<mailto:robert.v...@ndsu.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]
In regards to:
> Aruba believes this is the cause of the new iOS operating system.  Our 
> environment is extremely heavy iOS.  We are talking to them now and will 
> assess the change.

Has Aruba mentioned to anyone or has anyone heard any more on this being an IOS 
issue?


Bob

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norton, Thomas (Network Operations)
Sent: Wednesday, September 1, 2021 11:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Thanks for the update Ryan


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-L

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

HI Ryan,

When you say that you detuned ARP policing, do you mean that the ARP policing 
on the underpinning network is now more aggressive (aka, dropping more ARP?)  I 
ask because I’ve been wondering why we aren’t seeing this problem when other 
schools that made the same changes we did still are.  We upgraded our 
underpinning network over the summer, and we’re dropping way more ARP than we 
were on the old network.  Your post just made me realize that may be protecting 
our controllers.  We’ve been considering changes, but we switched to an 
EVPN/VxLAN architecture.  We’re not completely sure what the consequences of 
this ARP policing is, so we’ve been holding off any changes.  If you had to 
police more aggressively to solve your problem, then we won’t start 
experimenting with out policers.

Thanks,

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Saturday, September 11, 2021 10:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We had to make major changes to bring stability to Khrushchev environment.  I 
think we have at this point.

We had to significantly detune the ARP policing policies.

We had to block virtually every SNMP poller.

We had to reboot our controllers.

We had to put in place an ACL to block communication from the Mobility masters.

A ridiculous amount of work to basically get us where we were 2 years ago and 
we probably have 15% lower connections compared to then.  I am hoping that the 
upcoming firmware fix will allow us to at least reverse the ACL and SNMP 
pollers. At this point we are pretty blind into information on individual 
connections.

Ryan Turner
Head of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office


On Sep 10, 2021, at 4:25 PM, Johnson, Christopher 
mailto:cbjo...@ilstu.edu>> wrote:

I haven’t heard anything as of yet. Although interestingly while doing a 
packet-capture to monitor arp/dhcp rates – noticed one client sending 
DHCPRequests about 3-4-5 times a minutes – and disassociating/re-associating 
constantly – and from the received signal strength of the client – there didn’t 
appear to be any reason for this iPhone – 14.7.X – to behave in such a matter. 
So I’m wondering if that’s not an isolated behavior.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FISUITHelp%2F=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621408058%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=BGYNDoJo6qpi83pjd9pMIP7EO9lv0sl4L4S4AkNKLfk%3D=0>
 and 
Twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FISUITHelp=04%7C01%7Ccae104%40PSU.EDU%7C3e82d4d6e9524db4270a08d9752e3652%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637669663621418052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=wl8cYjmkPpNkBgtwT7j6IlVr0mOlFkLMIKo6knZ82fM%3D=0>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Viou, Robert
Sent: Friday, September 10, 2021 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Some people who received this message don't often get email from 
robert.v...@ndsu.edu<mailto:robert.v...@ndsu.edu>. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]
In regards to:
> Aruba believes this is the cause of the new iOS operating system.  Our 
> environment is extremely heavy iOS.  We are talking to them now and will 
> assess the change.

Has Aruba mentioned to anyone or has anyone heard any more on this being an IOS 
issue?


Bob

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norton, Thomas (Network Operations)
Sent: Wednesday, September 1, 2021 11:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Thanks for the update Ryan


T.J. Norton

RE: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

[Lee H Badman]

Ron,

Did you verify with certainty that you were connected to the AP that you 
thought you were on?

-Lee

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ronald Loneker
Sent: Friday, September 10, 2021 2:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

Hi Everyone -

This past spring we deployed several buildings with Aruba IAP 515 access points.

This summer, we had the company who installed the access points produce heat 
mapping summaries of the buildings.

In three of the four buildings, we had high efficiency mode enabled on the 
access points.

Has anyone using these access points noticed a degraded signal when this mode 
is enabled?  I was sitting almost in front of one of the access points that is 
showing to be active and pretty decent coveage where I was sitting but getting 
very low wireless signal from my laptop (even after I rebooted the laptop, 
disconnected from wifi and reconnected).

I'm trying to get a version of the firmware we are running - there was a 
conflict in one of the buildings that had a cluster of 215s and 515s and the 
215s couldn't run the more recent version of firmware so our consultant may 
have downgraded us to one that both models could support.

Just curious about experiences you might have had with the high efficiency mode 
on and off and whether signal is better on either setting.

Ron Loneker, Jr.
Director, IT Special Projects
Saint Elizabeth University
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229

e-mail:  rlone...@steu.edu


Saint Elizabeth University's IT department will never ask for your password, 
social security number or other personal information in an e-mail message.

Please do not share any information with others!






**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

[Ronald Loneker]

Actually, Lee, the AP kept dropping me so much I couldn't even get a
connection so I couldn't tell you.

Being I was in a meeting and trying to participate, I couldn't do much
testing.

I'm doing tech support for an event all day so I can't pull out my floor
plans to see if there was an access point on the floor above me - that
would be the only other explanation..

Ron
---
Ron Loneker, Jr.
Director, IT Special Projects
Saint Elizabeth University
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229

e-mail:  rlone...@steu.edu



*Saint Elizabeth University's IT department will never ask for your
password, social security number or other personal information in an e-mail
message.*
*Please do not share any information with others!*

On Fri, Sep 10, 2021 at 3:00 PM Lee H Badman  wrote:

> Ron,
>
>
>
> Did you verify with certainty that you were connected to the AP that you
> thought you were on?
>
>
>
> -Lee
>
>
>
> *Lee Badman* | Network Architect (CWNE#200)
>
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * e* lhbad...@syr.edu *w* its.syr.edu
>
> Campus Wireless Policy:
> https://answers.syr.edu/display/network/Wireless+Network+and+Systems
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Ronald Loneker
> *Sent:* Friday, September 10, 2021 2:41 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question
>
>
>
> Hi Everyone -
>
>
>
> This past spring we deployed several buildings with Aruba IAP 515 access
> points.
>
>
>
> This summer, we had the company who installed the access points produce
> heat mapping summaries of the buildings.
>
>
>
> In three of the four buildings, we had high efficiency mode enabled on the
> access points.
>
>
>
> Has anyone using these access points noticed a degraded signal when this
> mode is enabled?  I was sitting almost in front of one of the access points
> that is showing to be active and pretty decent coveage where I was sitting
> but getting very low wireless signal from my laptop (even after I rebooted
> the laptop, disconnected from wifi and reconnected).
>
>
>
> I'm trying to get a version of the firmware we are running - there was a
> conflict in one of the buildings that had a cluster of 215s and 515s and
> the 215s couldn't run the more recent version of firmware so our consultant
> may have downgraded us to one that both models could support.
>
>
>
> Just curious about experiences you might have had with the high efficiency
> mode on and off and whether signal is better on either setting.
>
>
> Ron Loneker, Jr.
> Director, IT Special Projects
> Saint Elizabeth University
> Mahoney Library
> 2 Convent Road
> Morristown, NJ  07960
>
> Phone:  973-290-4229
>
> e-mail:  rlone...@steu.edu
>
>
>
> *Saint Elizabeth University's IT department will never ask for your
> password, social security number or other personal information in an e-mail
> message. *
> *Please do not share any information with others!*
>
>
>
>
>
>
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba 515 IAP - High Efficiency Mode Question

[Daniel Wurst]

Hi Ron,

We moved from AOS6 to AOS8 over the summer. Upon students' return we
noticed what we felt to be degraded signal strength and degraded device
performance.
We will be disabling this HE setting on all our radio profiles in the
coming days. We had confirmation for our Aruba SE and from a peer college
that we should go ahead and disable this setting.

Thanks,

Dan

On Fri, Sep 10, 2021 at 2:41 PM Ronald Loneker  wrote:

> Hi Everyone -
>
> This past spring we deployed several buildings with Aruba IAP 515 access
> points.
>
> This summer, we had the company who installed the access points produce
> heat mapping summaries of the buildings.
>
> In three of the four buildings, we had high efficiency mode enabled on the
> access points.
>
> Has anyone using these access points noticed a degraded signal when this
> mode is enabled?  I was sitting almost in front of one of the access points
> that is showing to be active and pretty decent coveage where I was sitting
> but getting very low wireless signal from my laptop (even after I rebooted
> the laptop, disconnected from wifi and reconnected).
>
> I'm trying to get a version of the firmware we are running - there was a
> conflict in one of the buildings that had a cluster of 215s and 515s and
> the 215s couldn't run the more recent version of firmware so our consultant
> may have downgraded us to one that both models could support.
>
> Just curious about experiences you might have had with the high efficiency
> mode on and off and whether signal is better on either setting.
>
> Ron Loneker, Jr.
> Director, IT Special Projects
> Saint Elizabeth University
> Mahoney Library
> 2 Convent Road
> Morristown, NJ  07960
>
> Phone:  973-290-4229
>
> e-mail:  rlone...@steu.edu
>
>
>
> *Saint Elizabeth University's IT department will never ask for your
> password, social security number or other personal information in an e-mail
> message.*
> *Please do not share any information with others!*
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>


-- 
*Daniel Wurst*
Network Engineer II* | *Information Technology Services

Denison University | 100 West College Street, Granville, OH 43023 | Burton
Hall
740-587-6229 | wur...@denison.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [EXT] Re: [WIRELESS-LAN] PoE Load Tester Recommendation

[Swenson, Chris]

For a quick check I use the Fluke Networks LinkSprinter 200 Ethernet Network 
Tester, (Not what you originally asked, but I like to hear myself talk)
I installed wireless here in the 90’s and it has only metastasized everywhere 
since. (I keep a 10 meg ½ duplex behind my desk to scare the newbies)
One thing that tripped us up from time to time is upgrading the switches and 
AP’s but the wire and jacks are only cat 5e and not rated for the voltages and 
speeds of today’s AP’s.
Maybe a dozen times a year I find burnt jacks or cables that have aged out over 
the decades and now I insist all upgrades come hand in hand with cable 
upgrades. (to say nothing of squirrels chewing cables in attics)
Now I always go for the most advanced standard in any rebuild install.
Chris Swenson
Curry College
Network manager


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ethan Grinnell
Sent: Thursday, September 9, 2021 3:39 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] PoE Load Tester Recommendation


[EXTERNAL EMAIL] CAUTION: This message originated outside of Curry College. Use 
caution when opening attachments, clicking links or responding to requests for 
information.
I wouldn't suggest hacking together anything to test PoE. It's way more 
complicated than it seems like it would be. If your test device said that a 
link failed would you really know if it was an issue with PoE/Cabling or your 
device?

If you're looking for a cheap method, here's a PoE PD client evaluation PCB 
from Analog Devices 
https://www.analog.com/en/design-center/evaluation-hardware-and-software/evaluation-boards-kits/DC2911A.html.
 At only $95 I doubt you'd find a cheaper solution that lets you adjust the 
requested power. It's not automated and it's not even in an enclosure, but it'd 
give you all you need to know that PoE is working. I've haven't used one 
before, so I can't say for sure if it'd work out of the box, but it looks like 
it should be good.

This Fluke seems good if you want an actual tester. It tests up to 90W 
802.3af/at/bt and has a 10G interface. I have no experience with it either, but 
Fluke always seems to make good products.
https://www.fluke.com/en-us/product/network-cable-testers/copper/linkiq-100

Ethan Grinnell
CCIE Enterprise Infrastructure  #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Sep 8, 2021 at 1:03 PM Neumann, Paul 
mailto:pa...@uic.edu>> wrote:
I suspect some (non-trivial) time and tinkering would be needed to make this 
work.  I see a major issue is that all the flavors (classes) of POE require the 
devices to first complete a power negotiation phase where the endpoint requests 
the proper class of power needed.  Only then is power delivered to your 
resistance (properly sized for wattage with an appropriate heatsink).   Also 
power is delivered over the data lines for certain poe modes - you need to 
separate the baseline voltage from the data communication that is superimposed 
over that.  All the above should be achievable for anyone with a EE background. 
 I’m sure there is some level of devil in the details.

This would be a cool senior project for an  upper level/grad student in 
electrical engineering but for serious work, I would just buy a fluke tester.

Paul
--
Paul Neumann
Lead Network Engineer

Technology Solutions (formerly ACCC)
Unversity of Illinois Chicago

E: pa...@uic.edu<mailto:pa...@uic.edu>
P: (312) 355-0113
Room 124, Benjamin Goldberg Research Center, University of Illinois at Chicago
it.uic.edu<http://it.uic.edu>
Visit the UIC Help Center at help.uic.edu<http://help.uic.edu/> to find IT 
Services, Answers, and Support!

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Beyerle, David Evan
Sent: Wednesday, September 08, 2021 6:44 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] PoE Load Tester Recommendation

Brad,
Recall that P=V^2/R, so it seems as though applying the appropriately sized & 
load-rated resistance network across the pairs delivering power, and then 
measuring the voltage dropped across that resistance network would give you a 
reasonably good indication of whether the appropriate power is being delivered 
to the load.  For 60W in seems like you might choose R~75 Ohm on each of two 
pair, but I’d encourage you to double-check my arithmetic.

Best,
Dave

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Floyd, Brad mailto:bfl...@mail.smu.edu>>
Sent: Tuesday, September 7, 2021 5:43 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTS

Re: [WIRELESS-LAN] PoE Load Tester Recommendation

[Ethan Grinnell]

I wouldn't suggest hacking together anything to test PoE. It's way more
complicated than it seems like it would be. If your test device said that a
link failed would you really know if it was an issue with PoE/Cabling or
your device?

If you're looking for a cheap method, here's a PoE PD client evaluation PCB
from Analog Devices
https://www.analog.com/en/design-center/evaluation-hardware-and-software/evaluation-boards-kits/DC2911A.html.
At only $95 I doubt you'd find a cheaper solution that lets you adjust the
requested power. It's not automated and it's not even in an enclosure, but
it'd give you all you need to know that PoE is working. I've haven't used
one before, so I can't say for sure if it'd work out of the box, but it
looks like it should be good.

