RE: [WIRELESS-LAN] 802.11R
We’ve been running 8.3.143.0 for a couple of months on our pair of 5520s (in HA) and as yet it has been fine for us, although we haven't enabled 802.11r. We have a mixture of APs, the oldest are 1142s, the newest are 2802s. Sean Gray | B.Sc (Hons) Voice, Collaboration & Wireless Network Analyst ITS, University of Lethbridge -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Erik Stagg Sent: August-28-18 3:05 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R I was just about to ask the same. We’re about to upgrade to it this weekend from an 8.2 release. -Erik Sent from my iPhone > On Aug 28, 2018, at 5:02 PM, Christina Klam wrote: > > Another question, has anyone installed 8.3.143.0 yet? It seems to have a > number of fixes for 2800/3800. > > Christina Klam > Network Engineer > Institute for Advanced Study > +1 609-734-8154 > ck...@ias.edu > > - Original Message - > From: "C. Klam" > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Sent: Tuesday, August 28, 2018 4:45:56 PM > Subject: Re: [WIRELESS-LAN] 802.11R > > Jamie, > > Can you describe more the IPV6 issue with 8.3.133.0? For about a year we > have been running that code. And strangely enough, we have had issues with > iOS not staying connected when roaming. As all modern systems try IPv6 > before IPv4, if there is an issue with IPv6, this would explain the delay. > > Christina Klam > Network Engineer > Institute for Advanced Study > +1 609-734-8154 > ck...@ias.edu > > - Original Message - > From: "Price, Jamie G" > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Sent: Tuesday, August 28, 2018 4:34:18 PM > Subject: Re: [WIRELESS-LAN] 802.11R > > We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. > > We are running 802.11k/v/r and it has made a tremendous difference in our > roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with > IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a > production network- but it will be once we can find code without this bug. > Otherwise 8.3.133.0 has been great. > > Jamie Price │Senior Network Engineer > 303.724.8970| jamie.pr...@ucdenver.edu > 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > On Behalf Of Joseph Bernard > Sent: Tuesday, August 28, 2018 1:27 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.11R > > Our CTO just mentioned this today as we have passed the peak wireless stress > point without issues for today’s class changes. While this isn’t answering > your question, I thought I might share what we have. We have close to 30,000 > wireless devices connected and have our F5 load balancing 6 VMs running > FreeRADIUS that in turn query our eDirectory backend through LDAP. One > feature that you should make sure is enabled is “config radius > ext-source-ports enable”. > > On 8540’s, you should see this if it’s on: > > (Cisco Controller) >show radius queue > > Max Radius Queues Per Server. 16 …[snip]… > > > Thanks, > Joseph B. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > mailto:WIRELESS-LAN@LISTSERV.EDUCA > USE.EDU>> on behalf of "Phillips, Rick" > mailto:rick.phill...@uky.edu>> > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > mailto:WIRELESS-LAN@LISTSERV.EDUCA > USE.EDU>> > Date: Tuesday, August 28, 2018 at 3:11 PM > To: > "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCA > USE.EDU>" > mailto:WIRELESS-LAN@LISTSERV.EDUCA > USE.EDU>> > Subject: [WIRELESS-LAN] 802.11R > > We recently promoted eduroam to the primary network at the University of > Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) > and Cisco ISE for portals, authentication and authorization. We were seeing > the ISE authentication service jump up in latency and we would get calls that > users could not connect to eduroam. We have determined that our size and > number of authentications, particularly at each class change event, are such > that we should be using hardware load balancing. We are in process of setting > that up but each class transition results in a short period where > authentication latency can get to be a problem and users have a less than > desirable experience. During the time we are building this out our engineers > are wanting to enable 802.11R (Fast Transition) on our controllers. We > currently do not support this feature on
Re: [WIRELESS-LAN] 802.11R
We are on 8.3.143.0 on a pair of 8510s. Had some weird behavior at the start that has seemed to work itself out. Currently investigating some roaming issues that may or not be an issue with the code. Brady Ballstadt UITS Get Outlook for iOS<https://aka.ms/o0ukef> From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Christina Klam Sent: Tuesday, August 28, 2018 4:02:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R Another question, has anyone installed 8.3.143.0 yet? It seems to have a number of fixes for 2800/3800. Christina Klam Network Engineer Institute for Advanced Study +1 609-734-8154 ck...