There is one NAC vendor I Have found that respects the EDU window of opportunity, but when I checked last their product offering has other issues.
Impulse Point, when I last checked, only did major upgrades twice a year to make it easier for their EDU customers. Bruce Osborne Wireless Engineer IT Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Danny Eaton [mailto:[email protected]] Sent: Friday, September 2, 2016 11:01 AM Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen similar? While we're the same, I wish Cisco, Aruba, etc. would understand we cannot just "upgrade" to the newest/latest code that is GA. Especially in education, we have limited windows (I believe Lee said it) - spots during the summer, over Christmas break, and Spring Break - due to our customer (and management team) requirements. I understand bug fixes, but after 12 years in higher education, I would really expect vendors to understand our "windows of opportunity". From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Norton, Thomas (Network Services) Sent: Thursday, September 01, 2016 8:23 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar? I agree Lee, we as Engineers should always be doing what's best for our environment. We are always striving run the latest version of code that is GA, and are always looking to improve. With that said I do agree that much infrastructure not including APs would be huge undertaking to replace. We're also in the process of centralizing our wireless distribution layer to Cisco VSS between our two data centers on campus. Our backbone is Cisco, our controllers/APs are Aruba, we have over 3000+ APs deployed now, with 23k+ clients, and three Large LPV environments. Doing all the upgrades we have done and are still in the process of doing, including an LCM of our 1200+ 802.11n APs over the last three years has been a challenge, but a lot of fun. I've got to give Bruce a major brownie points, as he has been instrumental in our changes especially when it comes to our Radius setup, and wireless network as a whole. You cannot be locked into any one vendor, cause if there is one constant in life, it's change, especially when it comes to tech. I do agree that you should def be plugged into vendors beta programs. But hey, we all have our point of views! It would certainly not be wise to not be testing, or looking into new hardware alternatives. Plus every vendor has their issues, but I gotta say I agree with Bruce that we have great relationships with both Cisco and Aruba, and Jeff when you say visibility into RF, I think you would be pretty surprised by Aruba :P, and in an ever evolving industry when it comes to all the large vendors it's pretty awesome seeing products like Nyansa, Clarity, fluke truview, and all the other cool analytic based products coming to fruition . I for one feel extremely blessed to be in this Industry, having the opportunity to work for an edu, as a network engineer, there is nothing like it! T.J. Norton Wireless Network Architect | Team Lead Network Operations - Wireless (434) 592-6552<tel:(434)%20592-6552> Liberty University | Training Champions for Christ since 1971 On Sep 1, 2016, at 1:11 PM, Jeffrey D. Sessler <[email protected]<mailto:[email protected]>> wrote: So gen 1 .11n is in Cisco terms a 2007 device, so almost 10 years old. I would consider this a trailing edge (EOL) product and likely the same for the Aruba model. Those radios are pretty rock-solid today give all the development years but they had their growing pains and certainly don't have the performance of even a modern .11n device. Of course, they aren't supported in new controller code, meaning to support them, you have to be on trailing-edge code. It's always a risk vs reward, where you trade modern features (and improved client reliability/performance) for stability. As for price point, you have to look at what the improved (or unique) technology bring to your environment. Save $50 on each WAP, but then spend $150k per year for each in-field RF engineer hired because that less-expensive WAP offers no true visibility of the RF. Jeff From: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> on behalf of "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, September 1, 2016 at 9:35 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar? Actually our oldest APS are Gen 1 802.11n which we are in our lifecycle to be replaced with 802.11ac APs. We have Cisco as a valued partner, just not for RADIUS & Wireless. We found Aruba to be more responsive and at a better price point for wireless. We are definitely not trailing edge & are testing "bleeding-edge" (including some alpha level products). We do not put these in Production, though until they are stable. We made an exception for multicast IPTV because of the great need at that time. Our deployment of beta code in Production