I have found the requirements in PCI for rogue access points to be difficult to
the point of being unworkable.
(https://www.pcisecuritystandards.org/documents/SAQ_C_v3.pdf, section 11.2).
We are a small college, and still see hundreds of "rogue" or "unauthorized"
access points. Our neighbors
Kelly Slone
On Jun 28, 2017, at 11:03 AM, John York <yo...@brcc.edu<mailto:yo...@brcc.edu>>
wrote:
Hi
We have been using 7925 phones for quite some time with our WLC 5508/AP1142Ns.
We recently switched to 8821 phones, and wireless appears to hang for people
who move around a lo
Hi
We have been using 7925 phones for quite some time with our WLC 5508/AP1142Ns.
We recently switched to 8821 phones, and wireless appears to hang for people
who move around a lot. They can stand directly underneath an AP with no
connection. If they reboot the phone, or disable/enable the
It is a solution that's simple and elegant, though...
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sweetser, Frank E
Sent: Thursday, March 2, 2017 2:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN]
We could still use a major credit card number, though ;-)
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 31, 2016 9:06 PM
To:
Military camouflage on APs would be a hit here in the back woods where lots of
people hunt deer. I can image that faculty in some locations would be
offended, though ;-0
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf
Ah, punching Fortran onto cards, handing the cards in at the DCL (Digital
Computer Lab) window, waiting 4 hours to get a printout full of errors…
Wash, rinse, repeat.
Those were the good old days.
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
It appears to me that Cisco One is worthwhile if you are using the software
that comes with it...PI, etc. If you are not, then you incur an annual fee for
stuff you don't use.
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
times.
Dennis Xu, MASc, CCIE #13056
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS)
University of Guelph
519-824-4120 Ext 56217
d...@uoguelph.ca<mailto:d...@uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
From
SE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: 3 mars 2016 11:30
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] WLC 5508 logging authentications
Hi
We have one 550
m.w...@cuchicago.edu>
708-209-3565
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Thursday, March 3, 2016 1:54 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIREL
...@uoguelph.ca<mailto:d...@uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
From: "John York" <yo...@brcc.edu<mailto:yo...@brcc.edu>>
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
and Communications Services(CCS)
University of Guelph
519-824-4120 Ext 56217
d...@uoguelph.ca<mailto:d...@uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
From: "John York" <yo...@brcc.edu<mailto:yo...@brcc.edu>>
To:
Is Ekahu the software of choice?
Thanks
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ron Mirabile
Sent: Wednesday, February 17, 2016 4:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:
After a year of pretty much rock solid behavior we’ve had two instances this
week where EAP failed for some or all of the users on our WLC 5508 (7.6.130.0).
For some users it uses EAP-PEAP-MSChapV2 to a Windows AD server running NPS.
For others it uses EAP-TLS to Cisco ACS. Both were
>> > After a year of pretty much rock solid behavior we’ve had two instances
>> > this week where EAP failed for some or all of the users on our WLC 5508
>
>In what way?
Clients just wouldn't connect. I didn't find anything in the WLC logs that
helped me, but probably I just didn't understand
We tried putting classroom computers on wireless, but ran into problems with
waking computers. Our patch management procedures rely heavily on waking
computers during a maintenance period at night, and we couldn't find a way to
do that. For some, we went to wakeup times into BIOS. We had
“qualified electrical engineer”… I am/was one, and Chuck is correct. All of my
EE training was in circuit and microwave design, next to nothing in power or
lightning protection. That was 40+ years ago, though. Someone who has gone
through the Professional Engineer (PE) wringer might be
I found that when I was standing on a ladder with ceiling tile dust in my hair,
my success rate with a punch down tool was much better than with a crimper.
That was when I had hair...now I let the younger guys do it ;-)
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
It is cold, though. I grew up in Anchorage, and remember hearing stories about
the ice fog in Fairbanks. Still, it could be fun. Married with kid makes it
difficult to consider—freedom will increase when the kid goes to/graduates
college…
John
From: The EDUCAUSE Wireless Issues Constituent
On Tue Jan 27 2015 11:47:50 CST, Odtohan, Cathi codto...@erikson.edu wrote:
At one point we considered something like KwikBoost charging stations
http://www.kwikboost.com/
but people balked at the price. We did put a desktop multi-device charger in
the student commons area and locked it
-Station-ID {MAC address}:SSID, so at
least WebAuth and 802.1x are consistent in 7.6.