@ias.edu - Original Message - From: "C. Klam" To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, August 28, 2018 4:45:56 PM Subject: Re: [WIRELESS-LAN] 802.11R Jamie, Can you describe more the IPV6 issue with 8.3.133.0? For about a year we have been running that code. And strangely enough, we have had issues with iOS not staying connected when roaming. As all modern systems try IPv6 before IPv4, if there is an issue with IPv6, this would explain the delay. Christina Klam Network Engineer Institute for Advanced Study +1 609-734-8154 ck...@ias.edu - Original Message - From: "Price, Jamie G" To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, August 28, 2018 4:34:18 PM Subject: Re: [WIRELESS-LAN] 802.11R We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. We are running 802.11k/v/r and it has made a tremendous difference in our roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a production network- but it will be once we can find code without this bug. Otherwise 8.3.133.0 has been great. Jamie Price │Senior Network Engineer 303.724.8970| jamie.pr...@ucdenver.edu 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Joseph Bernard Sent: Tuesday, August 28, 2018 1:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R Our CTO just mentioned this today as we have passed the peak wireless stress point without issues for today’s class changes. While this isn’t answering your question, I thought I might share what we have. We have close to 30,000 wireless devices connected and have our F5 load balancing 6 VMs running FreeRADIUS that in turn query our eDirectory backend through LDAP. One feature that you should make sure is enabled is “config radius ext-source-ports enable”. On 8540’s, you should see this if it’s on: (Cisco Controller) >show radius queue Max Radius Queues Per Server. 16 …[snip]… Thanks, Joseph B. From: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Phillips, Rick" mailto:rick.phill...@uky.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Tuesday, August 28, 2018 at 3:11 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] 802.11R We recently promoted eduroam to the primary network at the University of Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) and Cisco ISE for portals, authentication and authorization. We were seeing the ISE authentication service jump up in latency and we would get calls that users could not connect to eduroam. We have determined that our size and number of authentications, particularly at each class change event, are such that we should be using hardware load balancing. We are in process of setting that up but each class transition results in a short period where authentication latency can get to be a problem and users have a less than desirable experience. During the time we are building this out our engineers are wanting to enable 802.11R (Fast Transition) on our controllers. We currently do not support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and we have heard other have issues with this code release. While we are not experiencing the same results or hitting the same bugs, I am concerned that turning on this feature might have ramifications related to the code release we are running. My question to the group is who has used 802.11R and would you be willing to shoot me a private message with configuration and/or your results? Thanks in advance, Rick Rick Phillips Executive Director, Networking & Infrastructure Information Technology Services University of Kentucky 301 Rose St. Hardymon Building Rm 102 Lexington, KY 40506-0496 (859) 257-4106 (Office) ** Participation and subscri
Re: [WIRELESS-LAN] 802.11R
I was just about to ask the same. We’re about to upgrade to it this weekend from an 8.2 release. -Erik Sent from my iPhone > On Aug 28, 2018, at 5:02 PM, Christina Klam wrote: > > Another question, has anyone installed 8.3.143.0 yet? It seems to have a > number of fixes for 2800/3800. > > Christina Klam > Network Engineer > Institute for Advanced Study > +1 609-734-8154 > ck...@ias.edu > > - Original Message - > From: "C. Klam" > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Sent: Tuesday, August 28, 2018 4:45:56 PM > Subject: Re: [WIRELESS-LAN] 802.11R > > Jamie, > > Can you describe more the IPV6 issue with 8.3.133.0? For about a year we > have been running that code. And strangely enough, we have had issues with > iOS not staying connected when roaming. As all modern systems try IPv6 > before IPv4, if there is an issue with IPv6, this would explain the delay. > > Christina Klam > Network Engineer > Institute for Advanced Study > +1 609-734-8154 > ck...@ias.edu > > - Original Message - > From: "Price, Jamie G" > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Sent: Tuesday, August 28, 2018 4:34:18 PM > Subject: Re: [WIRELESS-LAN] 802.11R > > We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. > > We are running 802.11k/v/r and it has made a tremendous difference in our > roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with > IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a > production network- but it will be once we can find code without this bug. > Otherwise 8.3.133.0 has been great. > > Jamie Price │Senior Network Engineer > 303.724.8970| jamie.pr...