This Fluke seems good if you want an actual tester. It tests up to 90W
802.3af/at/bt and has a 10G interface. I have no experience with it either,
but Fluke always seems to make good products.
https://www.fluke.com/en-us/product/network-cable-testers/copper/linkiq-100

Ethan Grinnell
CCIE Enterprise Infrastructure  #39723, BS CmpE
Network Engineer
Office of Information Technology, Technology Infrastructure, Networking
Portland State University


On Wed, Sep 8, 2021 at 1:03 PM Neumann, Paul  wrote:

> I suspect some (non-trivial) time and tinkering would be needed to make
> this work.  I see a major issue is that all the flavors (classes) of POE
> require the devices to first complete a power negotiation phase where the
> endpoint requests the proper class of power needed.  Only then is power
> delivered to your resistance (properly sized for wattage with an
> appropriate heatsink).   Also power is delivered over the data lines for
> certain poe modes - you need to separate the baseline voltage from the data
> communication that is superimposed over that.  All the above should be
> achievable for anyone with a EE background.  I’m sure there is some level
> of devil in the details.
>
>
>
> This would be a cool senior project for an  upper level/grad student in
> electrical engineering but for serious work, I would just buy a fluke
> tester.
>
>
>
> Paul
>
> --
>
> Paul Neumann
>
> Lead Network Engineer
>
>
>
> Technology Solutions (formerly ACCC)
>
> Unversity of Illinois Chicago
>
>
>
> E: pa...@uic.edu
>
> P: (312) 355-0113
>
> Room 124, Benjamin Goldberg Research Center, University of Illinois at
> Chicago
>
> it.uic.edu
>
> Visit the UIC Help Center at help.uic.edu to find IT Services, Answers,
> and Support!
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Beyerle, David Evan
> *Sent:* Wednesday, September 08, 2021 6:44 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] PoE Load Tester Recommendation
>
>
>
> Brad,
>
> Recall that P=V^2/R, so it seems as though applying the appropriately
> sized & load-rated resistance network across the pairs delivering power,
> and then measuring the voltage dropped across that resistance network would
> give you a reasonably good indication of whether the appropriate power is
> being delivered to the load.  For 60W in seems like you might choose R~75
> Ohm on each of two pair, but I’d encourage you to double-check my
> arithmetic.
>
> Best,
> Dave
>
> --
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Floyd, Brad <
> bfl...@mail.smu.edu>
> *Sent:* Tuesday, September 7, 2021 5:43 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [WIRELESS-LAN] PoE Load Tester Recommendation
>
>
>
> Can anyone recommend a device to PoE load test network jacks? I have some
> jacks that pass the installer’s Category Certification, but are not passing
> the appropriate PoE to bring the APs online. I would like to be able to
> load test for 802.3af, 802.3at, and 802.3bt (at both 60W and 90W), as
> appropriate. I assume I would need to be able to set the load to apply (in
> Watts) and see the voltage level at the Powered Device. The usual
> constraints apply. Cheaper, but reliable is best.
>
> Thanks,
>
> Brad
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Travis Schick]

Have seen similar behavior and strongly recommend using validuser acl  at
very least change it form default any any- can start small and deny/protect
critical IP's in your infrastructure

its all fun and games until a user device gets picked up as your DNS server
or local ip gateway

but would recommend ultimately making validuser acl only accept ip's you
expect your client to have

when it's happening it sure seems malicious - but have learned not to
assign intent to most actions of my users.

On Tue, Sep 7, 2021 at 12:53 PM Johnson, Christopher 
wrote:

> Sid,
>
>
> We know from personal experience of running into this issue several years
> ago. Like David, we’ve instituted a few validuserACLs – (I actually use
> aliases for those subnets – so that I can re-use them in other places and
> to give a description of those valid ip addresses).
>
> After finding the offending device, was 99% positive it was malicious –
> but as I dived into the Rabbit Hole – discovered it was just a stupid
> malfunctioning device…a Roku Stick. I’ve also seen this behavior on other
> devices that make use of a “Router/IP Sharing” SSID such as “Roku’s Dorm
> Mode” or “Internet Sharing” with Windows.
>
> The Roku generates it’s own SSID “AP Mode” while connecting to our
> infrastructure SSID – it’s not bridged – but routed based on the fact that
> when you connect your phone or computer to the Roku’s SSID – your assigned
> a 192.168.X private IP Address. What I suspect happened in our scenario
> (I’ll use your 23.185.0.1 address for example).
>
> 1. Student Connected Roku to Guest SSID
>
> 2. Roku Prompted Student to use “Dorm Mode”
>
> 3. Student Connected to Roku with iPhone or Computer with a “home page” of
> our institution’s website.
>
> 4. The Roku “mis-routed” a single packet -- Source: 23.185.0.1 –
> Destination: 192.168.X.X – instead of sending it to the “private network”
> wifi interface  to the user’s iPhone or computer – it sent it out the
> “infrastructure network” interface – which based on how a “User” gets into
> the table à
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
> – and was assigned the guest unauthenticated policy – denying all traffic –
> cept icmps.
>
>
>
> I first started suspecting things weren’t as “simple” as they may be when
> I noticed Roku’s were “claiming” the IP Addresses of Google – what was
> funny was seeing the Controller prevent one Roku from entering the
> User-Table with a Google IP Address – *ONLY because another Roku* had
> already sourced a packet with Google’s IP Address.
>
>
>
> If you add a “any any any deny” with “LOG” option enabled – you can see
> ALL the invalid sessions that would have entered the user-table – including
> their destinations.
>
>
> I was only able to “partially replicate the behavior” – but it’s still a
> strong case.
>
> A few links down below:
>
>
> How the user gets into the user-table of the controller? -
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
> IP Address Leaking -
> https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=39207#bm69bbf671-9e9b-4302-b11c-0965445bff7e
>
>
> Some info from the ArubaOS Hardening Guide
>
> https://community.arubanetworks.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=d9518fcc-d8f1-440b-8f5d-68522d3be364
> - Page 26 and 27 goes into detail about “validuser” and
> “local-valid-users” – “local-valid-users” requires the controller to have
> an IP Address on that VLAN interface. There’s also the “Enforce DHCP”
> option in each AAA Aruba Profile – essentially a per SSID setting.
>
>
>
>
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=de2277df-ff0e-41c1-9efb-643c0a04cf5c
>
>
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=99300862-622e-4dd5-9af4-f2d745b49db4
>
>
>
> http://www.commsolutions.com/2011/10/eliminate-duplicate-client-entries-in-your-aruba-controller-for-clients-with-more-than-one-ip-address-or-network-interface/
> -à (BROKEN LINK Now ☹)
> Unfortunately the video link I had from commsolutions – they had
> presentation demonstrating this issue but it’s a broken link now –one of
> their customers for whatever reason had their guests manually enter the ip
> addresses onto their ipads – and someone flip-flopped the “IP Address” and
> the “Default Gateway”….started denying traffic for the default
> gateway….whoops!
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Mike Fitzgerald
> *Sent:* Tuesday, September 07, 2021 12:16 PM
> *To:* WI

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Daniel Westacott]

Hi Educause wifi:

We use a filter that only allows clients to "have" a valid IP address from
"our" range.
It' a bit of overhead, but it solves this issue for us.  We also say
clients listed with addresses that really make no sense.

you build a list something like this:

netdestination umn-wiredv4-wireless-user-networks
network 10.128.0.0 255.224.0.0
network 10.160.0.0 255.240.0.0
network 192.168.157.0 255.255.255.192
network 10.32.253.128 255.255.255.128
network 10.33.9.0 255.255.255.0
description "wiredv4 service ip's for users"

add it to valid user:

ip access-list session validuser
network 127.0.0.0 255.0.0.0 any any deny
network 169.254.0.0 255.255.0.0 any any deny
network 224.0.0.0 240.0.0.0 any any deny
host 255.255.255.255 any any deny
network 240.0.0.0 240.0.0.0 any any deny
alias umn-wiredv4-wireless-user-networks any any permit
any any any deny

Something similar is needed for V6.
/daniel/
daniel westacott
University of Minnesota



On Tue, Sep 7, 2021 at 11:04 AM Sidharth Nandury 
wrote:

> So. sigh!
>
> It seems like an end client either statically or for some unknown reason
> got assigned the IP address for these websites. The role that the client
> was assigned had a policy to "deny" traffic to the internet (as per
> design). The part that we did not know was that when a client is going to a
> particular destination, the controllers look at the user table to see if
> there is an IP and a route available before even going to the role-based
> ACLs.
>
> Once we blacklisted the client or deleted the client from the user-table,
> the websites were accessible again.
>
> Sid
>
> On Tue, Sep 7, 2021 at 11:29 AM Norman Mourtada 
> wrote:
>
>> With 8.6.0.9, no issues.
>>
>>
>>
>> (Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
>>
>> 35.186.224.25 172.16.122.193  6443   58612  0/0 024  3
>> tunnel 2306 a5   69 11747  17
>>
>> 172.16.126.14335.186.224.25   665364 4430/0 024  0
>> tunnel 1718 1a   29 3592   TC  26
>>
>> 172.18.91.115 35.186.224.25   656982 4430/0 00   0
>> tunnel 1102 505  14524120  C   29
>>
>> 172.16.174.33 35.186.224.25   654373 4430/0 024  0
>> tunnel 2773 6da  9576   1018764TC  21
>>
>> 35.186.224.25 172.16.166.198  6443   60052  0/0 024  1
>> tunnel 133  de   371269692 31
>>
>> 172.16.172.51 35.186.224.25   663940 4430/0 024  3
>> tunnel 862  5c   17 2849   TC  30
>>
>> 172.19.90.133 35.186.224.25   654371 4430/0 024  0
>> tunnel 1509 890  16133426  TC  18
>>
>> 172.19.91.45  35.186.224.25   662292 4430/0 024  2
>> tunnel 1630 4d   14 2502   TC  27
>>
>> 35.186.224.25 172.16.166.198  6443   60050  0/0 024  14
>> tunnel 133  de   24 8727   31
>>
>> 172.16.176.74 35.186.224.25   658973 4430/0 024  2
>> tunnel 1964 236  35 5322   TC  16
>>
>> 172.16.176.19335.186.224.25   661015 4430/0 024  1
>> tunnel 2160 10   44 15853  FTC 20
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Oachs
>> *Sent:* Tuesday, September 7, 2021 10:59 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from
>> wireless network - Aruba
>>
>>
>>
>> CAUTION: This email originated from outside of the University. Do not
>> click links or open attachments unless you recognize the sender and know
>> the content is safe.
>>
>>
>>
>> Not seeing that issue here.  We are on 8.7.1.4
>>
>>
>>
>> (aruba-controller-1) #show datapath session | include 35.186.224.25
>> 35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
>> tunnel 6347 3cc  30750335  15
>> 138.236.82.47 35.186.224.25   657491 4430/0 00   4
>> tunnel 5540 382  179117595 C   30
>> 35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
>> tunnel 972  e20916359  23
>> 35.186.224.25 138.236.82.47   6443   57491  0/0 01 

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Sidharth Nandury]

This is very helpful! Thank you. We are planning to implement the
validusers-acl like you mentioned and restrict clients to only the IPs that
we provide via DHCP. The description is exactly what we are seeing.

Christopher, would it be alright if we reached out to you if we have
questions? I would hate to re-invent the wheel.

Thank you, again.

Sid

On Tue, Sep 7, 2021 at 3:53 PM Johnson, Christopher 
wrote:

> Sid,
>
>
> We know from personal experience of running into this issue several years
> ago. Like David, we’ve instituted a few validuserACLs – (I actually use
> aliases for those subnets – so that I can re-use them in other places and
> to give a description of those valid ip addresses).
>
> After finding the offending device, was 99% positive it was malicious –
> but as I dived into the Rabbit Hole – discovered it was just a stupid
> malfunctioning device…a Roku Stick. I’ve also seen this behavior on other
> devices that make use of a “Router/IP Sharing” SSID such as “Roku’s Dorm
> Mode” or “Internet Sharing” with Windows.
>
> The Roku generates it’s own SSID “AP Mode” while connecting to our
> infrastructure SSID – it’s not bridged – but routed based on the fact that
> when you connect your phone or computer to the Roku’s SSID – your assigned
> a 192.168.X private IP Address. What I suspect happened in our scenario
> (I’ll use your 23.185.0.1 address for example).
>
> 1. Student Connected Roku to Guest SSID
>
> 2. Roku Prompted Student to use “Dorm Mode”
>
> 3. Student Connected to Roku with iPhone or Computer with a “home page” of
> our institution’s website.
>
> 4. The Roku “mis-routed” a single packet -- Source: 23.185.0.1 –
> Destination: 192.168.X.X – instead of sending it to the “private network”
> wifi interface  to the user’s iPhone or computer – it sent it out the
> “infrastructure network” interface – which based on how a “User” gets into
> the table à
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
> – and was assigned the guest unauthenticated policy – denying all traffic –
> cept icmps.
>
>
>
> I first started suspecting things weren’t as “simple” as they may be when
> I noticed Roku’s were “claiming” the IP Addresses of Google – what was
> funny was seeing the Controller prevent one Roku from entering the
> User-Table with a Google IP Address – *ONLY because another Roku* had
> already sourced a packet with Google’s IP Address.
>
>
>
> If you add a “any any any deny” with “LOG” option enabled – you can see
> ALL the invalid sessions that would have entered the user-table – including
> their destinations.
>
>
> I was only able to “partially replicate the behavior” – but it’s still a
> strong case.
>
> A few links down below:
>
>
> How the user gets into the user-table of the controller? -
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
> IP Address Leaking -
> https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=39207#bm69bbf671-9e9b-4302-b11c-0965445bff7e
>
>
> Some info from the ArubaOS Hardening Guide
>
> https://community.arubanetworks.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=d9518fcc-d8f1-440b-8f5d-68522d3be364
> - Page 26 and 27 goes into detail about “validuser” and
> “local-valid-users” – “local-valid-users” requires the controller to have
> an IP Address on that VLAN interface. There’s also the “Enforce DHCP”
> option in each AAA Aruba Profile – essentially a per SSID setting.
>
>
>
>
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=de2277df-ff0e-41c1-9efb-643c0a04cf5c
>
>
> https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=99300862-622e-4dd5-9af4-f2d745b49db4
>
>
>
> http://www.commsolutions.com/2011/10/eliminate-duplicate-client-entries-in-your-aruba-controller-for-clients-with-more-than-one-ip-address-or-network-interface/
> -à (BROKEN LINK Now ☹)
> Unfortunately the video link I had from commsolutions – they had
> presentation demonstrating this issue but it’s a broken link now –one of
> their customers for whatever reason had their guests manually enter the ip
> addresses onto their ipads – and someone flip-flopped the “IP Address” and
> the “Default Gateway”….started denying traffic for the default
> gateway….whoops!
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Mike Fitzgerald
> *Sent:* Tuesday, September 07, 2021 12:16 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites
> inaccessible from wireless network - Aruba
>

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Johnson, Christopher]

Sid,

We know from personal experience of running into this issue several years ago. 
Like David, we’ve instituted a few validuserACLs – (I actually use aliases for 
those subnets – so that I can re-use them in other places and to give a 
description of those valid ip addresses).

After finding the offending device, was 99% positive it was malicious – but as 
I dived into the Rabbit Hole – discovered it was just a stupid malfunctioning 
device…a Roku Stick. I’ve also seen this behavior on other devices that make 
use of a “Router/IP Sharing” SSID such as “Roku’s Dorm Mode” or “Internet 
Sharing” with Windows.

The Roku generates it’s own SSID “AP Mode” while connecting to our 
infrastructure SSID – it’s not bridged – but routed based on the fact that when 
you connect your phone or computer to the Roku’s SSID – your assigned a 
192.168.X private IP Address. What I suspect happened in our scenario (I’ll use 
your 23.185.0.1 address for example).

1. Student Connected Roku to Guest SSID
2. Roku Prompted Student to use “Dorm Mode”
3. Student Connected to Roku with iPhone or Computer with a “home page” of our 
institution’s website.
4. The Roku “mis-routed” a single packet -- Source: 23.185.0.1 – Destination: 
192.168.X.X – instead of sending it to the “private network” wifi interface  to 
the user’s iPhone or computer – it sent it out the “infrastructure network” 
interface – which based on how a “User” gets into the table --> 
https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
 – and was assigned the guest unauthenticated policy – denying all traffic – 
cept icmps.

I first started suspecting things weren’t as “simple” as they may be when I 
noticed Roku’s were “claiming” the IP Addresses of Google – what was funny was 
seeing the Controller prevent one Roku from entering the User-Table with a 
Google IP Address – ONLY because another Roku had already sourced a packet with 
Google’s IP Address.

