Please post any results you have if/when try expand FlexConnect to your entire campus. It looks like you are close to our size (we now have about 125 buildings & about 38K students plus about 4K faculty/staff).
Thanks. Sent from my iPhone > On Mar 17, 2015, at 4:12 PM, Hector J Rios <[email protected]> wrote: > > I've not performed tests to that scale yet. Plus we are only considering this > for our ResHalls, of which we have 21 buildings only. > > -Hector > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Watters, John > Sent: Tuesday, March 17, 2015 11:55 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect > > We played with FlexConnect for a number of months but still could not get > what we needed it to do on a consistent basis. Essentially we wanted > FlexConnect to drop users into their building VLAN so they would be able to > easily interact with the same devices that the wired connections in the > buildings could see. As I'm sure you know, this also resolves many of the > Apple, Chromecast, etc., problems. > > We did have one caveat though that we just couldn't get past -- we wanted to > drop faculty/staff into one VLAN and students into another (we can easily > return the proper VLAN for a particular client in a particular building from > Radius server - FreeRadius with a call to our LDAP server for info) but we > also need to send everything else back to the controller for central > switching (e.g., police connections, special bar-code scanners that roam and > serve to identify a user, but not being used for client traffic, for example, > to give out free flu shots to eligible folks or let folks into a sporting > event). We just couldn't get past having 95+% locally switched and the > remainder centrally switched for over 200 buildings many with now over 100 > APs each without using FlecConnect groups which are limited to numbers way > too small for our campus. > > We can even live comfortably without roaming between buildings. MOst folks > are not used to being able to roam between buildings downtown or many cannot > roam between apartments off campus. > > How did you get around the FlexConnect group problem? > > > > > ========================== > -jcw > ________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [[email protected]] on behalf of Hector J Rios > [[email protected]] > Sent: Tuesday, March 17, 2015 9:27 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > I tested FlexConnect on 8.0.110.0. Here are my observations: > > *Great alternative to switch data locally (obviously) *No AVC Support *When > controller is down, AP goes into standalone more. Must make sure that AP is > not able to reach any other controller you don't want. This was fixed with an > ACL. > *Client details page does not show client IPv6 address. Client still gets > IPv6 address. (PRIME does show it if you run a report). > *Client details page does not show VLAN ID. > *Putting AP in FlexConnect mode does not require reboot (Cool!) *No IPv6 ACL > support > > More testing to do, but so far so good. > > -Hector > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Hector J Rios > Sent: Thursday, March 12, 2015 11:13 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > We use Cisco's wireless solution with WiSM2s and a variety of WAPs. We > actually implemented the guest anchor controller solution last year with dual > controllers (WLC2504) and we've been happy. > > I like Britton's idea of using FlexConnect at the dorms to switch the student > data locally. However, I believe there are some limitations that would keep > us from using it such as no support for AVC, and some limitations on IPv6. > > -Hector > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Osborne, Bruce W > (Network Services) > Sent: Thursday, March 12, 2015 7:42 AM > To: > [email protected]<mailto:[email protected]> > Subject: Re: [WIRELESS-LAN] ResHall Wireless > > Hector, > > You do not say what wireless solution you are using. Let me assume a Cisco or > Aruba controller based solution. You can have vlans from your controller > tunnel to an anchor controller in a DMZ. Use 802.1X authentication based on > AD groups. > > This solution permits controlled internal access and, if you desire, > unfiltered Internet access. Until recently, we did something similar with our > open Guest wireless network on our Aruba system. We now use a different > solution for this. > > The anchor controller idea was based on Cisco wireless training several years > ago. At that time, it was their recommended guest solution. > > Bruce Osborne > Wireless Engineer > IT Infrastructure & Media Solutions > > (434) 592-4229 > > LIBERTY UNIVERSITY > Training Champions for Christ since 1971 > > From: Hector J Rios [mailto:[email protected]] > Sent: Wednesday, March 11, 2015 9:48 AM > Subject: ResHall Wireless > > I'm wondering how many of you treat the wireless in the ResHalls differently > from the wireless on the rest of your campus. In terms of geography, we have > 21 ResHalls that are in the perimeter of our campus. Some of these buildings > are next to academic or administrative buildings. Eduroam is our main SSID. > So, for the longest time it has only made sense to broadcast eduroam > everywhere. Now, on the wired side of the house, our ResHalls have a > dedicated connection that gives them direct, non-firewall access to the > internet (for access to campus resources, a student must VPN). This came > about as a request from the students to have more freedom in their residence. > Makes sense. But wireless is different as it goes through our campus core, > traverses our perimeter firewall, and goes out our main internet connection. > > I've struggled to find an alternative solution to this. We recognize that > students in ResHalls are different in the sense that they pay for a place to > live and should get an internet service that is similar to their home > service. However, any alternatives that we have considered (separate SSID, > dynamic VLAN assignment, user groups) just seem to complicate the setup. > > Any good ideas out there or creative ways in which you have tackled this > challenge? > > Thanks, > > Hector Rios, CCNP, CCA > Assistant Director, Network Engineering > Dept. of Networking and Infrastructure > Information Technology Services > Louisiana State University > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