@ucdenver.edu > 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > On Behalf Of Joseph Bernard > Sent: Tuesday, August 28, 2018 1:27 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.11R > > Our CTO just mentioned this today as we have passed the peak wireless stress > point without issues for today’s class changes. While this isn’t answering > your question, I thought I might share what we have. We have close to 30,000 > wireless devices connected and have our F5 load balancing 6 VMs running > FreeRADIUS that in turn query our eDirectory backend through LDAP. One > feature that you should make sure is enabled is “config radius > ext-source-ports enable”. > > On 8540’s, you should see this if it’s on: > > (Cisco Controller) >show radius queue > > Max Radius Queues Per Server. 16 > …[snip]… > > > Thanks, > Joseph B. > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> > on behalf of "Phillips, Rick" > mailto:rick.phill...@uky.edu>> > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> > Date: Tuesday, August 28, 2018 at 3:11 PM > To: > "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" > > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> > Subject: [WIRELESS-LAN] 802.11R > > We recently promoted eduroam to the primary network at the University of > Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) > and Cisco ISE for portals, authentication and authorization. We were seeing > the ISE authentication service jump up in latency and we would get calls that > users could not connect to eduroam. We have determined that our size and > number of authentications, particularly at each class change event, are such > that we should be using hardware load balancing. We are in process of setting > that up but each class transition results in a short period where > authentication latency can get to be a problem and users have a less than > desirable experience. During the time we are building this out our engineers > are wanting to enable 802.11R (Fast Transition) on our controllers. We > currently do not support this feature on the WLCs. We are running 8.2.166.0 > code on our WLCs and we have heard other have issues with this code release. > While we are not experiencing the same results or hitting the same bugs, I am > concerned that turning on this feature might have ramifications related to > the code release we are running. > > My question to the group is who has used 802.11R and would you be willing to > shoot me a private message with configuration and/or your results? > > Thanks in advance, > > Rick > > Rick Phillips &g
Re: [WIRELESS-LAN] 802.11R
Another question, has anyone installed 8.3.143.0 yet? It seems to have a number of fixes for 2800/3800. Christina Klam Network Engineer Institute for Advanced Study +1 609-734-8154 ck...@ias.edu - Original Message - From: "C. Klam" To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, August 28, 2018 4:45:56 PM Subject: Re: [WIRELESS-LAN] 802.11R Jamie, Can you describe more the IPV6 issue with 8.3.133.0? For about a year we have been running that code. And strangely enough, we have had issues with iOS not staying connected when roaming. As all modern systems try IPv6 before IPv4, if there is an issue with IPv6, this would explain the delay. Christina Klam Network Engineer Institute for Advanced Study +1 609-734-8154 ck...@ias.edu - Original Message - From: "Price, Jamie G" To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, August 28, 2018 4:34:18 PM Subject: Re: [WIRELESS-LAN] 802.11R We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. We are running 802.11k/v/r and it has made a tremendous difference in our roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a production network- but it will be once we can find code without this bug. Otherwise 8.3.133.0 has been great. Jamie Price │Senior Network Engineer 303.724.8970| jamie.pr...@ucdenver.edu 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Joseph Bernard Sent: Tuesday, August 28, 2018 1:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R Our CTO just mentioned this today as we have passed the peak wireless stress point without issues for today’s class changes. While this isn’t answering your question, I thought I might share what we have. We have close to 30,000 wireless devices connected and have our F5 load balancing 6 VMs running FreeRADIUS that in turn query our eDirectory backend through LDAP. One feature that you should make sure is enabled is “config radius ext-source-ports enable”. On 8540’s, you should see this if it’s on: (Cisco Controller) >show radius queue Max Radius Queues Per Server. 16 …[snip]… Thanks, Joseph B. From: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Phillips, Rick" mailto:rick.phill...@uky.