If you add a “any any any deny” with “LOG” option enabled – you can see ALL the 
invalid sessions that would have entered the user-table – including their 
destinations.

I was only able to “partially replicate the behavior” – but it’s still a strong 
case.

A few links down below:

How the user gets into the user-table of the controller? - 
https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=95f4108f-5927-4700-891c-89fd218d0d4e
IP Address Leaking - 
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=39207#bm69bbf671-9e9b-4302-b11c-0965445bff7e

Some info from the ArubaOS Hardening Guide
https://community.arubanetworks.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=d9518fcc-d8f1-440b-8f5d-68522d3be364
- Page 26 and 27 goes into detail about “validuser” and “local-valid-users” – 
“local-valid-users” requires the controller to have an IP Address on that VLAN 
interface. There’s also the “Enforce DHCP” option in each AAA Aruba Profile – 
essentially a per SSID setting.

https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=de2277df-ff0e-41c1-9efb-643c0a04cf5c
https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=99300862-622e-4dd5-9af4-f2d745b49db4

http://www.commsolutions.com/2011/10/eliminate-duplicate-client-entries-in-your-aruba-controller-for-clients-with-more-than-one-ip-address-or-network-interface/
 ---> (BROKEN LINK Now ☹)
Unfortunately the video link I had from commsolutions – they had presentation 
demonstrating this issue but it’s a broken link now –one of their customers for 
whatever reason had their guests manually enter the ip addresses onto their 
ipads – and someone flip-flopped the “IP Address” and the “Default 
Gateway”….started denying traffic for the default gateway….whoops!

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mike Fitzgerald
Sent: Tuesday, September 07, 2021 12:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible 
from wireless network - Aruba

Some people who received this message don't often get email from 
fi...@brandeis.edu. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>
[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]
Check your valid user table config to make sure you only allow the IP ranges 
your DHCP server would give a wireless client.  Otherwise, you can end up with 
user table entries for destination IP's and then those IP's get policed by the 
controller as you were seeing.  Aruba default for that config used to allow any 
any, which is bad...

Mike


On Tue, Sep 7, 2021 at 12:04 PM Sidharth Nandury 
mailto:nandu...@denison.edu>> wrote:
So. sigh!

It seems like an end client either statically or for some unknown reason got 
assigned the IP address for these websites. The role that the client was 
assign

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Mike Fitzgerald]

Check your valid user table config to make sure you only allow the IP
ranges your DHCP server would give a wireless client.  Otherwise, you can
end up with user table entries for destination IP's and then those IP's get
policed by the controller as you were seeing.  Aruba default for that
config used to allow any any, which is bad...

Mike


On Tue, Sep 7, 2021 at 12:04 PM Sidharth Nandury 
wrote:

> So. sigh!
>
> It seems like an end client either statically or for some unknown reason
> got assigned the IP address for these websites. The role that the client
> was assigned had a policy to "deny" traffic to the internet (as per
> design). The part that we did not know was that when a client is going to a
> particular destination, the controllers look at the user table to see if
> there is an IP and a route available before even going to the role-based
> ACLs.
>
> Once we blacklisted the client or deleted the client from the user-table,
> the websites were accessible again.
>
> Sid
>
> On Tue, Sep 7, 2021 at 11:29 AM Norman Mourtada 
> wrote:
>
>> With 8.6.0.9, no issues.
>>
>>
>>
>> (Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
>>
>> 35.186.224.25 172.16.122.193  6443   58612  0/0 024  3
>> tunnel 2306 a5   69 11747  17
>>
>> 172.16.126.14335.186.224.25   665364 4430/0 024  0
>> tunnel 1718 1a   29 3592   TC  26
>>
>> 172.18.91.115 35.186.224.25   656982 4430/0 00   0
>> tunnel 1102 505  14524120  C   29
>>
>> 172.16.174.33 35.186.224.25   654373 4430/0 024  0
>> tunnel 2773 6da  9576   1018764TC  21
>>
>> 35.186.224.25 172.16.166.198  6443   60052  0/0 024  1
>> tunnel 133  de   371269692 31
>>
>> 172.16.172.51 35.186.224.25   663940 4430/0 024  3
>> tunnel 862  5c   17 2849   TC  30
>>
>> 172.19.90.133 35.186.224.25   654371 4430/0 024  0
>> tunnel 1509 890  16133426  TC  18
>>
>> 172.19.91.45  35.186.224.25   662292 4430/0 024  2
>> tunnel 1630 4d   14 2502   TC  27
>>
>> 35.186.224.25 172.16.166.198  6443   60050  0/0 024  14
>> tunnel 133  de   24 8727   31
>>
>> 172.16.176.74 35.186.224.25   658973 4430/0 024  2
>> tunnel 1964 236  35 5322   TC  16
>>
>> 172.16.176.19335.186.224.25   661015 4430/0 024  1
>> tunnel 2160 10   44         15853      FTC 20
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Oachs
>> *Sent:* Tuesday, September 7, 2021 10:59 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from
>> wireless network - Aruba
>>
>>
>>
>> CAUTION: This email originated from outside of the University. Do not
>> click links or open attachments unless you recognize the sender and know
>> the content is safe.
>>
>>
>>
>> Not seeing that issue here.  We are on 8.7.1.4
>>
>>
>>
>> (aruba-controller-1) #show datapath session | include 35.186.224.25
>> 35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
>> tunnel 6347 3cc  30750335  15
>> 138.236.82.47 35.186.224.25   657491 4430/0 00   4
>> tunnel 5540 382  179117595 C   30
>> 35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
>> tunnel 972  e20916359  23
>> 35.186.224.25 138.236.82.47   6443   57491  0/0 01   4
>> tunnel 5540 382  18945940  30
>> 138.236.104.6735.186.224.25   664918 4430/0 00   1
>> tunnel 6347 3cd  34538357  C   29
>> 35.186.224.25 138.236.232.120 6443   61505  0/0 01   0
>> tunnel 7052 c15149165  22
>> 138.236.250.8535.186.224.25   654833 4430/0 00   1
>> tunnel 2686 1a   57 16206  C   27
>> 35.186.224.25 138.236.251.120 6443   51735  0/0 01   1
>> tunnel 7060 829 3140   F   13
>> 138.236.250.8535.186.224.25   6

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Sidharth Nandury]

So. sigh!

It seems like an end client either statically or for some unknown reason
got assigned the IP address for these websites. The role that the client
was assigned had a policy to "deny" traffic to the internet (as per
design). The part that we did not know was that when a client is going to a
particular destination, the controllers look at the user table to see if
there is an IP and a route available before even going to the role-based
ACLs.

Once we blacklisted the client or deleted the client from the user-table,
the websites were accessible again.

Sid

On Tue, Sep 7, 2021 at 11:29 AM Norman Mourtada 
wrote:

> With 8.6.0.9, no issues.
>
>
>
> (Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
>
> 35.186.224.25 172.16.122.193  6443   58612  0/0 024  3
> tunnel 2306 a5   69 11747  17
>
> 172.16.126.14335.186.224.25   665364 4430/0 024  0
> tunnel 1718 1a   29 3592   TC  26
>
> 172.18.91.115 35.186.224.25   656982 4430/0 00   0
> tunnel 1102 505  14524120  C   29
>
> 172.16.174.33 35.186.224.25   654373 4430/0 024  0
> tunnel 2773 6da  9576   1018764TC  21
>
> 35.186.224.25 172.16.166.198  6443   60052  0/0 024  1
> tunnel 133  de   371269692 31
>
> 172.16.172.51 35.186.224.25   663940 4430/0 024  3
> tunnel 862  5c   17 2849   TC  30
>
> 172.19.90.133 35.186.224.25   654371 4430/0 024  0
> tunnel 1509 890  16133426  TC  18
>
> 172.19.91.45  35.186.224.25   662292 4430/0 024  2
> tunnel 1630 4d   14 2502   TC  27
>
> 35.186.224.25 172.16.166.198  6443   60050  0/0 024  14
> tunnel 133  de   24 8727   31
>
> 172.16.176.74 35.186.224.25   658973 4430/0 024  2
> tunnel 1964 236  35 5322   TC  16
>
> 172.16.176.19335.186.224.25   661015 4430/0 024  1
> tunnel 2160 10   44 15853  FTC 20
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Oachs
> *Sent:* Tuesday, September 7, 2021 10:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from
> wireless network - Aruba
>
>
>
> CAUTION: This email originated from outside of the University. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> Not seeing that issue here.  We are on 8.7.1.4
>
>
>
> (aruba-controller-1) #show datapath session | include 35.186.224.25
> 35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
> tunnel 6347 3cc  30750335  15
> 138.236.82.47 35.186.224.25   657491 4430/0 00   4
> tunnel 5540 382  179117595 C   30
> 35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
> tunnel 972  e20916359  23
> 35.186.224.25 138.236.82.47   6443   57491  0/0 01   4
> tunnel 5540 382  18945940  30
> 138.236.104.6735.186.224.25   664918 4430/0 00   1
> tunnel 6347 3cd  34538357  C   29
> 35.186.224.25 138.236.232.120 6443   61505  0/0 01   0
> tunnel 7052 c15149165  22
> 138.236.250.8535.186.224.25   654833 4430/0 00   1
> tunnel 2686 1a   57 16206  C   27
> 35.186.224.25 138.236.251.120 6443   51735  0/0 01   1
> tunnel 7060 829 3140   F   13
> 138.236.250.8535.186.224.25   654834 4430/0 00   2
> tunnel 2686 18   152179792 C   27
>
>
>
> --Dan
>
>
>
> On Tue, Sep 7, 2021 at 9:40 AM Sidharth Nandury 
> wrote:
>
> Hi All,
>
>
>
> Since last Monday we have seen a couple of different websites being
> blocked on our Aruba wireless controllers. Spotify has been one of the
> sites, as well as all websites hosted on IP 23.185.0.1 (which is our main
> institution website - denison.edu). We can confirm that this is being
> blocked as we see the "D" (Deny) Flag on the wireless controller. Below is
> an example of traffic being blocked to Spotify. Is anyone suing Aruba AOS 8
> controllers seeing this?
>
>
>
> (wlc-Thor) #show datapath session | in

RE: [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Norman Mourtada]

With 8.6.0.9, no issues.

(Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
35.186.224.25 172.16.122.193  6443   58612  0/0 024  3   tunnel 
2306 a5   69 11747  17
172.16.126.14335.186.224.25   665364 4430/0 024  0   tunnel 
1718 1a   29 3592   TC  26
172.18.91.115 35.186.224.25   656982 4430/0 00   0   tunnel 
1102 505  14524120  C   29
172.16.174.33 35.186.224.25   654373 4430/0 024  0   tunnel 
2773 6da  9576   1018764TC  21
35.186.224.25 172.16.166.198  6443   60052  0/0 024  1   tunnel 
133  de   371269692 31
172.16.172.51 35.186.224.25   663940 4430/0 024  3   tunnel 
862  5c   17 2849   TC  30
172.19.90.133 35.186.224.25   654371 4430/0 024  0   tunnel 
1509 890  16133426  TC  18
172.19.91.45  35.186.224.25   662292 4430/0 024  2   tunnel 
1630 4d   14 2502   TC  27
35.186.224.25 172.16.166.198  6443   60050  0/0 024  14  tunnel 
133  de   24 8727   31
172.16.176.74 35.186.224.25   658973 4430/0 024  2   tunnel 
1964 236  35 5322   TC  16
172.16.176.19335.186.224.25   661015 4430/0 024  1   tunnel 
2160 10   44 15853  FTC 20

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Dan Oachs
Sent: Tuesday, September 7, 2021 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless 
network - Aruba

CAUTION: This email originated from outside of the University. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

Not seeing that issue here.  We are on 8.7.1.4

(aruba-controller-1) #show datapath session | include 35.186.224.25
35.186.224.25 138.236.104.67  6443   64918  0/0 01   1   tunnel 
6347 3cc  30750335  15
138.236.82.47 35.186.224.25   657491 4430/0 00   4   tunnel 
5540 382  179117595 C   30
35.186.224.25 138.236.248.10  6443   54342  0/0 01   1   tunnel 
972  e20916359  23
35.186.224.25 138.236.82.47   6443   57491  0/0 01   4   tunnel 
5540 382  18945940  30
138.236.104.6735.186.224.25   664918 4430/0 00   1   tunnel 
6347 3cd  34538357  C   29
35.186.224.25 138.236.232.120 6443   61505  0/0 01   0   tunnel 
7052 c15149165  22
138.236.250.8535.186.224.25   654833 4430/0 00   1   tunnel 
2686 1a   57 16206  C   27
35.186.224.25 138.236.251.120 6443   51735  0/0 01   1   tunnel 
7060 829 3140   F   13
138.236.250.8535.186.224.25   654834 4430/0 00   2   tunnel 
2686 18   152179792 C   27

--Dan

On Tue, Sep 7, 2021 at 9:40 AM Sidharth Nandury 
mailto:nandu...@denison.edu>> wrote:
Hi All,

Since last Monday we have seen a couple of different websites being blocked on 
our Aruba wireless controllers. Spotify has been one of the sites, as well as 
all websites hosted on IP 23.185.0.1 (which is our main institution website - 
denison.edu<http://denison.edu>). We can confirm that this is being blocked as 
we see the "D" (Deny) Flag on the wireless controller. Below is an example of 
traffic being blocked to Spotify. Is anyone suing Aruba AOS 8 controllers 
seeing this?