was phased in & closely watched by Aruba engineers, though. Due to the intelligence of a central controller-based infrastructure, I doubt we will return to the independent "fat" APs. Bruce Osborne Wireless Engineer IT Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Jeffrey D. Sessler [mailto:[email protected]] Sent: Thursday, September 1, 2016 11:41 AM Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen similar? Bruce, having both Cisco and Aruba in our consortium, I echo Lee's statement. Unless you stick with trailing-edge (or even EOL) setups where the code has been picked over for years and you still have 11g-only WAPs, you're going to run into occasional problems. My best advice is to form a relationship with the vendor's respective BU.. Participate in the betas or advisory groups and provide constructive feedback. EDU is a wild-west of devices and I've personally run into some really strange client-side bugs where the only options was for Cisco to add workarounds into their code. On the white box WAPs. WAPs are more than the sum of their parts, and with dense deployments becoming the norm, the emphasis moving forward will likely be on the WAP and less on the controllers e.g. off-loading more work to the edge. We may even see vendors who have traditionally used reference designs their WAPs shift more toward custom designs. Jeff From: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> on behalf of "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, September 1, 2016 at 5:36 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar? Bruce, in all fairness, I do hear Aruba, Ruckus, Xirrus, Meraki, etc all taking their share of criticism from those who use/install each in quantity. That doesn't absolve Cisco of their long-running code quality issues, but I don't think there is free lunch in this space. Everyone's trying to out-feature everyone else and simple Wi-Fi has gotten lost in the noise. It would take me 2 MAN YEARS just to replace APs at this point, and millions of $$ to "just switch". Changing is not that simple, unfortunately, when you're very very large. But I would absolutely freakin love it if every vendor's magic was confined to just the controllers, and ALL access points were white box. Fed up with Vendor X? Jump to Y by just changing the magic but leaving the APs in place because they are white box fantasy nodes! If only... Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e [email protected]<mailto:[email protected]> w its.syr.edu<http://its.syr.edu> SYRACUSE UNIVERSITY syr.edu<http://syr.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Osborne, Bruce W (Network Services) Sent: Thursday, September 01, 2016 7:42 AM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar? Lee, Time to reconsider Aruba. Unless you need the "bleeding edge" features, you rarely get caught with emergency upgrades. (Aruba calls them C-Builds or custom builds.) Bruce Osborne Wireless Engineer IT Network Operations - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Lee H Badman [mailto:[email protected]] Sent: Wednesday, August 31, 2016 9:37 PM Subject: Re: Odd incident on our 8540 Controllers- wondering if anyone has seen similar? And- we have a code bug! Who would have thought? Emergency upgrade time... seems like once a semester minimally, we trade one set of bugs for a newer, more exciting set. Grrr. Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e [email protected]<mailto:[email protected]> w its.syr.edu<http://its.syr.edu> SYRACUSE UNIVERSITY syr.edu<http://syr.edu> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]<mailto:[email protected]>> on behalf of Lee H Badman <[email protected]<mailto:[email protected]>> Sent: Wednesday, August 31, 2016 11:52 AM To: [email protected]<mailto:[email protected]> Subject: [WIRELESS-LAN] Odd incident on our 8540 Controllers- wondering if anyone has seen similar? We're on 8.2.111. From the TAC case notes: We have an 8540 in SSO failover pair config. No changes have been made to the environment in several weeks. With 3,100 APs and 20K clients, we experienced the following condition on multiple secure AND open WLANs that all go to different VLANs: Certain clients- no common type or OS across them- would struggle with select https web page loads while other clients had no problems on same WLANs and same destinations. No problems at all with auth, association, other web sites. And no problems with the target web servers. After hours of troubleshooting, we forced failover to redundant 8540, problem immediately cleared despite all "stateful" failover operations working as they should. Is there a known bug in play here? Just wondering if this occurrence rings any bells for anyone? -Lee Badman ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,57c8d475173631233626022! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