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Tuesday, August 28, 2018 at 3:11 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] 802.11R We recently promoted eduroam to the primary network at the University of Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) and Cisco ISE for portals, authentication and authorization. We were seeing the ISE authentication service jump up in latency and we would get calls that users could not connect to eduroam. We have determined that our size and number of authentications, particularly at each class change event, are such that we should be using hardware load balancing. We are in process of setting that up but each class transition results in a short period where authentication latency can get to be a problem and users have a less than desirable experience. During the time we are building this out our engineers are wanting to enable 802.11R (Fast Transition) on our controllers. We currently do not support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and we have heard other have issues with this code release. While we are not experiencing the same results or hitting the same bugs, I am concerned that turning on this feature might have ramifications related to the code release we are running. My question to the group is who has used 802.11R and would you be willing to shoot me a private message with configuration and/or your results? Thanks in advance, Rick Rick Phillips Executive Director, Networking & Infrastructure Information Technology Services University of Kentucky 301 Rose St. Hardymon Building Rm 102 Lexington, KY 40506-0496 (859) 257-4106 (Office) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Const
Re: [WIRELESS-LAN] 802.11R
Jamie, Can you describe more the IPV6 issue with 8.3.133.0? For about a year we have been running that code. And strangely enough, we have had issues with iOS not staying connected when roaming. As all modern systems try IPv6 before IPv4, if there is an issue with IPv6, this would explain the delay. Christina Klam Network Engineer Institute for Advanced Study +1 609-734-8154 ck...@ias.edu - Original Message - From: "Price, Jamie G" To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, August 28, 2018 4:34:18 PM Subject: Re: [WIRELESS-LAN] 802.11R We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. We are running 802.11k/v/r and it has made a tremendous difference in our roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a production network- but it will be once we can find code without this bug. Otherwise 8.3.133.0 has been great. Jamie Price │Senior Network Engineer 303.724.8970| jamie.pr...@ucdenver.edu 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Joseph Bernard Sent: Tuesday, August 28, 2018 1:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R Our CTO just mentioned this today as we have passed the peak wireless stress point without issues for today’s class changes. While this isn’t answering your question, I thought I might share what we have. We have close to 30,000 wireless devices connected and have our F5 load balancing 6 VMs running FreeRADIUS that in turn query our eDirectory backend through LDAP. One feature that you should make sure is enabled is “config radius ext-source-ports enable”. On 8540’s, you should see this if it’s on: (Cisco Controller) >show radius queue Max Radius Queues Per Server. 16 …[snip]… Thanks, Joseph B. From: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Phillips, Rick" mailto:rick.phill...@uky.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Tuesday, August 28, 2018 at 3:11 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] 802.11R We recently promoted eduroam to the primary network at the University of Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) and Cisco ISE for portals, authentication and authorization. We were seeing the ISE authentication service jump up in latency and we would get calls that users could not connect to eduroam. We have determined that our size and number of authentications, particularly at each class change event, are such that we should be using hardware load balancing. We are in process of setting that up but each class transition results in a short period where authentication latency can get to be a problem and users have a less than desirable experience. During the time we are building this out our engineers are wanting to enable 802.11R (Fast Transition) on our controllers. We currently do not support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and we have heard other have issues with this code release. While we are not experiencing the same results or hitting the same bugs, I am concerned that turning on this feature might have ramifications related to the code release we are running. My question to the group is who has used 802.11R and would you be willing to shoot me a private message with configuration and/or your results? Thanks in advance, Rick Rick Phillips Executive Director, Networking & Infrastructure Information Technology Services University of Kentucky 301 Rose St. Hardymon Building Rm 102 Lexington, KY 40506-0496 (859) 257-4106 (Office) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] 802.11R