(wlc-Thor) #show datapath session | include 35.186.224.25

Source IP or MAC  Destination IP  Prot SPort DPort Cntr Prio ToS Age 
Destination TAge PacketsBytes  Flags   CPU ID

- ---  - -   --- --- 
---  -- -- --- ---

10.143.203.26 35.186.224.25   652082 4430/0 00   0   tunnel 
640  10  0  FDYCA   21

10.143.195.85 35.186.224.25   659767 4430/0 00   0   tunnel 
5357 00  0  FDYCA   27

10.143.225.17835.186.224.25   652292 4430/0 00   0   tunnel 
6753 10  0  FDYCA   19

10.143.195.85 35.186.224.25   659766 4430/0 00   0   tunnel 
5357 10  0  FDYCA   27



(wlc-Thor) #show datapath session | include 23.185.0.1
10.143.228.16 23.185.0.1  659500 4430/0 00   0   tunnel 
16789 a0  0  FDYCA   18
10.143.244.15123.185.0.1  658758 443

Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

[Dan Oachs]

Not seeing that issue here.  We are on 8.7.1.4

(aruba-controller-1) #show datapath session | include 35.186.224.25
35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
tunnel 6347 3cc  30750335  15
138.236.82.47 35.186.224.25   657491 4430/0 00   4
tunnel 5540 382  179117595 C   30
35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
tunnel 972  e20916359  23
35.186.224.25 138.236.82.47   6443   57491  0/0 01   4
tunnel 5540 382  18945940  30
138.236.104.6735.186.224.25   664918 4430/0 00   1
tunnel 6347 3cd  34538357  C   29
35.186.224.25 138.236.232.120 6443   61505  0/0 01   0
tunnel 7052 c15149165  22
138.236.250.8535.186.224.25   654833 4430/0 00   1
tunnel 2686 1a   57 16206  C   27
35.186.224.25 138.236.251.120 6443   51735  0/0 01   1
tunnel 7060 829 3140   F   13
138.236.250.8535.186.224.25   654834 4430/0 00   2
tunnel 2686 18   152179792 C   27

--Dan

On Tue, Sep 7, 2021 at 9:40 AM Sidharth Nandury 
wrote:

> Hi All,
>
> Since last Monday we have seen a couple of different websites being
> blocked on our Aruba wireless controllers. Spotify has been one of the
> sites, as well as all websites hosted on IP 23.185.0.1 (which is our main
> institution website - denison.edu). We can confirm that this is being
> blocked as we see the "D" (Deny) Flag on the wireless controller. Below is
> an example of traffic being blocked to Spotify. Is anyone suing Aruba AOS 8
> controllers seeing this?
>
> (wlc-Thor) #show datapath session | include 35.186.224.25
>
> Source IP or MAC  Destination IP  Prot SPort DPort Cntr Prio ToS Age
> Destination TAge PacketsBytes  Flags   CPU ID
>
> - ---  - -   --- ---
> ---  -- -- --- ---
>
> 10.143.203.26 35.186.224.25   652082 4430/0 00   0
> tunnel 640  10  0  *FDYCA *  21
>
> 10.143.195.85 35.186.224.25   659767 4430/0 00   0
> tunnel 5357 00  0*  FDYCA*   27
>
> 10.143.225.17835.186.224.25   652292 4430/0 00   0
> tunnel 6753 10  0 * FDYCA *  19
>
> 10.143.195.85 35.186.224.25   659766 4430/0 00   0
> tunnel 5357 10  0  *FDYCA *  27
>
>
> (wlc-Thor) #show datapath session | include 23.185.0.1
> 10.143.228.16 23.185.0.1  659500 4430/0 00   0
> tunnel 16789 a0  0  *FDYCA*   18
> 10.143.244.15123.185.0.1  658758 4430/0 00   0
> tunnel 553  10  0  *FDYCA*   23
> 10.143.228.24723.185.0.1  659063 4430/0 00   0
> tunnel 13188 a6  384*FDYCA*   27
> 10.143.228.24723.185.0.1  659062 4430/0 00   0
> tunnel 13188 a6  384*FDYCA*   27
> 10.143.196.26 23.185.0.1  650851 4430/0 00   0
> tunnel 5631 10  0  *FDYCA*   17
> 10.143.196.26 23.185.0.1  650852 4430/0 00   0
> tunnel 5631 10  0  *FDYCA*   17
> 10.143.196.26 23.185.0.1  650853 4430/0 00   0
> tunnel 5631 10  0  *FDYCA*   17
>
>
> We have two 7240xm controllers running AOS v8.6.9 in a cluster with a
> Mobility Conductor as a VM. We have a ticket open with TAC and have
> escalated it up to ERT, but wanted to also reach out to others.
>
>
> Thank you.
>
> Sid
>
>
> --
>
> [image: Denison University] 
>
> *Sidharth S. Nandury*
> (He, Him, His)
> *Infrastructure and Operations Manager*
> Information Technology Services
>
> 100 West College Street, Granville, OH 43023  | 
> Burton
> Hall 
> Office: 740-587-5533 <1-740-587-5533> | Mobile: 516-314-4413
> <1-516-314-4413>
> nand...@denison.edu
> https://denison.edu/campus/technology/service-desk
>
> NOTICE: This email message and all attachments transmitted with it may
> contain legally privileged and confidential information intended solely for
> the use of the addressee. If the reader of this message is not the intended
> recipient, you are hereby notified that any reading, dissemination,
> distribution, copying, or other use of this message or its attachments is
> strictly prohibited. If you have received this message in error, please
> notify the sender immediately by phone or by email, and delete this message
> and all copies and backups thereof.
>
> 

Re: [WIRELESS-LAN] Wireless Scanning Apps

[Enfield, Chuck]

Wi-Fi Analyzer Pro, Network Signal Info Pro, Aruba Utilities, & nperf. Wi-Fi 
Analyzer is my go to scanner, and nperf my performance tester, but the other 
two have features I use sometimes. Between them they meet all my needs.


From: Olivier Gervais-Harreman 
Sent: Friday, September 3, 2021 3:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Scanning Apps


Check out Aruba Utilities.


Olivier Gervais-Harreman, P.Eng.
Wireless Administrator | Network Operations
Simon Fraser University | Water Tower Building 224
 University Dr., Burnaby, B.C. V5A 1S6
T: 778.782.3715 | M: 778.689.2358 | 
www.sfu.ca/information-systems<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sfu.ca%2Finformation-systems=04%7C01%7Ccae104%40PSU.EDU%7C5c486058306848f7564808d96f0d86cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637662926154844692%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=dxniD2ZbLyVzpiPOxbEvnSTJdSuSLf%2B64gjYxlLX9BU%3D=0>
Twitter: 
@sfu_it<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fsfu_it=04%7C01%7Ccae104%40PSU.EDU%7C5c486058306848f7564808d96f0d86cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637662926154854693%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=TyxRYn4dO9lWCn7vXK5fsuKYa9e8s2KLBJkT0D%2BV8xU%3D=0>


[1599766161030]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Hales, David 

Sent: September 3, 2021 11:51:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Scanning Apps

I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu<mailto:dha...@tntech.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ccae104%40PSU.EDU%7C5c486058306848f7564808d96f0d86cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637662926154854693%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=4HmbZj1EEBNAHJvi94pPkraoMwc802PmOH0JTpV6OfM%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ccae104%40PSU.EDU%7C5c486058306848f7564808d96f0d86cd%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637662926154864689%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=V6XzUONFhXWPwLF6uq9SwjikEL0rsZQV8Z3xZG5c%2BCA%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Lionel Shigemura]

Apple restricts access to system functions so the options are limited.
Apple's AirPort Utility has basic scanning features, but must be enabled in
the app settings, "WiFi Scanner".  It offers MAC, RSSI, and channel info.

The Android Aruba App is good.  We have MetaGeek's WiSpy Air solution.  It
uses a proprietary external wireless NIC that attaches to a device.  This
is a workaround to Apple's built-in hardware/software restrictions.  The
Air Viewer App offers similar features as inSSIDer and is considered a
"lightweight spectrum analyzer".

I would stick with AirPort Utility for basics since it's very convenient
and simple.  Less accessories to carry unless I do more in-depth
troubleshooting.  Then, I would take my laptop and test sets.


Lionel Shigemura
UH - Leeward Community College
Information Technology Group - Networking
(808) 455-0486

CONFIDENTIALITY NOTICE: The contents of this email message and any
attachments are intended solely for the addressee(s) and may contain
confidential and/or privileged information and may be legally protected
from disclosure. If you are not the intended recipient of this message or
their agent, or if this message has been addressed to you in error, please
immediately alert the sender by reply email and then delete this message
and any attachments. If you are not the intended recipient, you are hereby
notified that any use, dissemination, copying, or storage of this message
or its attachments is strictly prohibited.


On Fri, Sep 3, 2021 at 12:29 PM Turpin, Max 
wrote:

> Anything similar to Aruba Utilities for iOS?
>
> On Sep 3, 2021, at 6:10 PM, Gould, Todd  wrote:
>
> 
> I love the Aruba Utilities app. It's free and shows a host of pretty
> valuable information, like nearby access points, RSSI, DSS, BLE etc.
>
> ToddG
> Networks & Systems
> Williams College
>
> On Fri, Sep 3, 2021 at 2:51 PM Hales, David  wrote:
>
>> I was wondering if anyone had any free wireless scanning apps for Android
>> that they currently like?  Just something free and simple you can use to
>> check signal strength, SSIDs and BSSIDs around you when out in the field?
>> I always end up with a different one each time I replace my phone and was
>> about to poke around the Play store again.
>>
>>
>>
>> *David Hales*
>>
>> *Network Systems Administrator*
>>
>>
>>
>> Information Technology Services
>>
>> Tennessee Tech University
>>
>> 1010 N. Peachtree Av., CLEM117
>>
>> Cookeville, TN 38505
>>
>> *P:* 931-372-3983
>>
>> *E: *dha...@tntech.edu
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
>
>
> --
>
> Todd M.Gould
> Networks & Systems
> Office for Information Technology
> Williams College
>
> c:\413.281.0226
> d:\413.597.3407
> f:\413.597.4388
>
> This e-mail may contain confidential and privileged
> material for the sole use of the intended recipient.
> Any review, use, distribution or disclosure by others
> is strictly prohibited. If you are not the intended
> recipient (or authorized to receive for the recipient),
> please contact the sender by reply e-mail and delete
> all copies of this message.
> --
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Wireless Scanning Apps

[Jay Merkle]

I have Analiti on my Android and then paid a couple of dollars to get rid of 
ads.  It works great.
Jay

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Friday, September 3, 2021 2:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Scanning Apps

EXTERNAL EMAIL
This email was sent from outside the district. Use caution when opening links 
or attachments. - Olathe Technology Division
David,
Aruba Utilities by Peter Thornycroft in the CTO Office at Aruba Networks works 
very well. It's free in the Play Store.
Thanks,
Brad


 Original message 
From: Lee H Badman mailto:lhbad...@syr.edu>>
Date: 9/3/21 1:53 PM (GMT-06:00)
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Wireless Scanning Apps

[EXTERNAL SENDER]
Analiti is nice.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hales, David
Sent: Friday, September 3, 2021 2:51 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Wireless Scanning Apps

I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu<mailto:dha...@tntech.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

CONFIDENTIALITY NOTICE: This message is from the Olathe Public Schools. The 
message and any attachments may be confidential or privileged and are intended 
only for the individual or entity identified above as the addressee. If you are 
not the addressee, or if this message has been addressed to you in error, you 
are not authorized to read, copy or distribute this message or any attachments. 
We ask that you please delete this message and any attachments and notify the 
sender by return email or by phone (913) 780-7000.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Turpin, Max]

Anything similar to Aruba Utilities for iOS?

On Sep 3, 2021, at 6:10 PM, Gould, Todd  wrote:


I love the Aruba Utilities app. It's free and shows a host of pretty valuable 
information, like nearby access points, RSSI, DSS, BLE etc.

ToddG
Networks & Systems
Williams College

On Fri, Sep 3, 2021 at 2:51 PM Hales, David 
mailto:dha...@tntech.edu>> wrote:
I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community


--

Todd M.Gould
Networks & Systems
Office for Information Technology
Williams College

c:\413.281.0226
d:\413.597.3407
f:\413.597.4388

This e-mail may contain confidential and privileged
material for the sole use of the intended recipient.
Any review, use, distribution or disclosure by others
is strictly prohibited. If you are not the intended
recipient (or authorized to receive for the recipient),
please contact the sender by reply e-mail and delete
all copies of this message.
--

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Hurt,Trenton W.]

Few things you can still do with I device


https://iphone-tricks.com/tutorial/6941-using-airport-as-wi-fi-scanner-on-iphone
  —> not analyzer just scanner

http://www.my80211.com/home/2019/10/5/ios-13-and-ipados-wi-fi-diagnostics.html  
 —> Wifi diag profile

https://www.numerousnetworks.co.uk/noversight/  —> requires a Mac and not free 
but very handy



Sent from my mobile device.

Trent Hurt

5028521513

University of Louisville







From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Coehoorn, Joel 

Sent: Friday, September 3, 2021 3:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.
You used to be able to do this via iOS, but Apple locked those apps out 
sometime around 2011/2012 for using "undocumented APIs".

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 3, 2021 at 1:54 PM Turpin, Max 
mailto:mt3...@cumc.columbia.edu>> wrote:
Aruba Utilities is great. I wish they had it for iOS.

On Sep 3, 2021, at 2:53 PM, Tim Cantin 
mailto:tcan...@wellesley.edu>> wrote:


WiFi Analyzer, which also has an inexpensive pro version (totally worth it)

On Fri, Sep 3, 2021 at 2:51 PM Hales, David 
mailto:dha...@tntech.edu>> wrote:
I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu<mailto:dha...@tntech.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFaQ%26c%3DG2MiLlal7SXE3PeSnG8W6_JBU6FcdVjSsBSbw6gcR0U%26r%3DzobI7d8a-PnWsDxhdheA-Pkovo0vk-DVRBlpbuIQ8mE%26m%3DLHe4yRfta1zhvO0pDAJWJ0XRv-j9A3crXlwgmXVX2iU%26s%3DTK2Ynd6xjq9L_D3ExX6AFgwLfon7xDOaY4PXxL-ux28%26e%3D=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7C21b406810bb44265c11008d96f1142d1%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637662942305780893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=iRVgcTGqPMc6jnXHFe69GKakEGiKp7zUyh%2FeJLmbzPk%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFaQ%26c%3DG2MiLlal7SXE3PeSnG8W6_JBU6FcdVjSsBSbw6gcR0U%26r%3DzobI7d8a-PnWsDxhdheA-Pkovo0vk-DVRBlpbuIQ8mE%26m%3DLHe4yRfta1zhvO0pDAJWJ0XRv-j9A3crXlwgmXVX2iU%26s%3DTK2Ynd6xjq9L_D3ExX6AFgwLfon7xDOaY4PXxL-ux28%26e%3D=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7C21b406810bb44265c11008d96f1142d1%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637662942305790846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=ZOwVYccDiFOcnBKbRLP%2FcFNShrratAcMha8TLbgk0W4%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7C21b406810bb44265c11008d96f1142d1%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637662942305800802%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=mYY3KE%2F%2B5nB%2FxonEKhPNhORDhom0NfK81Bmk3JqIMmc%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email 

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Coehoorn, Joel]

You used to be able to do this via iOS, but Apple locked those apps out
sometime around 2011/2012 for using "undocumented APIs".

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 3, 2021 at 1:54 PM Turpin, Max  wrote:

> Aruba Utilities is great. I wish they had it for iOS.
>
> On Sep 3, 2021, at 2:53 PM, Tim Cantin  wrote:
>
> 
> WiFi Analyzer, which also has an inexpensive pro version (totally worth it)
>
> On Fri, Sep 3, 2021 at 2:51 PM Hales, David  wrote:
>
>> I was wondering if anyone had any free wireless scanning apps for Android
>> that they currently like?  Just something free and simple you can use to
>> check signal strength, SSIDs and BSSIDs around you when out in the field?
>> I always end up with a different one each time I replace my phone and was
>> about to poke around the Play store again.
>>
>>
>>
>> *David Hales*
>>
>> *Network Systems Administrator*
>>
>>
>>
>> Information Technology Services
>>
>> Tennessee Tech University
>>
>> 1010 N. Peachtree Av., CLEM117
>>
>> Cookeville, TN 38505
>>
>> *P:* 931-372-3983
>>
>> *E: *dha...@tntech.edu
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Wireless Scanning Apps

[Floyd, Brad]

David,
Aruba Utilities by Peter Thornycroft in the CTO Office at Aruba Networks works 
very well. It's free in the Play Store.
Thanks,
Brad


 Original message 
From: Lee H Badman 
Date: 9/3/21 1:53 PM (GMT-06:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Scanning Apps


[EXTERNAL SENDER]
Analiti is nice.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hales, David
Sent: Friday, September 3, 2021 2:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Scanning Apps

I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu<mailto:dha...@tntech.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wireless Scanning Apps

[Gary French]

I use WiFi analyzer, its free an works well.


