RE: Google Marketplace / Play IP address range
Ryan, Don't forget the Amazon App Store for Kindle devices too. The IP address ranges will vary because Google Amazon use CDNs (Content Distribution Networks) to distribute their load. We are currently controlling access by DNS capture any IP address ACL. I sometimes make the IP address ranges broad because we are restricting by DNS too. This minimizes needed changes if IP addresses change slightly within the same subnet. We use larger masks when many addresses are discovered in a close range. I do packet captures to get the needed information by using Shark for Root on our rooted Android test device. Here (I think) is what we allow for the Android devices to download XpressConnect. DNS Zones: Google Play Android.clients.google.com Android.l.google.com Ggpht.com Photos-ugc.l.google.com Amazon App Store Mst-ext.amazon.com Mas-ext.amazon.com Images-amazon.com Amzadsi-a.akamaihd.net Not sure if this next one is needed for this Dig0kk115kms0.cloudfront.net IP Subnets; (allow hhtp/https) Google Play 74.125.228.0/24 173.194.7.0/24 173.194.43.0/24 173.194.53.0/24 208.117.224.0/19 208.117.254.0/24 216.12.120.0/24 Amazon App Store 72.21.0.0/16 184.84.227.3/32 [host] 207.171.162.142/32 [host] 216.137.33.0/24 Bruce Osborne Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] Sent: Thursday, April 25, 2013 1:49 PM Subject: Re: Google Marketplace / Play IP address range Yeah, I want to say we tried that a while ago, and users still had issues. I think that was the first thing I tried. I am only coming back to this after seeing our previous work was opening up too much and people were using our authenticated setup portal to do more than grab the config ;) Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds Sent: Thursday, April 25, 2013 1:38 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Instead of address range, you could also just open the port. http://support.google.com/googleplay/bin/answer.py?hl=enanswer=1647495 ports required to use Google Play (TCP and UDP 5228). Walter Reynolds Principal Systems Security Development Engineer Information and Technology Services University of Michigan (734) 615-9438 On Thu, Apr 25, 2013 at 11:21 AM, Turner, Ryan H rhtur...@email.unc.edumailto:rhtur...@email.unc.edu wrote: Thanks, Peppino! I will have to explore that option a little more. Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Thursday, April 25, 2013 11:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range It is actually pretty simple when they are directed to download the app the third option in the pull down is local download, and xpressconnect with walk them through enabling unknown source app install. We are currently using xpressconnect and do not allow them to get to anything but the xpressconnect server. We haven't run into many issues with android users other then student not reading what the page tells them, and that usually goes across all platforms. Pino Peppino Muraca Sr. Network Administrator Stonehill College 508-565-1193tel:508-565-1193 pmur...@stonehill.edumailto:pmur...@stonehill.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Thursday, April 25, 2013 11:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Thanks. Unfortunately, I don't know how common that is (the option about trusting non google apps), or if it's worth having to get those users to follow more steps. I am not an android user, but for people that I have tested this on, they are required to go to Playstore. Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Thursday, April 25, 2013 10:23 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Ryan, you don't need to open up your ssid to the playstore, xpressconnect has the app locally on the server you have it running from. You should have three options to download the xpressconnect app from,playstore, amazon app store and locally. The devices will need to have allow apps from unknown sources to be checked off. Pino Peppino Muraca Sr. Network
RE: Google Marketplace / Play IP address range