We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0. We are running 802.11k/v/r and it has made a tremendous difference in our roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a production network- but it will be once we can find code without this bug. Otherwise 8.3.133.0 has been great. Jamie Price │Senior Network Engineer 303.724.8970| jamie.pr...@ucdenver.edu 1945 N Wheeling Street, MS F408, Denver, CO, US 80045 From: The EDUCAUSE Wireless Issues Constituent Group Listserv On Behalf Of Joseph Bernard Sent: Tuesday, August 28, 2018 1:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11R Our CTO just mentioned this today as we have passed the peak wireless stress point without issues for today’s class changes. While this isn’t answering your question, I thought I might share what we have. We have close to 30,000 wireless devices connected and have our F5 load balancing 6 VMs running FreeRADIUS that in turn query our eDirectory backend through LDAP. One feature that you should make sure is enabled is “config radius ext-source-ports enable”. On 8540’s, you should see this if it’s on: (Cisco Controller) >show radius queue Max Radius Queues Per Server. 16 …[snip]… Thanks, Joseph B. From: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of "Phillips, Rick" mailto:rick.phill...@uky.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Tuesday, August 28, 2018 at 3:11 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] 802.11R We recently promoted eduroam to the primary network at the University of Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) and Cisco ISE for portals, authentication and authorization. We were seeing the ISE authentication service jump up in latency and we would get calls that users could not connect to eduroam. We have determined that our size and number of authentications, particularly at each class change event, are such that we should be using hardware load balancing. We are in process of setting that up but each class transition results in a short period where authentication latency can get to be a problem and users have a less than desirable experience. During the time we are building this out our engineers are wanting to enable 802.11R (Fast Transition) on our controllers. We currently do not support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and we have heard other have issues with this code release. While we are not experiencing the same results or hitting the same bugs, I am concerned that turning on this feature might have ramifications related to the code release we are running. My question to the group is who has used 802.11R and would you be willing to shoot me a private message with configuration and/or your results? Thanks in advance, Rick Rick Phillips Executive Director, Networking & Infrastructure Information Technology Services University of Kentucky 301 Rose St. Hardymon Building Rm 102 Lexington, KY 40506-0496 (859) 257-4106 (Office) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] 802.11R
Hi Rick, We had enabled 802.11r on our WiSM2s but had to disable it due to limitations with the PMK cache size. Cisco’s site says the 8540 has a PMK cache limit of 64,000. The site also says the WiSM2 has a limit of 30,000, but see bug CSCvg15595 because it is actually 15,000. I’m not sure if that means the limit on the 8540 is actually 64,000 or is really 32,000. Anyway, if all of the controllers are in the same mobility group, the PMK cache limit is shared per mobility group. This may or may not be an issue depending on the size of your user base. --- Eric Kenny Network Architect Harvard University ITS --- > On Aug 28, 2018, at 3:01 PM, Phillips, Rick wrote: > > We recently promoted eduroam to the primary network at the University of > Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) > and Cisco ISE for portals, authentication and authorization. We were seeing > the ISE authentication service jump up in latency and we would get calls that > users could not connect to eduroam. We have determined that our size and > number of authentications, particularly at each class change event, are such > that we should be using hardware load balancing. We are in process of setting > that up but each class transition results in a short period where > authentication latency can get to be a problem and users have a less than > desirable experience. During the time we are building this out our engineers > are wanting to enable 802.11R (Fast Transition) on our controllers. We > currently do not support this feature on the WLCs. We are running 8.2.166.0 > code on our WLCs and we have heard other have issues with this code release. > While we are not experiencing the same results or hitting the same bugs, I am > concerned that turning on this feature might have ramifications related to > the code release we are running. > > My question to the group is who has used 802.11R and would you be willing to > shoot me a private message with configuration and/or your results? > > Thanks in advance, > > Rick > > Rick Phillips > Executive Director, Networking & Infrastructure > > Information Technology Services > University of Kentucky > 301 Rose St. Hardymon Building Rm 102 > Lexington, KY 40506-0496 > (859) 257-4106 (Office) > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] 802.11R