Gary D. French | Network Administrator, Wireless
Abilene Christian University | Enterprise Infrastructure


-- Original Message --
From: "Hales, David" 
To: WIRELESS-LAN@listserv.educause.edu
Sent: 9/3/2021 1:51:29 PM
Subject: [WIRELESS-LAN] Wireless Scanning Apps

I was wondering if anyone had any free wireless scanning apps for 
Android that they currently like?  Just something free and simple you 
can use to check signal strength, SSIDs and BSSIDs around you when out 
in the field?  I always end up with a different one each time I replace 
my phone and was about to poke around the Play store again.




David Hales

Network Systems Administrator



Information Technology Services

Tennessee Tech University

1010 N. Peachtree Av., CLEM117

Cookeville, TN 38505

P: 931-372-3983

E: dha...@tntech.edu




**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email reply. 
Additional participation and subscription information can be found at 
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Turpin, Max]

Aruba Utilities is great. I wish they had it for iOS.

On Sep 3, 2021, at 2:53 PM, Tim Cantin  wrote:


WiFi Analyzer, which also has an inexpensive pro version (totally worth it)

On Fri, Sep 3, 2021 at 2:51 PM Hales, David 
mailto:dha...@tntech.edu>> wrote:
I was wondering if anyone had any free wireless scanning apps for Android that 
they currently like?  Just something free and simple you can use to check 
signal strength, SSIDs and BSSIDs around you when out in the field?  I always 
end up with a different one each time I replace my phone and was about to poke 
around the Play store again.

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wireless Scanning Apps

[Tim Cantin]

WiFi Analyzer, which also has an inexpensive pro version (totally worth it)

On Fri, Sep 3, 2021 at 2:51 PM Hales, David  wrote:

> I was wondering if anyone had any free wireless scanning apps for Android
> that they currently like?  Just something free and simple you can use to
> check signal strength, SSIDs and BSSIDs around you when out in the field?
> I always end up with a different one each time I replace my phone and was
> about to poke around the Play store again.
>
>
>
> *David Hales*
>
> *Network Systems Administrator*
>
>
>
> Information Technology Services
>
> Tennessee Tech University
>
> 1010 N. Peachtree Av., CLEM117
>
> Cookeville, TN 38505
>
> *P:* 931-372-3983
>
> *E: *dha...@tntech.edu
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Kenny, Eric]

Hi Chad,

We have an 8 node cluster with roughly 3,500 to 4,000 users on each node.  In 
this case “users” really means IP addresses the way they get counted.  So in a 
dual IPv4/IPv6 stack client environment, a single user may show up as 3 “users” 
with the IPv4 address, IPv6 link local, and globally routable IPv6 address.

Eric Kenny

Network Architect | Technology Partner Services
Harvard University Information Technology

On Sep 3, 2021, at 12:17 PM, Street, Chad A 
mailto:cstr...@emory.edu>> wrote:

For anyone who has applied the suggested fixes and are still having problems -- 
what are your client loads per controller?

I am also very curious on any feedback for anyone who has applied the fixes and 
has also successfully enabled Airwave ( not central ) without issues 
reoccurring.

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Patrick McEvilly 
mailto:patrick_mcevi...@harvard.edu>>
Sent: Friday, September 3, 2021 12:03 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

A quick update on where we are at.  We had many of the same issues being 
reported and did the same workarounds.  However, we ran into a few further 
issues that others might want to be aware of.

We had one AP group that did not have our AP crash dump server configured and 
was using the "default" which is the controller itself.  ~300 APs in that AP 
group had core dumped and were trying to write to the controller.  There is 
some mechanism that checks for available space on the controller before 
dumping.  This was jamming up the same queue that is used for other critical 
processes such as STM.  This caused a huge problem for us.  We changed this one 
AP group to point to our dump server and saw immediate relief.  All APs came 
back online and clients reconnected.

Two hours later we dropped to ~100 APs connected and only 17 clients (yes 17, 
not 17,000) on our wireless network.  We had a cluster event that triggered the 
controllers to send an invalid IPv4 address to all APs which in turn caused 
every AP to go into a core dump loop (that was not fun).  The only recovery 
option available was to reboot all controllers.  It is believed this is related 
to 8.7 now supporting IPv6 in the clustering configuration.  Our controllers 
are dual stack but our APs are not.  It is possible if the APs were dual 
stacked they would have used IPv6 and continued to operate over IPv6.  Per 
Aruba removing IPv6 from the controllers is also not an option, we could still 
experience this problem.  This one was a real burn and we continue to be 
susceptible to this condition.

We are anticipating an emergency code release from Aruba in the next few days.


Patrick






On 9/3/21, 11:20 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Jerry Bucklaew" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
on behalf of j...@buffalo.edu<mailto:j...@buffalo.edu>> wrote:

Scott,

  I have heard it worked in several places, but we are like you.  Put in 
all the recommended changes last night and it is still happening.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been 
discussing?  We had Aruba on the phone very early this morning - put the 
recommended ACL in place and did a a rolling restart of all 3 of our 
controllers.  We only had to wait to our first class change to see a huge drop 
of clients and another at the next class change.  Seems clear that the change 
and the reboot made no difference.  back on the phone with Aruba now to see 
what else they come up with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu<mailto:sco...@wcu.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent th

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Jerry Bucklaew]

We have two cluster, one with issues and one without.  On the one with issues 
we are seeing roughly 4500 clients per controller.  On the one without issues 
we are seeing around 2000 clients per controller.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Friday, September 3, 2021 12:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

For anyone who has applied the suggested fixes and are still having problems -- 
what are your client loads per controller?

I am also very curious on any feedback for anyone who has applied the fixes and 
has also successfully enabled Airwave ( not central ) without issues 
reoccurring.

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Patrick McEvilly 
mailto:patrick_mcevi...@harvard.edu>>
Sent: Friday, September 3, 2021 12:03 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

A quick update on where we are at.  We had many of the same issues being 
reported and did the same workarounds.  However, we ran into a few further 
issues that others might want to be aware of.

We had one AP group that did not have our AP crash dump server configured and 
was using the "default" which is the controller itself.  ~300 APs in that AP 
group had core dumped and were trying to write to the controller.  There is 
some mechanism that checks for available space on the controller before 
dumping.  This was jamming up the same queue that is used for other critical 
processes such as STM.  This caused a huge problem for us.  We changed this one 
AP group to point to our dump server and saw immediate relief.  All APs came 
back online and clients reconnected.

Two hours later we dropped to ~100 APs connected and only 17 clients (yes 17, 
not 17,000) on our wireless network.  We had a cluster event that triggered the 
controllers to send an invalid IPv4 address to all APs which in turn caused 
every AP to go into a core dump loop (that was not fun).  The only recovery 
option available was to reboot all controllers.  It is believed this is related 
to 8.7 now supporting IPv6 in the clustering configuration.  Our controllers 
are dual stack but our APs are not.  It is possible if the APs were dual 
stacked they would have used IPv6 and continued to operate over IPv6.  Per 
Aruba removing IPv6 from the controllers is also not an option, we could still 
experience this problem.  This one was a real burn and we continue to be 
susceptible to this condition.

We are anticipating an emergency code release from Aruba in the next few days.


Patrick






On 9/3/21, 11:20 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Jerry Bucklaew" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%20on%20behalf%20of%20...@buffalo.edu>>
 wrote:

Scott,

  I have heard it worked in several places, but we are like you.  Put in 
all the recommended changes last night and it is still happening.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been 
discussing?  We had Aruba on the phone very early this morning - put the 
recommended ACL in place and did a a rolling restart of all 3 of our 
controllers.  We only had to wait to our first class change to see a huge drop 
of clients and another at the next class change.  Seems clear that the change 
and the reboot made no difference.  back on the phone with Aruba now to see 
what else they come up with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu<mailto:sco...@wcu.edu>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who s

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Street, Chad A]

For anyone who has applied the suggested fixes and are still having problems -- 
what are your client loads per controller?

I am also very curious on any feedback for anyone who has applied the fixes and 
has also successfully enabled Airwave ( not central ) without issues 
reoccurring.

Chad
chad.str...@emory.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Patrick McEvilly 

Sent: Friday, September 3, 2021 12:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

A quick update on where we are at.  We had many of the same issues being 
reported and did the same workarounds.  However, we ran into a few further 
issues that others might want to be aware of.

We had one AP group that did not have our AP crash dump server configured and 
was using the "default" which is the controller itself.  ~300 APs in that AP 
group had core dumped and were trying to write to the controller.  There is 
some mechanism that checks for available space on the controller before 
dumping.  This was jamming up the same queue that is used for other critical 
processes such as STM.  This caused a huge problem for us.  We changed this one 
AP group to point to our dump server and saw immediate relief.  All APs came 
back online and clients reconnected.

Two hours later we dropped to ~100 APs connected and only 17 clients (yes 17, 
not 17,000) on our wireless network.  We had a cluster event that triggered the 
controllers to send an invalid IPv4 address to all APs which in turn caused 
every AP to go into a core dump loop (that was not fun).  The only recovery 
option available was to reboot all controllers.  It is believed this is related 
to 8.7 now supporting IPv6 in the clustering configuration.  Our controllers 
are dual stack but our APs are not.  It is possible if the APs were dual 
stacked they would have used IPv6 and continued to operate over IPv6.  Per 
Aruba removing IPv6 from the controllers is also not an option, we could still 
experience this problem.  This one was a real burn and we continue to be 
susceptible to this condition.

We are anticipating an emergency code release from Aruba in the next few days.


Patrick






On 9/3/21, 11:20 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Jerry Bucklaew"  wrote:

Scott,

  I have heard it worked in several places, but we are like you.  Put in 
all the recommended changes last night and it is still happening.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been 
discussing?  We had Aruba on the phone very early this morning - put the 
recommended ACL in place and did a a rolling restart of all 3 of our 
controllers.  We only had to wait to our first class change to see a huge drop 
of clients and another at the next class change.  Seems clear that the change 
and the reboot made no difference.  back on the phone with Aruba now to see 
what else they come up with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccstree2%40EMORY.EDU%7C7010b9354b0144becdd908d96ef458f7%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637662818017617110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Py3VDUVjpo1WIQ0y8v3PmIk%2BhoQi4TbaMfP0bDNopCw%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccstree2%40EMORY.EDU%7C7010b9354b01

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Patrick McEvilly]

A quick update on where we are at.  We had many of the same issues being 
reported and did the same workarounds.  However, we ran into a few further 
issues that others might want to be aware of.

We had one AP group that did not have our AP crash dump server configured and 
was using the "default" which is the controller itself.  ~300 APs in that AP 
group had core dumped and were trying to write to the controller.  There is 
some mechanism that checks for available space on the controller before 
dumping.  This was jamming up the same queue that is used for other critical 
processes such as STM.  This caused a huge problem for us.  We changed this one 
AP group to point to our dump server and saw immediate relief.  All APs came 
back online and clients reconnected.  

Two hours later we dropped to ~100 APs connected and only 17 clients (yes 17, 
not 17,000) on our wireless network.  We had a cluster event that triggered the 
controllers to send an invalid IPv4 address to all APs which in turn caused 
every AP to go into a core dump loop (that was not fun).  The only recovery 
option available was to reboot all controllers.  It is believed this is related 
to 8.7 now supporting IPv6 in the clustering configuration.  Our controllers 
are dual stack but our APs are not.  It is possible if the APs were dual 
stacked they would have used IPv6 and continued to operate over IPv6.  Per 
Aruba removing IPv6 from the controllers is also not an option, we could still 
experience this problem.  This one was a real burn and we continue to be 
susceptible to this condition.

We are anticipating an emergency code release from Aruba in the next few days.


Patrick






On 9/3/21, 11:20 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Jerry Bucklaew"  wrote:

Scott, 

  I have heard it worked in several places, but we are like you.  Put in 
all the recommended changes last night and it is still happening.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been 
discussing?  We had Aruba on the phone very early this morning - put the 
recommended ACL in place and did a a rolling restart of all 3 of our 
controllers.  We only had to wait to our first class change to see a huge drop 
of clients and another at the next class change.  Seems clear that the change 
and the reboot made no difference.  back on the phone with Aruba now to see 
what else they come up with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Cjpb%40buffalo.edu%7Cf58d662303514aa7e05808d96eea39ec%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637662774536265169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QcSqYr93it4Sn%2Fc1GaKHK4AGNRz77g7qR8SZ4EbPpKA%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Jerry Bucklaew]

Scott, 

  I have heard it worked in several places, but we are like you.  Put in all 
the recommended changes last night and it is still happening.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been discussing?  
We had Aruba on the phone very early this morning - put the recommended ACL in 
place and did a a rolling restart of all 3 of our controllers.  We only had to 
wait to our first class change to see a huge drop of clients and another at the 
next class change.  Seems clear that the change and the reboot made no 
difference.  back on the phone with Aruba now to see what else they come up 
with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Cjpb%40buffalo.edu%7Cf58d662303514aa7e05808d96eea39ec%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637662774536265169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=QcSqYr93it4Sn%2Fc1GaKHK4AGNRz77g7qR8SZ4EbPpKA%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Ortman, Wayne]

I don't want to jinx anything but we've been able to keep the issues away for 
about 10 days now.  In addition to the ACL changes we've also enabled the 
broadcast/multicast optimization, lowered our client rebalancing thresholds, 
and turn off SNMP for the most part.

We're leaning to the client rebalancing being one of the bigger portions of 
that. Before changing that we had some controllers with 8k clients and some 
with 10.

Wayne Ortman
Director, Network Services
Office of Information Technology  (OIT)
1762 Clifton Road |E154
Office (404) 727-8014 | Cell (470) 312-5754 |wayne.ort...@emory.edu
 
 


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Scott Swartzentruber
Sent: Friday, September 3, 2021 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Has anyone had success in resolving the client drops we have been discussing?  
We had Aruba on the phone very early this morning - put the recommended ACL in 
place and did a a rolling restart of all 3 of our controllers.  We only had to 
wait to our first class change to see a huge drop of clients and another at the 
next class change.  Seems clear that the change and the reboot made no 
difference.  back on the phone with Aruba now to see what else they come up 
with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Cwayne.ortman%40EMORY.EDU%7C770659141b174cfc57d008d96eea3937%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637662774592961015%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=0yX3iNp6ytwHdhV8JRa8nHQ9SxQj464pArCRAPuoblo%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Scott Swartzentruber]

Has anyone had success in resolving the client drops we have been discussing?  
We had Aruba on the phone very early this morning - put the recommended ACL in 
place and did a a rolling restart of all 3 of our controllers.  We only had to 
wait to our first class change to see a huge drop of clients and another at the 
next class change.  Seems clear that the change and the reboot made no 
difference.  back on the phone with Aruba now to see what else they come up 
with...


I don't like this ride anymore - can I get off now?



Western Carolina University
Scott Swartzentruber
Director, Networking and Communications
Forsyth Bldg, Room B-16
828.227.3212
sco...@wcu.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Colin Randall]

Sorry I’m late to the party.  I got ahold of a great tech at Aruba last night.  
We finished up with his suggested work-arounds 2-3 hours before the advisory 
came out.
Implemented the client rebalancing threshold change, also at the seemingly 
popular 15%
Turned on ALL the broadcast/multicast optimization switches, at both the VLAN 
and virtual-ap level.
Tweaked the mentioned ACLs (but I doubt that did much.  An ACL would just 
prevent sending the traffic, not wasting cycles generating the traffic.)
Tech mentioned SNMP polling could be an issue, but since we’re preferring AMON 
we left that one alone.
Lastly, restarted STM process on each controller.  Definitely service impacting 
but staggering the restart across multiple controllers seemed to help.
I hadn’t seen a few of those in the thread.