Thanks! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W Sent: Friday, April 26, 2013 7:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Ryan, Don't forget the Amazon App Store for Kindle devices too. The IP address ranges will vary because Google Amazon use CDNs (Content Distribution Networks) to distribute their load. We are currently controlling access by DNS capture any IP address ACL. I sometimes make the IP address ranges broad because we are restricting by DNS too. This minimizes needed changes if IP addresses change slightly within the same subnet. We use larger masks when many addresses are discovered in a close range. I do packet captures to get the needed information by using Shark for Root on our rooted Android test device. Here (I think) is what we allow for the Android devices to download XpressConnect. DNS Zones: Google Play Android.clients.google.com Android.l.google.com Ggpht.com Photos-ugc.l.google.com Amazon App Store Mst-ext.amazon.com Mas-ext.amazon.com Images-amazon.com Amzadsi-a.akamaihd.net Not sure if this next one is needed for this Dig0kk115kms0.cloudfront.net IP Subnets; (allow hhtp/https) Google Play 74.125.228.0/24 173.194.7.0/24 173.194.43.0/24 173.194.53.0/24 208.117.224.0/19 208.117.254.0/24 216.12.120.0/24 Amazon App Store 72.21.0.0/16 184.84.227.3/32 [host] 207.171.162.142/32 [host] 216.137.33.0/24 Bruce Osborne Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] Sent: Thursday, April 25, 2013 1:49 PM Subject: Re: Google Marketplace / Play IP address range Yeah, I want to say we tried that a while ago, and users still had issues. I think that was the first thing I tried. I am only coming back to this after seeing our previous work was opening up too much and people were using our authenticated setup portal to do more than grab the config ;) Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds Sent: Thursday, April 25, 2013 1:38 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Instead of address range, you could also just open the port. http://support.google.com/googleplay/bin/answer.py?hl=enanswer=1647495 ports required to use Google Play (TCP and UDP 5228). Walter Reynolds Principal Systems Security Development Engineer Information and Technology Services University of Michigan (734) 615-9438 On Thu, Apr 25, 2013 at 11:21 AM, Turner, Ryan H rhtur...@email.unc.edumailto:rhtur...@email.unc.edu wrote: Thanks, Peppino! I will have to explore that option a little more. Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Thursday, April 25, 2013 11:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range It is actually pretty simple when they are directed to download the app the third option in the pull down is local download, and xpressconnect with walk them through enabling unknown source app install. We are currently using xpressconnect and do not allow them to get to anything but the xpressconnect server. We haven't run into many issues with android users other then student not reading what the page tells them, and that usually goes across all platforms. Pino Peppino Muraca Sr. Network Administrator Stonehill College 508-565-1193tel:508-565-1193 pmur...@stonehill.edumailto:pmur...@stonehill.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Thursday, April 25, 2013 11:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Thanks. Unfortunately, I don't know how common that is (the option about trusting non google apps), or if it's worth having to get those users to follow more steps. I am not an android user, but for people that I have tested this on, they are required to go to Playstore. Ryan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. Sent: Thursday, April 25, 2013 10:23 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Google Marketplace / Play IP address range Ryan, you don't need to open up your ssid to the playstore, xpressconnect has
Paying for eduroam (US)?
After inquiring about joining eduroam (US), I was a little more than shocked to discover that this is now a paid service offered by Internet2. As we are not I2 members, the yearly costs would be about $1500/year for our institution. I am wondering what other people think about this, especially non-I2 members. Is this service worth that much per year? I am also concerned that these costs will slow or halt adoption of eduroam at smaller non-I2 schools, thereby limiting the benefits of the service. -- Jason Schmidt Network Engineer UW-Whitewater ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WiSM2 7.4 stability issues?