Our CTO just mentioned this today as we have passed the peak wireless stress point without issues for today’s class changes. While this isn’t answering your question, I thought I might share what we have. We have close to 30,000 wireless devices connected and have our F5 load balancing 6 VMs running FreeRADIUS that in turn query our eDirectory backend through LDAP. One feature that you should make sure is enabled is “config radius ext-source-ports enable”. On 8540’s, you should see this if it’s on: (Cisco Controller) >show radius queue Max Radius Queues Per Server. 16 …[snip]… Thanks, Joseph B. From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of "Phillips, Rick" Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: Tuesday, August 28, 2018 at 3:11 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: [WIRELESS-LAN] 802.11R We recently promoted eduroam to the primary network at the University of Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) and Cisco ISE for portals, authentication and authorization. We were seeing the ISE authentication service jump up in latency and we would get calls that users could not connect to eduroam. We have determined that our size and number of authentications, particularly at each class change event, are such that we should be using hardware load balancing. We are in process of setting that up but each class transition results in a short period where authentication latency can get to be a problem and users have a less than desirable experience. During the time we are building this out our engineers are wanting to enable 802.11R (Fast Transition) on our controllers. We currently do not support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and we have heard other have issues with this code release. While we are not experiencing the same results or hitting the same bugs, I am concerned that turning on this feature might have ramifications related to the code release we are running. My question to the group is who has used 802.11R and would you be willing to shoot me a private message with configuration and/or your results? Thanks in advance, Rick Rick Phillips Executive Director, Networking & Infrastructure Information Technology Services University of Kentucky 301 Rose St. Hardymon Building Rm 102 Lexington, KY 40506-0496 (859) 257-4106 (Office) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] 802.11r
I'll second that. We are a Ruckus shop too. I had it on last semester and noticed IOS devices would connect but not get an IP address. Our sales engineer was surprised it didn't work, and I've been too busy to open a support case on it. Heath Barnhart, CCNA ITS Network Administrator Washburn University 785-670-2307 From: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Steven D. Veron sve...@lamar.edu Sent: Monday, July 13, 2015 3:57 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11r Oh boy, I just went through this last week. I had 802.11r turned on for my 802.11x network and almost every i-device stopped connecting to it; took 3 days to figure it out. I turned it off and they all connected just fine. This was a Ruckus controller, in talking to the higher tier engineer he said just don't do 802.11r, it's not ready yet. Steven D Veron Senior Network Analyst Lamar University Office- 409-880-2386 Cell- 409-351-5961 steven.ve...@lamar.edu From: Jerry Bucklaew j...@buffalo.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, July 1, 2015 7:51:07 AM Subject: Re: [WIRELESS-LAN] 802.11r To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. CONFIDENTIALITY: Any information contained in this e-mail (including attachments) is the property of The State of Texas and unauthorized disclosure or use is prohibited. Sending, receiving or forwarding of confidential, proprietary and privileged information is prohibited under Lamar Policy. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11r
Oh boy, I just went through this last week. I had 802.11r turned on for my 802.11x network and almost every i-device stopped connecting to it; took 3 days to figure it out. I turned it off and they all connected just fine. This was a Ruckus controller, in talking to the higher tier engineer he said just don't do 802.11r, it's not ready yet. Steven D Veron Senior Network Analyst Lamar University Office- 409-880-2386 Cell- 409-351-5961 steven.ve...@lamar.edu - Original Message - From: Jerry Bucklaew j...@buffalo.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, July 1, 2015 7:51:07 AM Subject: Re: [WIRELESS-LAN] 802.11r To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. CONFIDENTIALITY: Any information contained in this e-mail (including attachments) is the property of The State of Texas and unauthorized disclosure or use is prohibited. Sending, receiving or forwarding of confidential, proprietary and privileged information is prohibited under Lamar Policy. If you received this e-mail in error, please notify the sender and delete this e-mail from your system.