Regards,

Colin

 

 

Colin Randall

Manager of Data Networking

Information and Technology Solutions (ITS)

1600 Jackson Street, Suite 360

303-384-2208 | crand...@mines.edu

 

 

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Enfield, Chuck" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Thursday, September 2, 2021 at 11:06 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

 

CAUTION: This email originated from outside of the Colorado School of Mines 
organization. Do not click on links or open attachments unless you recognize 
the sender and know the content is safe.

 

I’d like to suggest sending them home, but if we learned anything last year 
it’s that home wi-fi isn’t so great either.  How many times have you heard, “It 
works when I’m at home?”  Well now we know, not always.

 

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Thursday, September 2, 2021 1:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

 

JD,

If we wrap each of them along with their devices in an aluminum foil bubble, 
each user would have their own collision domain. The MIMO reflections would be 
awesome, we wouldn’t need more than a single channel architecture, and any 
channel contention would be self-imposed. Here’s hoping we get to catch up 
again at the next post-COVID WLPC.

Thanks,

Brad

 

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Davis, Jonathan Alan
Sent: Thursday, September 2, 2021 11:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

 

[EXTERNAL SENDER]

“That's been my experience for years.  The network works great when there are 
no students around.  My working theory is that students emit RF interference, 
but research ethics won’t let me run the tests, so we'll never know for sure.”

 

It’s worse than that! They are walking bags of water which absorb the good RF, 
and their devices transmit the bad RF! It’s a conspiracy I tell ya!

 

We’re going to work with TAC on capturing traffic during a class that is known 
to have issues. After that, we plan to change the rebalancing threshold as 
well. 

 

Thanks everyone for the feedback!

 

JD

 

 

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Enfield, Chuck 

Date: Thursday, September 2, 2021 at 12:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I will also add that our problems did not increase linearly with client count 
on a controller.  Below 5K there was no user impact.  Around 5K problems 
started and the severity increased quickly.  I doubt there’s anything magic 
about 5K, and the threshold will be different on every network based on a 
variety of implementation details, but I’d expect that pattern to be common.

 

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Thursday, September 2, 2021 11:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

 

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK. 

From: "Street, Chad A" 
Sent: Thursday, September 2, 2021 11:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection 

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Lee H Badman]

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”… 

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck  wrote:
> 
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
> 
> Speaking from experience, I would be very concerned.  We had no issues until 
> students returned and we went downhill from there.
> 
> 
> On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv 
> on behalf of Rob Harris"  robert.har...@culinary.edu> wrote:
> 
>Has anyone seen any details regarding what they consider "Large" 
> environments? We upgraded during the break, but both before and after 
> versions are affected. We didn't notice this happening before, should we be 
> concerned now?
> 
>The "dropped" is 0 and the stm cpu usage is in single digits, but client 
> count is really low (they come back this weekend as well), could we be in the 
> clear?
> 
>(asked the SE team and opened a tac call, same questions to them)
> 
>thx
> 
>-Original Message-
>From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Jason Healy
>    Sent: Thursday, September 2, 2021 8:45 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
> seeing any issues in the fall with large classrooms and delayed connection 
> times (Aruba 8.5.0.13)
> 
>CAUTION: This email originated from outside The Culinary Institute of 
> America. Do not click links or open attachments unless you recognize the 
> sender and know the content is safe.
> 
>FWIW, Aruba just posted an advisory regarding this issue:
> 
>Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client 
> Connectivity Failures in Large Client Environments"
> 
>Good luck to those of you hit by this. My students start coming back this 
> weekend so I'll be watching this closely!
> 
>Jason
>**
>Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the message, 
> copy and paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0
> 
>**
>Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the message, 
> copy and paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0
> 
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

I’d like to suggest sending them home, but if we learned anything last year 
it’s that home wi-fi isn’t so great either.  How many times have you heard, “It 
works when I’m at home?”  Well now we know, not always.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Floyd, Brad
Sent: Thursday, September 2, 2021 1:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

JD,
If we wrap each of them along with their devices in an aluminum foil bubble, 
each user would have their own collision domain. The MIMO reflections would be 
awesome, we wouldn’t need more than a single channel architecture, and any 
channel contention would be self-imposed. Here’s hoping we get to catch up 
again at the next post-COVID WLPC.
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Davis, Jonathan Alan
Sent: Thursday, September 2, 2021 11:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


[EXTERNAL SENDER]
“That's been my experience for years.  The network works great when there are 
no students around.  My working theory is that students emit RF interference, 
but research ethics won’t let me run the tests, so we'll never know for sure.”

It’s worse than that! They are walking bags of water which absorb the good RF, 
and their devices transmit the bad RF! It’s a conspiracy I tell ya!

We’re going to work with TAC on capturing traffic during a class that is known 
to have issues. After that, we plan to change the rebalancing threshold as well.

Thanks everyone for the feedback!

JD


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Enfield, Chuck mailto:cae...@psu.edu>>
Date: Thursday, September 2, 2021 at 12:15 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)
I will also add that our problems did not increase linearly with client count 
on a controller.  Below 5K there was no user impact.  Around 5K problems 
started and the severity increased quickly.  I doubt there’s anything magic 
about 5K, and the threshold will be different on every network based on a 
variety of implementation details, but I’d expect that pattern to be common.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Enfield, Chuck
Sent: Thursday, September 2, 2021 11:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK.

From: "Street, Chad A" mailto:cstr...@emory.edu>>
Sent: Thursday, September 2, 2021 11:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rob Harris 
mailto:robert.har...@culinary.edu>>
Sent: Thursday, September 2, 2021 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Floyd, Brad]

JD,
If we wrap each of them along with their devices in an aluminum foil bubble, 
each user would have their own collision domain. The MIMO reflections would be 
awesome, we wouldn’t need more than a single channel architecture, and any 
channel contention would be self-imposed. Here’s hoping we get to catch up 
again at the next post-COVID WLPC.
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Davis, Jonathan Alan
Sent: Thursday, September 2, 2021 11:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


[EXTERNAL SENDER]
“That's been my experience for years.  The network works great when there are 
no students around.  My working theory is that students emit RF interference, 
but research ethics won’t let me run the tests, so we'll never know for sure.”

It’s worse than that! They are walking bags of water which absorb the good RF, 
and their devices transmit the bad RF! It’s a conspiracy I tell ya!

We’re going to work with TAC on capturing traffic during a class that is known 
to have issues. After that, we plan to change the rebalancing threshold as well.

Thanks everyone for the feedback!

JD


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Enfield, Chuck mailto:cae...@psu.edu>>
Date: Thursday, September 2, 2021 at 12:15 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)
I will also add that our problems did not increase linearly with client count 
on a controller.  Below 5K there was no user impact.  Around 5K problems 
started and the severity increased quickly.  I doubt there’s anything magic 
about 5K, and the threshold will be different on every network based on a 
variety of implementation details, but I’d expect that pattern to be common.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Enfield, Chuck
Sent: Thursday, September 2, 2021 11:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK.

From: "Street, Chad A" mailto:cstr...@emory.edu>>
Sent: Thursday, September 2, 2021 11:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rob Harris 
mailto:robert.har...@culinary.edu>>
Sent: Thursday, September 2, 2021 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in t

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Davis, Jonathan Alan]

“That's been my experience for years.  The network works great when there are 
no students around.  My working theory is that students emit RF interference, 
but research ethics won’t let me run the tests, so we'll never know for sure.”

It’s worse than that! They are walking bags of water which absorb the good RF, 
and their devices transmit the bad RF! It’s a conspiracy I tell ya!

We’re going to work with TAC on capturing traffic during a class that is known 
to have issues. After that, we plan to change the rebalancing threshold as well.

Thanks everyone for the feedback!

JD


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Enfield, Chuck 

Date: Thursday, September 2, 2021 at 12:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)
I will also add that our problems did not increase linearly with client count 
on a controller.  Below 5K there was no user impact.  Around 5K problems 
started and the severity increased quickly.  I doubt there’s anything magic 
about 5K, and the threshold will be different on every network based on a 
variety of implementation details, but I’d expect that pattern to be common.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Thursday, September 2, 2021 11:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK.

From: "Street, Chad A" mailto:cstr...@emory.edu>>
Sent: Thursday, September 2, 2021 11:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rob Harris 
mailto:robert.har...@culinary.edu>>
Sent: Thursday, September 2, 2021 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image001.png@01D79FF7.DF429460]



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

I will also add that our problems did not increase linearly with client count 
on a controller.  Below 5K there was no user impact.  Around 5K problems 
started and the severity increased quickly.  I doubt there’s anything magic 
about 5K, and the threshold will be different on every network based on a 
variety of implementation details, but I’d expect that pattern to be common.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Thursday, September 2, 2021 11:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK.

From: "Street, Chad A" mailto:cstr...@emory.edu>>
Sent: Thursday, September 2, 2021 11:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rob Harris 
mailto:robert.har...@culinary.edu>>
Sent: Thursday, September 2, 2021 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image001.png@01D79FF4.0F7F8150]



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



Lee, don’t you bring your bad Cisco-juju to this conversation! :-)



Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.



Hello!



Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.



This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Barrantes, Rita]

We are on 8.7.1.4 with 6,300 WAPs and 6 controllers. We had to upgrade to 8.7 
because of the newer model of WAPs


___
Rita Barrantes, PhD, PMP
Director, Technology Services and Support
Networks and Telecomm | IT Assessments
832-842-4702 | rbarran...@uh.edu<mailto:rbarran...@uh.edu>
[cid:image001.png@01D79FE7.35A3D4B0]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Joe Walker
Sent: Thursday, September 2, 2021 10:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We currently aren't experiencing this issue but these symptoms (stm crashes, 
controller crashes) were identical to the issues we saw in early 2019 (8.5.0.1) 
An aggressive rebalance of users/ap's (and eventually an upgrade to 8.5.0.3) 
fixed this for us.  I mention this because we are currently sitting on 8.5.0.13 
and don't seem to be having the issues reported by others in the same code so I 
wonder if there is credence to the load balance thresholds playing a part.

Campus cluster 2x7240's 1X7240XM
22K connected devices

Thanks,
Joe

Joe Walker
Network and Telecommunication Services
Kansas State University
(785)532-4997
f...@ksu.edu<mailto:f...@ksu.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Smith, Nayef 
mailto:nayef.z.sm...@emory.edu>>
Sent: Thursday, September 2, 2021 9:19 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


This email originated from outside of K-State.

"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."


To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.


We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.


Nayef Z. Smith | Network Services | Voice: 404-727-6019


[cid:image002.png@01D79FE7.35A3D4B0]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.


Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But y

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Barrantes, Rita]

Nayef – that’s what we did. Down to 15%


___
Rita Barrantes, PhD, PMP
Director, Technology Services and Support
Networks and Telecomm | IT Assessments
832-842-4702 | rbarran...@uh.edu<mailto:rbarran...@uh.edu>
[cid:image002.png@01D79FE6.EC8BFA50]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We were seeing one of our cluster members taking on ~7000+ active clients while 
two others were in the low double digits.  Our previous threshold was at 50%, 
which seems to have previously been the default.  Once we adjusted our 
thresholds down to 20%, we saw improvements.  We then went down to 15%.




Nayef Z. Smith | Network Services | Voice: 404-727-6019


[cid:image003.png@01D79FE6.EC8BFA50]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Rob Harris 
mailto:robert.har...@culinary.edu>>
Sent: Thursday, September 2, 2021 10:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image003.png@01D79FE6.EC8BFA50]



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



Lee, don’t you bring your bad Cisco-juju to this conversation! :-)



Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.



Hello!



Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.



This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.



However…

We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.

I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.



I’ll update as we progress through this.



JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<ma

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Charles Jouglard]

Any chance you could be experiencing the issues outlined in today's
advisory?

https://mail.google.com/mail/u/0?ui=2=b16ec71188=0.1=msg-f:1709803220174325554=17ba70f8464f4732=att=inline

On Thu, Sep 2, 2021 at 10:20 AM Enfield, Chuck  wrote:

> Between 5k and 6k clients on a 7240xm is where we started seeing problems.
> Lighter loaded controllers were OK.
> --
> *From:* "Street, Chad A" 
> *Sent:* Thursday, September 2, 2021 11:03 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else
> seeing any issues in the fall with large classrooms and delayed connection
> times (Aruba 8.5.0.13)
>
> We are a balanced cluster, notes about load below:
>
>
> "I’m also noticing that there are much fewer clients on this controller,
> and that ratio doesn’t seem to be improving."
>
> To this point, the action we took that seemed to help the most was
> adjusting our active client load balancing threshold.  We dropped it
> significantly to force clients to balance across controllers.  Once we got
> below ~5000 active clients per controller, we stopped seeing the mass
> client connection issues.
>
> We still have a controller that hasn't taken significant load, but now
> that we've been running without major issues for the past few days, we're
> reluctant to touch the setting again.
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Rob Harris <
> robert.har...@culinary.edu>
> *Sent:* Thursday, September 2, 2021 10:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else
> seeing any issues in the fall with large classrooms and delayed connection
> times (Aruba 8.5.0.13)
>
>
> For those of you who have experienced this, what was your user load and
> how were your clusters operating (balancing, active/standby) ?
>
>
>
> I wonder if there’s a threshold..
>
>
>
> Thx!
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Smith, Nayef
> *Sent:* Thursday, September 2, 2021 10:20 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else
> seeing any issues in the fall with large classrooms and delayed connection
> times (Aruba 8.5.0.13)
>
>
>
>
>
>
>
> "I’m also noticing that there are much fewer clients on this controller,
> and that ratio doesn’t seem to be improving."
>
>
>
> To this point, the action we took that seemed to help the most was
> adjusting our active client load balancing threshold.  We dropped it
> significantly to force clients to balance across controllers.  Once we got
> below ~5000 active clients per controller, we stopped seeing the mass
> client connection issues.
>
>
>
> We still have a controller that hasn't taken significant load, but now
> that we've been running without major issues for the past few days, we're
> reluctant to touch the setting again.
>
>
>
>
>
> Nayef Z. Smith | *Network Services* | Voice: 404-727-6019
>
>
>
>
>
> --------------
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Davis, Jonathan Alan <
> jonath...@unc.edu>
> *Sent:* Thursday, September 2, 2021 9:27 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else
> seeing any issues in the fall with large classrooms and delayed connection
> times (Aruba 8.5.0.13)
>
>
>
> Lee, don’t you bring your bad Cisco-juju to this conversation! :-)
>
>
>
> Now that Lee has been properly handled, this is probably a great
> opportunity to say ‘hello’ to the greater list.
>
>
>
> Hello!
>
>
>
> Last night, we (UNC) restarted the controller used to test the firewall
> policy. Despite Aruba’s advisory, we’ve been led to believe that restarting
> STM may not be enough, and restarting the whole controller may be required
> to resolve high STM CPU utilization.
>
>
>
> This morning we are keeping a close eye on that controller. While STM is
> surging well past 100%, it seems to be averaging much closer to 95%.
>
>
>
> However…
>
> We also only have about 7,000 users connected across the cluster. It will
> be interesting to see what happens as the day progresses and students wak

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

Between 5k and 6k clients on a 7240xm is where we started seeing problems. 
Lighter loaded controllers were OK.