John
John York
Network Engineer
Blue Ridge Community College
1 College Lane, Weyers Cave, VA 24486
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can
I've been following the Apple TV mail on this list, and was glad to see that
colleges have had good luck connecting the TVs on the wired network and using
Bluetooth (or whatever Apple uses) for user connections. We have an Apple TV
infestation that just started, and the iPeople are telling me,
Teaching and Learning with Technology, Information Technology Services
The Pennsylvania State University
On Oct 24, 2014, at 10:52 AM, John York yo...@brcc.edumailto:yo...@brcc.edu
wrote:
I’ve been following the Apple TV mail on this list, and was glad to see that
colleges have had good luck
.
Jason
p: (814) 865-1840, c: (814) 777-7665
Systems Administrator
Teaching and Learning with Technology, Information Technology Services
The Pennsylvania State University
On Oct 24, 2014, at 10:52 AM, John York yo...@brcc.edumailto:yo...@brcc.edu
wrote:
I’ve been following the Apple TV mail
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0.
Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
a good
relationship with your local Cisco wireless SE, he/she can probably get it as
well.
I only have the build for the 5508.
Jeff
John York 09/05/14 7:27 AM
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0.
Is 7.6MR3 the same as 7.6.130.0, or does TAC have
that are resolved in mr3
CSCuq18025
CSCuq36902
CSCup40557
CSCuo86819
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Friday, September 05, 2014 11:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
only have the build for the 5508.
Jeff
John York 09/05/14 7:27 AM
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0.
Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
Helpline Request : http://www.nscc.ca/helpline
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 12:37 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Hi
Along with installing the latest security patch, I tried to go from Cisco WLC
7.4 to 7.6 this weekend. However, it broke our web auth. I had lots of error
messages from the controller about improper web requests. The release notes
mention something about fragmented requests no longer
, under HTTP-HTTPS, the WebAuth SecureWeb
was enabled by default. Our Mac laptops did not like that, so after disabling
that option everything was working fine.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent
On Mon, Jan 27, 2014 at 1:40 PM, Lee H Badman
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
Try disable IPv6 on Mac.
Lee Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003tel:315.443.3003
-Original Message-
From: John York [yo...@brcc.edumailto:yo...@brcc.edu
Hi folks
I have a WLC5508, currently on 7.4.110.0, and am having a problem with a Mac
laptop that appears to connect but does not get an IP. The WLC logs show
bunches of these:
*dtlArpTask: Jan 27 13:06:14.875: #DTL-4-ARP_ORPHANPKT_DETECTED: dtl_net.c:2001
STA(Target MAC Address)
Years ago I “got creative” and made some patch cables that allowed me to put
two 10M hosts on a single jack instead of pulling new cables. The boss said
unkind things and shoved a notebook of the TIA-568 spec in my face. Ah, the
bad old days…;-)
John
From: The EDUCAUSE Wireless Issues
I had similar problems with my own laptop after going from 8 to 8.1, for both
our open and 802.1x SSIDs. We are running WLC 5508s with 1142Ns, and the
problem existed on the current versions of both 7.2 and 7.4 code. The laptop
is a Dell M4700 with Broadcom 802.11n drivers. Strangely, the
In our case, it's harassment from the record industry and threats of lawsuits.
As a community college, we don't have many faculty or students that need to use
it for research, downloading OSs, and similar stuff. So, it's easier to just
cave in and block P2P.
John
From: The EDUCAUSE Wireless
] on behalf of John York [yo...@brcc.edu]
Sent: Tuesday, November 12, 2013 11:11 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco Controllers- How are You Using, Any
P2P enforcement?
In our case, it's harassment from the record
Probably wise-we're usually a few years out of phase ;-)
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Tuesday, November 12, 2013 11:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re:
From our friends at the ISC StormCenter. I wonder how long it takes to get
registered with the mother ship.
Thanks
John
-Original Message-
From: Swa Frantzen - ISC [mailto:isc@ ]
Sent: Wednesday, September 18, 2013 3:39 PM
To: John York
Subject: Re: iOS 7 update available at 1PM
Grab a Turtle Beach wireless headset and show up at the gamers meeting and
demo its wireless death ray.