Re: [WIRELESS-LAN] 802.11r
In 8.0 Cisco added 802.11r mixed mode support. Removes the restriction of creating a separate SSID for 802.11r support. Non-802.11r clients with updated drivers can join 802.11r-enabled SSID. Simplifies operations with single SSID for 802.11r clients. Although devices without updated drivers may have issues. http://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/bulletin-c25-732295.html I would still like to try this when 8.0 has much fewer caveats. Kevin McCormick Western Illinois University On 7/1/2015 11:41 AM, Dan Brisson wrote: According to Cisco's Best Practices site, they do recommend enabling 802.11r, with the following very important caveat: *Note*http://www.cisco.com/c/dam/en/us/td/i/templates/blank.gifNon 802.11r clients will *not *be able to connect to this WLAN. Ensure that the clients are 802.11r capable, for example, Apple devices on version 6 and above. http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-0/82463-wlc-config-best-practice.html#pgfId-380025 -dan Dan Brisson Network Engineer University of Vermont On 7/1/2015 9:55 AM, Kevin McCormick wrote: I know Cisco has added 802.11r so devices can optional use 802.11r if supported starting with version 8.0. I have been looking forward to using version 8.0, but the number of caveats has kept us away. With version 7.6 802.11r is an all or nothing feature requiring you to create an extra SSID, which we have not done and will not do. I am also curious about the experience of others. Kevin McCormick Western Illinois University On 7/1/2015 7:51 AM, Jerry Bucklaew wrote: To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11r
To me is another one of those potentially really good features that has just been horribly bungled by Wi-Fi Alliance and vendors. As long as the client base is as horribly capability- fragmented as it is, things like 11r are somewhere betwee a huge gamble and fairly impractical in our environments (at least for prod). Says I. Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Jerry Bucklaew j...@buffalo.edu Sent: Wednesday, July 1, 2015 8:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11r To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11r
To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11r
We turned it on for our primary SSID in Cisco code 7.6.130.0 for roughly 4 hours and it was an absolute NIGHTMARE. All device types were unpredictable and unstable. About a third of our 20,000 user devices wouldn't connect at all, the ones that did would frequently drop off the network. Once we disabled it, roughly half of the machines that were able to connect while 802.11r was enabled were suddenly NOT able to connect after the rollback. Those users had to forget the network and or delete the profile from their devices before they could connect again. It made for an interesting day and a half. Respectfully, Matthew Williams IT Manager, Wireless Kent State University Office: (330) 672-7246 Mobile: (330) 469-0445 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jerry Bucklaew Sent: Wednesday, July 1, 2015 8:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11r To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] 802.11r
Is there a perceived or measurable benefit beyond the hype, in your opinion? -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christina Klam Sent: Wednesday, July 01, 2015 11:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.11r In May, we turned it on for most our SSIDs. We have only seen issues with older laptops and tablets. When this happens, we tell those few users to either use the non 802.11r SSID or upgrade their device/OS. -- Christina Klam Network Engineer Institute for Advanced Study Email: ck...@ias.edu Einstein Drive Telephone: 609-734-8154 Princeton, NJ 08540 Fax: 609-951-4418 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11r
In May, we turned it on for most our SSIDs. We have only seen issues with older laptops and tablets. When this happens, we tell those few users to either use the non 802.11r SSID or upgrade their device/OS. -- Christina Klam Network Engineer Institute for Advanced Study Email: ck...@ias.edu Einstein Drive Telephone: 609-734-8154 Princeton, NJ 08540 Fax: 609-951-4418 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11r
According to Cisco's Best Practices site, they do recommend enabling 802.11r, with the following very important caveat: *Note*http://www.cisco.com/c/dam/en/us/td/i/templates/blank.gifNon 802.11r clients will *not *be able to connect to this WLAN. Ensure that the clients are 802.11r capable, for example, Apple devices on version 6 and above. http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/8-0/82463-wlc-config-best-practice.html#pgfId-380025 -dan Dan Brisson Network Engineer University of Vermont On 7/1/2015 9:55 AM, Kevin McCormick wrote: I know Cisco has added 802.11r so devices can optional use 802.11r if supported starting with version 8.0. I have been looking forward to using version 8.0, but the number of caveats has kept us away. With version 7.6 802.11r is an all or nothing feature requiring you to create an extra SSID, which we have not done and will not do. I am also curious about the experience of others. Kevin McCormick Western Illinois University On 7/1/2015 7:51 AM, Jerry Bucklaew wrote: To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] 802.11r
We've had to enable it to get iPads to roam properly on a WPA2/EAP/MSChapV2 network. iPads and Macbooks work, so far we haven't found any other device that will associate successfully with 802.11r enabled (but we haven't tried too many, just a few Dell laptops and Android devices.) We obviously had to create a new SSID for this, and made it 5 GHz only. Here's an Apple article on their recommended settings that we followed: https://support.apple.com/en-us/HT203068 -- Toivo Voll On Wed, Jul 1, 2015 at 8:51 AM, Jerry Bucklaew j...@buffalo.edu wrote: To ALL: I was just wondering if anyone has taken the plunge and enabled 802.11r on their WLAN and if they had any fall out? I know some vendors recommend putting up a second ssid but no one wants to maintain two SSID's. I has been a couple years so maybe the client turnover has solved the issue? I had the same question about 802.11d and 802.11h. I am running an Aruba environment but would be interested in the Cisco side of the house also. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.