From: "Street, Chad A" 
Sent: Thursday, September 2, 2021 11:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rob Harris 

Sent: Thursday, September 2, 2021 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image001.png@01D79FE9.A97E6BF0]




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



Lee, don’t you bring your bad Cisco-juju to this conversation! :-)



Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.



Hello!



Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.



This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.



However…

We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.

I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.



I’ll update as we progress through this.



JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large cla

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Joe Walker]

We currently aren't experiencing this issue but these symptoms (stm crashes, 
controller crashes) were identical to the issues we saw in early 2019 (8.5.0.1) 
An aggressive rebalance of users/ap's (and eventually an upgrade to 8.5.0.3) 
fixed this for us.  I mention this because we are currently sitting on 8.5.0.13 
and don't seem to be having the issues reported by others in the same code so I 
wonder if there is credence to the load balance thresholds playing a part.

Campus cluster 2x7240's 1X7240XM
22K connected devices

Thanks,
Joe

Joe Walker
Network and Telecommunication Services
Kansas State University
(785)532-4997
f...@ksu.edu<mailto:f...@ksu.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Smith, Nayef 

Sent: Thursday, September 2, 2021 9:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


This email originated from outside of K-State.

"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.


Nayef Z. Smith | Network Services | Voice: 404-727-6019

[cid:dd82bb8e-7a57-4a56-8047-d94ceebd7bec]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Davis, Jonathan Alan 

Sent: Thursday, September 2, 2021 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.

Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 

Sent: Thursday, September 2, 2021 9:06:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck  wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
>
> Speaking from experience, I would be very concerned.  We had no issues until 
> stu

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Smith, Nayef]

We were seeing one of our cluster members taking on ~7000+ active clients while 
two others were in the low double digits.  Our previous threshold was at 50%, 
which seems to have previously been the default.  Once we adjusted our 
thresholds down to 20%, we saw improvements.  We then went down to 15%.




Nayef Z. Smith | Network Services | Voice: 404-727-6019

[cid:d4681667-5ec0-49ec-b547-ee2c893c1e10]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rob Harris 

Sent: Thursday, September 2, 2021 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image001.png@01D79FE9.A97E6BF0]




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



Lee, don’t you bring your bad Cisco-juju to this conversation! :-)



Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.



Hello!



Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.



This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.



However…

We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.

I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.



I’ll update as we progress through this.



JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck 
> mailto:cae...@psu.edu>> wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is 

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Barrantes, Rita]

We are experiencing the same issues. We rebooted this morning.


___
Rita Barrantes, PhD, PMP
Director, Technology Services and Support
Networks and Telecomm | IT Assessments
832-842-4702 | rbarran...@uh.edu<mailto:rbarran...@uh.edu>
[cid:image001.png@01D79FE2.62D01BB0]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 9:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.


Nayef Z. Smith | Network Services | Voice: 404-727-6019


[cid:image002.png@01D79FE2.62D01BB0]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.


Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck 
> mailto:cae...@psu.edu>> wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
>
> Speaking from experience, I would be very 

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Street, Chad A]

We are a balanced cluster, notes about load below:


"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Rob Harris 

Sent: Thursday, September 2, 2021 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?



I wonder if there’s a threshold..



Thx!



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)







"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."



To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.



We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.





Nayef Z. Smith | Network Services | Voice: 404-727-6019



[cid:image001.png@01D79FE9.A97E6BF0]




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



Lee, don’t you bring your bad Cisco-juju to this conversation! :-)



Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.



Hello!



Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.



This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.



However…

We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.

I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.



I’ll update as we progress through this.



JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)



But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Rob Harris]

For those of you who have experienced this, what was your user load and how 
were your clusters operating (balancing, active/standby) ?

I wonder if there’s a threshold..

Thx!

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef
Sent: Thursday, September 2, 2021 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)




"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.


Nayef Z. Smith | Network Services | Voice: 404-727-6019


[cid:image001.png@01D79FE9.A97E6BF0]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Davis, Jonathan Alan mailto:jonath...@unc.edu>>
Sent: Thursday, September 2, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.


Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman mailto:lhbad...@syr.edu>>
Sent: Thursday, September 2, 2021 9:06:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck 
> mailto:cae...@psu.edu>> wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
>
> Speaking from experience, I would be very concerned.  We had no issues until 
> students returned and we went downhill from there.
>
>
> 

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Smith, Nayef]

"I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving."

To this point, the action we took that seemed to help the most was adjusting 
our active client load balancing threshold.  We dropped it significantly to 
force clients to balance across controllers.  Once we got below ~5000 active 
clients per controller, we stopped seeing the mass client connection issues.

We still have a controller that hasn't taken significant load, but now that 
we've been running without major issues for the past few days, we're reluctant 
to touch the setting again.


Nayef Z. Smith | Network Services | Voice: 404-727-6019

[cid:dd82bb8e-7a57-4a56-8047-d94ceebd7bec]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Davis, Jonathan Alan 

Sent: Thursday, September 2, 2021 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.

Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 

Sent: Thursday, September 2, 2021 9:06:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck  wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
>
> Speaking from experience, I would be very concerned.  We had no issues until 
> students returned and we went downhill from there.
>
>
> On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv 
> on behalf of Rob Harris"  robert.har...@culinary.edu> wrote:
>
>Has anyone seen any details regarding what they consider "Large" 
> environments? We upgraded during the break, but both before and after 
> versions are affected. We didn't notice this happening before, should we be 
> concerned now?
>
>The "dropped" is 0 and the stm cpu usage is in single digits, but client 
> count is really low (they come back this weekend as well), could we be in the 
> clear?
>
>(asked the SE team and opened a tac call, same questions to them)
>
>thx
>
>-Original Message-
>From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Jason Healy
>Sent: Thursday, September 2, 2021 8:45 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
>

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Davis, Jonathan Alan]

Lee, don’t you bring your bad Cisco-juju to this conversation! :-)

Now that Lee has been properly handled, this is probably a great opportunity to 
say ‘hello’ to the greater list.

Hello!

Last night, we (UNC) restarted the controller used to test the firewall policy. 
Despite Aruba’s advisory, we’ve been led to believe that restarting STM may not 
be enough, and restarting the whole controller may be required to resolve high 
STM CPU utilization.

This morning we are keeping a close eye on that controller. While STM is 
surging well past 100%, it seems to be averaging much closer to 95%.

However…
We also only have about 7,000 users connected across the cluster. It will be 
interesting to see what happens as the day progresses and students wake up and 
migrate from the ResNET cluster to the Campus cluster.
I’m also noticing that there are much fewer clients on this controller, and 
that ratio doesn’t seem to be improving.

I’ll update as we progress through this.


JD

--

Jonathan Davis

Wireless Architect

The University of North Carolina at Chapel Hill

jonath...@unc.edu<mailto:jonath...@unc.edu>

+1 336 279 3355 (Mobile)


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Lee H Badman 

Sent: Thursday, September 2, 2021 9:06:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

But you tested in your lab, right? I love that one… put new code on a couple of 
APs, or even a few dozen. That’s supposed to somehow indicate what will happen 
at bigger load… and also maybe implies the vendor didn’t do their own “similar 
lab testing”…

“You should have tested before upgrading the whole environment…” how do you 
REALLY do that? And should you really have to? Just pondering the general state 
of things.

> On Sep 2, 2021, at 08:59, Enfield, Chuck  wrote:
>
> That's been my experience for years.  The network works great when there are 
> no students around.  My working theory is that students emit RF interference, 
> but research ethics won’t let me run the tests, so we'll never know for sure.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Patrick McEvilly
> Sent: Thursday, September 2, 2021 8:56 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
> any issues in the fall with large classrooms and delayed connection times 
> (Aruba 8.5.0.13)
>
> Speaking from experience, I would be very concerned.  We had no issues until 
> students returned and we went downhill from there.
>
>
> On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv 
> on behalf of Rob Harris"  robert.har...@culinary.edu> wrote:
>
>Has anyone seen any details regarding what they consider "Large" 
> environments? We upgraded during the break, but both before and after 
> versions are affected. We didn't notice this happening before, should we be 
> concerned now?
>
>The "dropped" is 0 and the stm cpu usage is in single digits, but client 
> count is really low (they come back this weekend as well), could we be in the 
> clear?
>
>(asked the SE team and opened a tac call, same questions to them)
>
>thx
>
>-Original Message-
>From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Jason Healy
>Sent: Thursday, September 2, 2021 8:45 AM
>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
> seeing any issues in the fall with large classrooms and delayed connection 
> times (Aruba 8.5.0.13)
>
>CAUTION: This email originated from outside The Culinary Institute of 
> America. Do not click links or open attachments unless you recognize the 
> sender and know the content is safe.
>
>FWIW, Aruba just posted an advisory regarding this issue:
>
>Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client 
> Connectivity Failures in Large Client Environments"
>
>Good luck to those of you hit by this. My students start coming back this 
> weekend so I'll be watching this closely!
>
>Jason
>**
>Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the message, 
> copy and paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Michael Davis]

We see about 28K devices peak and so far haven't seen the issue crop 
up.  We did
just upgrade to 8.7.1.4 just before the Semester begun, because we were 
getting

smacked by the false radar detection bug that was causing AP reboots.

On 9/2/21 8:50 AM, Rob Harris wrote:

Has anyone seen any details regarding what they consider "Large" environments? 
We upgraded during the break, but both before and after versions are affected. We didn't 
notice this happening before, should we be concerned now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client count 
is really low (they come back this weekend as well), could we be in the clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of America. 
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity Failures 
in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you 
want to reply only to the person who sent the message, copy and paste their email address 
and forward the email reply. Additional participation and subscription information can be 
found at 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7CRobert.Harris%40CULINARY.EDU%7C9624098759e143958e1708d96e0f8742%7C91b9485d8b6d4e2da3caf432e56721bd%7C0%7C0%7C637661835282336222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=%2Bram23JxP8FS6%2BUruT13pfiX%2F5z8mYsT5yywvQeWTTo%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



--
 Mike Davis
 IT - University of Delaware - 302.831.8756
 Newark, DE 19716   Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

When we had the problem last year, we couldn't see the high CPU usage much of 
the time.  The best way to tell if it's crashing is to look at the service 
uptime.  If it's been up for days or weeks you probably don't have the problem. 
 Hours, then you probably do.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rob Harris
Sent: Thursday, September 2, 2021 8:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Has anyone seen any details regarding what they consider "Large" environments? 
We upgraded during the break, but both before and after versions are affected. 
We didn't notice this happening before, should we be concerned now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client count 
is really low (they come back this weekend as well), could we be in the clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of America. 
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity 
Failures in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7Ce4da0822a6a143b7424d08d96e104391%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661838403488619%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=L8kDlM2Vy7try2q1QdRgBCpOJKQiKGDTkUyY8%2FevgLU%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7Ce4da0822a6a143b7424d08d96e104391%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661838403488619%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=L8kDlM2Vy7try2q1QdRgBCpOJKQiKGDTkUyY8%2FevgLU%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

That's been my experience for years.  The network works great when there are no 
students around.  My working theory is that students emit RF interference, but 
research ethics won’t let me run the tests, so we'll never know for sure.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Patrick McEvilly
Sent: Thursday, September 2, 2021 8:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Speaking from experience, I would be very concerned.  We had no issues until 
students returned and we went downhill from there.


On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Rob Harris"  wrote:

Has anyone seen any details regarding what they consider "Large" 
environments? We upgraded during the break, but both before and after versions 
are affected. We didn't notice this happening before, should we be concerned 
now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client 
count is really low (they come back this weekend as well), could we be in the 
clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of 
America. Do not click links or open attachments unless you recognize the sender 
and know the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity 
Failures in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7Ccae104%40PSU.EDU%7C8d074518e4d44dbded4f08d96e110298%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661841597428557%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=ZlqC3lzdMWgYnKcohDgtGE4EVj%2BBAPD063ThuTr8sNU%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Patrick McEvilly]

Speaking from experience, I would be very concerned.  We had no issues until 
students returned and we went downhill from there.


On 9/2/21, 8:50 AM, "The EDUCAUSE Wireless Issues Community Group Listserv on 
behalf of Rob Harris"  wrote:

Has anyone seen any details regarding what they consider "Large" 
environments? We upgraded during the break, but both before and after versions 
are affected. We didn't notice this happening before, should we be concerned 
now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client 
count is really low (they come back this weekend as well), could we be in the 
clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else 
seeing any issues in the fall with large classrooms and delayed connection 
times (Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of 
America. Do not click links or open attachments unless you recognize the sender 
and know the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity 
Failures in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7CRobert.Harris%40CULINARY.EDU%7C9624098759e143958e1708d96e0f8742%7C91b9485d8b6d4e2da3caf432e56721bd%7C0%7C0%7C637661835282336222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=%2Bram23JxP8FS6%2BUruT13pfiX%2F5z8mYsT5yywvQeWTTo%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Rob Harris]

Has anyone seen any details regarding what they consider "Large" environments? 
We upgraded during the break, but both before and after versions are affected. 
We didn't notice this happening before, should we be concerned now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client count 
is really low (they come back this weekend as well), could we be in the clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of America. 
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity 
Failures in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7CRobert.Harris%40CULINARY.EDU%7C9624098759e143958e1708d96e0f8742%7C91b9485d8b6d4e2da3caf432e56721bd%7C0%7C0%7C637661835282336222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=%2Bram23JxP8FS6%2BUruT13pfiX%2F5z8mYsT5yywvQeWTTo%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Jason Healy]

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity 
Failures in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Patrick McEvilly]

Just a quick update that might be good information for others to have. We were 
running 8.7.1.3 since June 10th with no issues until yesterday.  We were seeing 
STM crash across several controllers and caused a significant outage in our 
wireless service.  We did the same things others here were told to do, remove 
SNMP, amp, add the FW rule etc.  We did an emergency upgrade to 8.7.1.4 today 
to address a bug that caused STM to crash.  We ran into another issue after the 
upgrade to 8.7.1.4 that would not allow about 50% of our APs to rejoin the 
controllers.  It is unknown if the issue was introduced in the new code or if 
it was pre-existing (unlikely pre-existing as we had to do a full controller 
reload last night and all the APs came back just fine). Over the course of the 
last 4-5 hours the remaining APs are still trickling in but we are not at 100%.

TAC are analyzing everything they captured on our marathon Zoom session.  For 
now, we are in a holding pattern and waiting for direction on how to proceed.  
If we make any breakthroughs we will be sure to share it here.

Patrick



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Enfield, Chuck" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, September 1, 2021 at 5:29 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

We feel your pain, Patrick!  Keep up the good fight.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Patrick McEvilly
Sent: Wednesday, September 1, 2021 5:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I will hold off on providing details for now but when you have to push a code 
upgrade in the middle of the day on the first day class it’s been a rough day.  
We hit some major issues related to STM and then other fall out after doing the 
required code upgrade.  We pushed the changes below at 2am this morning.  It 
did help a bit, but issues resurfaced again at 10am.  We are still on a call 
with Aruba TAC and don’t have anything at this time to share that would help 
others.