Tell me more! Is this a special feature, or is this model just an inherently
better jammer than the others?
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
The last one on the list is FCFE77, not too far from FF . Only 197,000
OUI's left!
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Bulk
Sent: Wednesday, September 4, 2013 12:24 AM
To:
+1. We're also on 7.2.111.3 and wondering if it's time to upgrade. Is there a
nice, stable new release for the 5508? I'm still gun shy from the 4400 days,
when an upgrade often meant lost weekends and tearing out of hair.
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
Hmmm, the theater folks can paint the antennas with flat black lead-based paint
or something. We've had folks put metal inventory tags on top of the AP
antennas--sigh.
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
We just upgraded from a vulnerable 7.0 version to 7.2.111.3 as a result of this
message. A few years ago with the old 4400, upgrades were times of high stress
and anxiety. This one took about 15-20 min on our 5508 from start until the
AP's were all reloaded, with no glitches. It's a pleasant
We had the same problem, and the reg key fix in method 3 worked here as well
We applied the monthly updates to some of our servers last night, and it broke
our WPA2 wireless authentication. I opened a ticket with Microsoft, and found
that something in KB931125, Update for Root Certificates For
Our main problem with wireless-only was not having a good wake on LAN so we
could push patches and upgrades.
Thanks
John
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, November 29, 2012
Microsoft just released a security advisory about MSCHAPv2, and listed PEAP
/MSCHAPv2 as a solution to the problem for people who only use MSCHAPv2 for
PPTP vpn tunnels. So, I feel more comfortable that the standard secure
wireless PEAP/MSCHAPv2 is still safe. That's a good thing, because
Hmm, looks like it's an mDNS solution using Avahi, and involves putting up an
Ubuntu server. See Bonjour Gateway Deployment in
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml.
John
-Original Message-
From: The EDUCAUSE Wireless Issues
I forget--what was the question about?
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Tuesday, May 15, 2012 12:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re:
Hi
We’re in the process of bringing up a new NPS server, and a contractor tells me
that the cert Common Name and the server’s DNS fqdn don’t have to match like
they do on an SSL server.
“For wireless, any valid certificate will do. It does not have to match the
name of the NPS server. You
We are using it on our 5508, but in a much smaller installation (1 controller,
50 AP's, ~150 users peak.) I've complained about problems with it in the past,
but since we went to 7.0.116.0 it's done very well for us.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
, April 08, 2011 at 2:37 PM, in message
3b6a443a4cc0a74c865993c8f0e79f76066e4...@bramail3.br.vccs.edu, John York
yo...@brcc.edu wrote:
Yep, 4.x and 5.x were really scary. I think most of our problem now lies with
webauth.
I just upgraded our 4402 on 5.x to a 5508 on 7.x, which was a disaster
What appears to be a bug fix version for WLC v6 appeared on the Cisco site
early this week, 6.0.202.0. Does anyone have experience with it? Experience
has made me very nervous about changing WLC software...
Thanks
John
**
Participation and subscription information for this EDUCAUSE
where I needed to back-rev.
Jeff
John York yo...@brcc.edu 4/8/2011 8:47 AM
What appears to be a bug fix version for WLC v6 appeared on the Cisco site
early this week, 6.0.202.0. Does anyone have experience with it? Experience
has made me very nervous about changing WLC software...
Thanks
We're upgrading from a 4402 to 5508 WLC system. The 4402 has had nagging
problems with webauth off and on for as long as I remember. We're presently
having trouble on 5.2.193.0, which I thought was good. One flavor is that the
login page doesn't redirect properly--the WLC fqdn shows in the
I think we can run multiple EAP types on our ACS (v4.2), but TTLS/PAP is not
one of them. In fact, I don't think TTLS is supported at all. It looks like
EAP-GTC is on the list now, and might be kludged somehow. I've found Cisco
support for ACS to be awful--usually it takes me about 2 days to
My security folks would like to put security cameras in some of the older
parking lots. They have locations where they can connect power, but don't have
any conduits for fiber. Does anyone on the list have experience with using
wireless for parking lot security cameras? We normally use Cisco
at the
computer startup and logon.