Patrick



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 1, 2021 at 5:13 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

To all chiming in regarding the Aruba issues – thank you! I love seeing the 
collaboration and detail sharing.

Chad – will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>
__

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[McClintic, Thomas]

We had disabled "Prohibit ARP Spoofing" at one point to appease the 14+ code. 
The issue was resolved in a later release and we enabled it again.

We are not currently seeing any issues 8.5.0.11, moving to 13 now.

Thanks

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, September 1, 2021 4:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


 EXTERNAL EMAIL 
We feel your pain, Patrick!  Keep up the good fight.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Patrick McEvilly
Sent: Wednesday, September 1, 2021 5:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I will hold off on providing details for now but when you have to push a code 
upgrade in the middle of the day on the first day class it's been a rough day.  
We hit some major issues related to STM and then other fall out after doing the 
required code upgrade.  We pushed the changes below at 2am this morning.  It 
did help a bit, but issues resurfaced again at 10am.  We are still on a call 
with Aruba TAC and don't have anything at this time to share that would help 
others.

Patrick



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 1, 2021 at 5:13 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

To all chiming in regarding the Aruba issues - thank you! I love seeing the 
collaboration and detail sharing.

Chad - will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

We feel your pain, Patrick!  Keep up the good fight.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Patrick McEvilly
Sent: Wednesday, September 1, 2021 5:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I will hold off on providing details for now but when you have to push a code 
upgrade in the middle of the day on the first day class it's been a rough day.  
We hit some major issues related to STM and then other fall out after doing the 
required code upgrade.  We pushed the changes below at 2am this morning.  It 
did help a bit, but issues resurfaced again at 10am.  We are still on a call 
with Aruba TAC and don't have anything at this time to share that would help 
others.

Patrick



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 1, 2021 at 5:13 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

To all chiming in regarding the Aruba issues - thank you! I love seeing the 
collaboration and detail sharing.

Chad - will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren't happening). Our SE also said if you're experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F56.E9F8F5D0]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.ED

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Norton, Thomas (Network Operations)]

Don't forgot the nasty Lenovo vantage software 


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turner, Ryan H 

Sent: Wednesday, September 1, 2021 5:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Glad I brought this up.  Is it possible that Cisco environments have evaded 
this?  Seems as though the ARP flooding via iOS 14 would be something that 
would menace all the manufacturers.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 5:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)





Cody and all...



We are also seeing STM spikes that are impacting associations.



We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.



The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).



fingers crossed



here is how to block the traffic:

cd /md/yourrootlocation

firewall-cp

 ipv4 deny any proto 6 ports 15260 15261 position 1

!



Chad

chad.str...@emory.edu<mailto:chad.str...@emory.edu>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)



I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F54.94BB2180]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much. 

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Patrick McEvilly]

I will hold off on providing details for now but when you have to push a code 
upgrade in the middle of the day on the first day class it’s been a rough day.  
We hit some major issues related to STM and then other fall out after doing the 
required code upgrade.  We pushed the changes below at 2am this morning.  It 
did help a bit, but issues resurfaced again at 10am.  We are still on a call 
with Aruba TAC and don’t have anything at this time to share that would help 
others.

Patrick


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Cody Ensanian 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, September 1, 2021 at 5:13 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

To all chiming in regarding the Aruba issues – thank you! I love seeing the 
collaboration and detail sharing.

Chad – will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F56.585D43B0]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 m

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

I'm speculating a bit, but Aruba does a lot of stuff with ARP if features like 
bcast ARP suppression, convert bacst to unicast, and BC/MC optimization are 
enabled.  I assume Cisco has some similar features, but perhaps not all of 
them?  Or maybe one key feature is causing most of the trouble for Aruba.

I also know that some of the ARP processing Aruba does on the controllers helps 
reduce the amount of ARP that reaches the underpinning network.  I'm sure many 
of us have ARP policers kicking in right now.  I hate to think about what our 
switches and routers would be struggling with if the controllers didn't manage 
this stuff like they do.  We may have to pick our poison.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 5:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

Glad I brought this up.  Is it possible that Cisco environments have evaded 
this?  Seems as though the ARP flooding via iOS 14 would be something that 
would menace all the manufacturers.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 5:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren't happening). Our SE also said if you're experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F55.B5EE9F70]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We've also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are 'we come i

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Tolka, Bryan]

Ryan,

Do you have multicast enabled ?What is the mandatory rate you are using in 
the classrooms?

We just had some issues with this not on Aruba .

Bryan Tolka

Sent from my iPhone

On Sep 1, 2021, at 5:00 PM, Street, Chad A  wrote:



Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Cody Ensanian 

Sent: Wednesday, September 1, 2021 11:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F14.D04A94F0]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu<mailto:r...@unc.edu>

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cbtolka%40HSC.WVU.EDU%7Cdac0d4e893364f64b8a108d96d8b964f%7Ca2d1f95f851044248ae15c596bdbd578%7C0%7C0%7C637661268570757361%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=tYz0OWkhXLFkiLNk3U2PeYLMMbT%2B8dAiUTa1gRmKaIg%3D=0>

**
Replies to EDUCAUSE Community Group ema

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Cody Ensanian]

To all chiming in regarding the Aruba issues - thank you! I love seeing the 
collaboration and detail sharing.

Chad - will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren't happening). Our SE also said if you're experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F43.704FEB70]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We've also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are 'we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected'.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn't changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu<mailto:r...@unc.edu>

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire communi

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Turner, Ryan H]

Glad I brought this up.  Is it possible that Cisco environments have evaded 
this?  Seems as though the ARP flooding via iOS 14 would be something that 
would menace all the manufacturers.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 5:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu<mailto:chad.str...@emory.edu>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren't happening). Our SE also said if you're experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F54.94BB2180]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We've also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are 'we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected'.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn't changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu<mailto:r...@unc.edu>

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent th

Re: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Street, Chad A]

Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Cody Ensanian 

Sent: Wednesday, September 1, 2021 11:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I’m hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has “identified the issue 
and is working on a fix.” I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We’re seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren’t happening). Our SE also said if you’re experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F14.D04A94F0]



-Cody

UCCS





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)



This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu<mailto:r...@unc.edu>

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ccstree2%40EMORY.EDU%7C5708a9f9983c4d7c2e2a08d96d5eeb0d%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637661076706815129%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=l9j1wMMeqkODSIIY%2BItYoCpXWA3zx8poT1eW9r7q74I%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be fou

Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Doug Wussler]

This happened to us on the first day of classes.  It's not your RADIUS.  Some 
problem where, under load, users cannot associate to the AP.   The STM process 
is overcommitted and can't respond appropriately.  Aruba advised us to shutdown 
openflow and the next day the problem was gone.  The next steps they advised 
were to minimize syslog and SNMP.  They have all our log dumps and are 
analyzing.  I believe U of Tenn has the problem too but they are not able to 
shutdown openflow and so are still experiencing the problem.  I was not 
involved in the nitty-gritty so that's about as much as I can tell you.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Turner, Ryan H 

Sent: Wednesday, September 1, 2021 11:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)


This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We’ve also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are ‘we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn’t changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.



Has anyone else seen something like this?



Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Enfield, Chuck]

Please see my 12:05 response if you missed it.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Steve Smith
Sent: Wednesday, September 1, 2021 12:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I wouldn't mind seeing the arp limiting client filter as well.

Thank you,
Steve

Steve Smith
Network Administrator II
Network and Telecommunications Services
Aims Community College
970.339.6565

On Wed, Sep 1, 2021 at 9:57 AM Laramie Combs 
mailto:comb...@appstate.edu>> wrote:
HEy Chuck - would you mind sharing that arp limiting client filter with me?

We are seeing some new traffic patterns where it looks like user devices are 
just walking their subnets, and arping for everything

-Laramie

On Wed, Sep 1, 2021 at 11:47 AM Enfield, Chuck 
mailto:cae...@psu.edu>> wrote:
We've seen the CPU problem, but I don't think it resulted in Auth problems 
here.  It may have and we just missed it because the more severe problems it 
caused masked them.

BTW, in our case reducing the amount of ARP calmed the CPU.  We applied a 
filter (Thank you Colin Joseph.) to limit the amount of ARP our wireless 
clients could send and it smoothed out the spikes.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Cody Ensanian
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with 
large classrooms and delayed connection times (Aruba 8.5.0.13)

I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this controller also has higher client load). 
However, we have not had a flood of calls to our help desk for wireless issues 
(not saying they aren't happening). Our SE also said if you're experiencing the 
issue, disabling any system or process level debugging as helped, as well as 
disabling any SNMP polling.

[cid:image001.png@01D79F2A.AE293D20]

-Cody
UCCS


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 9:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)

This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We've also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are 'we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected'.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn't changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.

Has anyone else seen something like this?

Ryan Turner
Head of Networking
Communication Technologies | Information Technology Services
r...@unc.edu<mailto:r...@unc.edu>
+1 919 445 0113 (Office)
+1 919 274 7926 (Mobile)


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam10.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D04-257C01-257Ccae104-2540PSU.EDU-257C23c7b4692be5427984b208d96d5eeb66-257C7cf48d453ddb4389a9c1c115

Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Steve Smith]

I wouldn't mind seeing the arp limiting client filter as well.

Thank you,
Steve

Steve Smith
Network Administrator II
Network and Telecommunications Services
Aims Community College
970.339.6565

On Wed, Sep 1, 2021 at 9:57 AM Laramie Combs  wrote:

> HEy Chuck - would you mind sharing that arp limiting client filter with me?
>
> We are seeing some new traffic patterns where it looks like user devices
> are just walking their subnets, and arping for everything
>
> -Laramie
>
> On Wed, Sep 1, 2021 at 11:47 AM Enfield, Chuck  wrote:
>
>> We’ve seen the CPU problem, but I don’t think it resulted in Auth
>> problems here.  It may have and we just missed it because the more severe
>> problems it caused masked them.
>>
>>
>>
>> BTW, in our case reducing the amount of ARP calmed the CPU.  We applied a
>> filter (Thank you Colin Joseph.) to limit the amount of ARP our wireless
>> clients could send and it smoothed out the spikes.
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Cody Ensanian
>> *Sent:* Wednesday, September 1, 2021 11:41 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall
>> with large classrooms and delayed connection times (Aruba 8.5.0.13)
>>
>>
>>
>> I’m hearing issues of high cpu utilization for STM on the controllers
>> causing issues. Maybe check your controllers and see if you are seeing the
>> high cpu use for STM. Heard earlier today from our SE that Aruba has
>> “identified the issue and is working on a fix.” I suggest opening the TAC
>> case so they can track it better, and help them hone in on a fix better.
>> We’re seeing the high cpu use on one of our controllers (but this
>> controller also has higher client load). However, we have not had a flood
>> of calls to our help desk for wireless issues (not saying they aren’t
>> happening). Our SE also said if you’re experiencing the issue, disabling
>> any system or process level debugging as helped, as well as disabling any
>> SNMP polling.
>>
>>
>>
>> -Cody
>>
>> UCCS
>>
>>
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Turner, Ryan H
>> *Sent:* Wednesday, September 1, 2021 9:27 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [WIRELESS-LAN] Anyone else seeing any issues in the fall with
>> large classrooms and delayed connection times (Aruba 8.5.0.13)
>>
>>
>>
>> This is a stab in the dark.  With the University mostly shutdown since
>> the Spring of 2020 (=not operating in standard mode and most people work
>> from home), we got campus upgraded from 6.X to 8.X code base.  We’ve also
>> installed many 515 series APs.  We are getting a large number of complaints
>> in large classrooms that connecting to things like eduroam takes a long
>> time.  Looking into the connection, we see many incomplete RADIUS
>> challenges.  The general complaints are ‘we come into the classroom, and
>> for some folks it can take up to 5 minutes to get connected’.  The odd
>> thing is that our RADIUS infrastructure is very large, polished and load
>> shared, and we can see no performance issues with any of the RADIUS
>> servers.  We have begun reducing power in the large classrooms to make
>> association issues better, but so far that hasn’t changed much.  We
>> anticipate opening a ticket with Aruba, soon.  We do seem to see the most
>> complaints in the big classrooms.  But I do keep going back to the RADIUS
>> Challenges incomplete.  I know if no reason for those not to complete
>> unless the connection is broken midway.
>>
>>
>>
>> Has anyone else seen something like this?
>>
>>
>>
>> Ryan Turner
>>
>> Head of Networking
>>
>> Communication Technologies | Information Technology Services
>>
>> r...@unc.edu
>>
>> +1 919 445 0113 (Office)
>>
>> +1 919 274 7926 (Mobile)
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam10.safelinks.protection.outlook.com_-3Fu

RE: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Turner, Ryan H]

In our situation, we actually measure the packets over the wire to judge RADIUS 
response.  I know precisely when I get a RADIUS timeout and what the average 
RTT as well as average response time for MAC and 802.1X authentications.  So I 
believe out environment is clean.  With that said, I am going to get for the 
timeouts on the controllers.  Thank you.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, September 1, 2021 11:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with 
large classrooms and delayed connection times (Aruba 8.5.0.13)

We're not having any unusual problems now, but we have in the past.  Two 
suggestions I can offer are:


  *   Search your controller syslog for "Authentication server request 
timeout".  This will tell you if the controllers are sending auth requests and 
not getting replies back.  We've had this happen when RDAIUS servers report 
being fat and happy.  Best explanation I can offer is that VMs sometimes lie.
  *   Check the controller 802.1X counters to make sure they're not throttling 
authentications.  
https://community.arubanetworks.com/blogs/ssasi1/2020/10/28/how-does-auth-throttling-feature-work-and-what-are-the-associated-cli-commands.
  If this does occur, it tends to happen at times of high user mobility.
Good luck.

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Turner, Ryan H
Sent: Wednesday, September 1, 2021 11:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large 
classrooms and delayed connection times (Aruba 8.5.0.13)

This is a stab in the dark.  With the University mostly shutdown since the 
Spring of 2020 (=not operating in standard mode and most people work from 
home), we got campus upgraded from 6.X to 8.X code base.  We've also installed 
many 515 series APs.  We are getting a large number of complaints in large 
classrooms that connecting to things like eduroam takes a long time.  Looking 
into the connection, we see many incomplete RADIUS challenges.  The general 
complaints are 'we come into the classroom, and for some folks it can take up 
to 5 minutes to get connected'.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see no 
performance issues with any of the RADIUS servers.  We have begun reducing 
power in the large classrooms to make association issues better, but so far 
that hasn't changed much.  We anticipate opening a ticket with Aruba, soon.  We 
do seem to see the most complaints in the big classrooms.  But I do keep going 
back to the RADIUS Challenges incomplete.  I know if no reason for those not to 
complete unless the connection is broken midway.

Has anyone else seen something like this?

Ryan Turner
Head of Networking
Communication Technologies | Information Technology Services
r...@unc.edu<mailto:r...@unc.edu>
+1 919 445 0113 (Office)
+1 919 274 7926 (Mobile)


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Ccae104%40PSU.EDU%7Cbf80edde3d5a412daf6108d96d5cfb72%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637661068387237277%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=HBe5V3IJtEi%2FhbE4qSWswW3PQepfmQCI1Hn1Q%2Fi%2BCm8%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community