This GPO policy can be configured under Domain Policy Computer
Configuration Administrative Templates System Logon.
On Wed, Jan 20, 2010 at 5:01 PM, John York yo...@brcc.edu wrote:
Hi
We are moving some of our labs from wired
Hi
We are moving some of our labs from wired to wireless, but running into
problems with the windows client. (We run Vista in our labs now,
hopefully will change to 7 before long.) At present the machines
autologin with cached credentials, then they authenticate to the
wireless network. This
in Vista. It's
worked on our XP machines, but I personally haven't tried it on Vista.
Mearl
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of John York
Sent: Wednesday, January 20, 2010 4:01 PM
Cisco ACS as RADIUS with an LDAP back-end is a problem. At least it's been
driving me nuts and if anyone finds an easy solution I'll be glad to hear it.
LDAP doesn't provide the authentication channel that standard EAP and PEAP use,
so you're stuck with a protocol that isn't supported by
to optimize coverage.
Heath
John York wrote:
Hi
We have a small installation with about 40 Cisco lwap's (b/g)
running
on
a Cisco 4402. I've just gotten a request from a group that wants to
run
50+ clients in one room. The last time we tried that about 4 years
ago,
it was a disaster
, and they kept grabbing each other instead of the AP's. Ugh. How
do folks handle this now? With my current system can I just throw a
couple more AP's in the room and let them have at it?
Thanks
John
John York
Blue Ridge Community College, VA
**
Participation and subscription information
We were having a problem where webauth on our 4402 would quit working
and we had to reboot the WLC to fix it. Just got this note from TAC:
The new code 4.2.205.0 is out and the fix for bug CSCsx07878 is in this
release. We're loading the new code now. We may not know if it worked
until August
, so that
should be enough.
Thanks
John
John York
Network Engineer
Blue Ridge Community College
1 College Lane, Weyers Cave, VA 24486
Thanks for the feedback. I am still wondering about the light poles?
John
We are considering mesh deployments in some of our outdoor areas
After reading all the traffic on this list about the safest load to run
on WLC's, I upgraded to 4.2.176.0 last week. Turns out it has all the
patches incorporated. Cool! Thanks guys!!
John
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
at that point and having a WLC saves lots of time.
Thanks
John
John York
Network Engineer
Blue Ridge Community College
1 College Lane, Weyers Cave, VA 24486
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Jr., D.
Michael
We just got a letter from lawyers saying that idEngines has made a
decision to begin a process to sell its assets. That's too bad, since
they had a great product. Don't know what it means about support...
John
John York
Network Engineer
Blue Ridge Community College, VA
**
Participation
me know.
Thanks
John
John York
Network Engineer
Blue Ridge Community College
Weyers Cave, VA
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset
Sent: Tuesday, August 26, 2008 10:06 AM
To: WIRELESS-LAN
@LISTSERV.EDUCAUSE.EDU
*Sender:* The EDUCAUSE Wireless Issues Constituent Group Listserv
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *From:* John York [EMAIL PROTECTED]
*Subject:* Giving certs to students *In-Reply-To:*
A[EMAIL PROTECTED]
*Content-Type:* text/plain; charset=us-ascii
This is a follow
This is a follow on to my thread and the others trying to figure out
which method to use in the encryption alphabet soup. We may be driven
to go to EAP-TLS, which means student certs. Are there products out
there that make the cert-issuing process easy? The last thing we need
is for every
on the student machines, or is there another way?
John York
Network Engineer
Blue Ridge Community College
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
I can imagine a student sitting outside the classroom before class,
typing feverishly to get the *big assignment* completed in time to turn
in. Then, at the minute class starts, the wireless boots him. The
screams could be quite impressive...
John
-Original Message-
From: The
Hi Tom
It was fun working with you back in the days when we had a real Cisco
engineer. 4400 AP's! I thought I'd done something when I got one WLC
and 36 AP's up this summer...
John
John York
Network Engineer
Blue Ridge Community College
1 College Lane, Weyers Cave, VA 24486
540.453.2255
conduit through the
wall and mount the antenna outside, as high up as we can get it. This
requires a very cooperative BG department, tho...
John York
Network Engineer
Blue Ridge Community College
-Original Message-
From: Allen Matthews [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September
76 matches
Mail list logo