Hey All, I ran 7.4 code on our 5508's when it came out and noticed that my coverage area was drastically reduced. I had to roll back to 7.3 after I found this bug. It mentions only affecting the 5508 but I've seen many bugs affect platforms that weren't listed. Thought I would add that into the mix for everyone. TPC in 7.4 reduces transmit power to lower than expected values. Symptom: In 7.4, primarily in high density setups, neighbor rssi is much higher than prior code versions. This causes the transmit power to be lowered. Conditions: Workaround: Setup min - max power levels for TPC, so that the power levels do not fall below the expected value Craig Eyre Network Analyst IT Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary AB T2P 3T5 P. 403.440.5199 E. ce...@mtroyal.ca The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather in a lack of will. Vincent T. Lombardi From: Jeffrey Sessler j...@scrippscollege.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU, Date: 04/25/2013 05:19 PM Subject:Re: [WIRELESS-LAN] Cisco WiSM2 7.4 stability issues? Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU The AP and code download issue, at least the bug mentioned, was a problem with the code loaded at manufacturing on some WiSM2 cards. The installed code was missing some of the AP boot code, and without the AP boot code, AP's never got what they needed. Re-installing the same code and/or newer fixed it. That's not really a bug out of development - it's a problem with manufacturing. As for rebooting AP's - It could be a fringe case that's causing it. We had a heck of a time with the original 1252 AP's occasionally rebooting/locking a radio, and the wireless business unit worked directly with us on resolving the issues. In just about every case, the issue was something unexpected from a client, and once identified, Cisco coded around it. If you'd like to pass on specific issues, I'd be happy to raise them via my channels. My local team seems to get a pretty fast response from the wireless business unit. Jeff On Thursday, April 25, 2013 at 3:35 PM, in message 943da0e70434ca499ad0088fb90eaadebd8...@suex10-mbx-05.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: Hi Jeff, Agreed on client stuff, but not on rebooting APs and code downloads that hang. Its just too much in line with Cisco's long bug train a' running... Would be different if this wasnt premium equipment. Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003
Re: [WIRELESS-LAN] Paying for eduroam (US)?
As far as I know, the cost is to cover the RADIUS proxy servers that are needed for eduroam to operate. ** Tim Cappalli*, *Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edu On Fri, Apr 26, 2013 at 11:14 AM, Schmidt, Jason W schm...@uww.edu wrote: After inquiring about joining eduroam (US), I was a little more than shocked to discover that this is now a paid service offered by Internet2. As we are not I2 members, the yearly costs would be about $1500/year for our institution. I am wondering what other people think about this, especially non-I2 members. Is this service worth that much per year? I am also concerned that these costs will slow or halt adoption of eduroam at smaller non-I2 schools, thereby limiting the benefits of the service. ** ** -- Jason Schmidt Network Engineer UW-Whitewater ** ** ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Paying for eduroam (US)?
Jason, When I first started eduroam in the US, I did that on my spare time while working at University of Tennessee and while supporting our growing Wi-Fi network. Mike (2004-2006), Dave (2007-2010), and Chad (2010-now) were my eduroam acolytes over the years. I couldn't have done it without them. When the success of eduroam started picking up our group at University of Tennessee realized that it was not sustainable and Internet2 stepped in. With the help of the National Science Foundation, Internet2 is now representing the service and Chad and myself are doing operations and some RD when time permits. With the current growth we will need a third person next month! The NSF grant is now ending and Internet2 will subsidize its members. Non-members will be charged a fee to support the service in the US. We certainly hope that these costs will not slow the adoption of the service since it is having such a great momentum . We are also revisiting the cost model to consider small schools that are now joining the service. Thank you, Philippe Philippe Hanset www.eduroam.ushttp://www.eduroam.us On Apr 26, 2013, at 11:14 AM, Schmidt, Jason W schm...@uww.edumailto:schm...@uww.edu wrote: After inquiring about joining eduroam (US), I was a little more than shocked to discover that this is now a paid service offered by Internet2. As we are not I2 members, the yearly costs would be about $1500/year for our institution. I am wondering what other people think about this, especially non-I2 members. Is this service worth that much per year? I am also concerned that these costs will slow or halt adoption of eduroam at smaller non-I2 schools, thereby limiting the benefits of the service. -- Jason Schmidt Network Engineer UW-Whitewater ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WiSM2 7.4 stability issues?
FYI, did get a build 7.4.103.3 from the TAC that fixed the coverage area bug for our 5508s. Ran on it for almost a week but still had problems with our 1142s randomly reloading so went back to 7.3.112.0. best! jim On 4/26/2013 11:21 AM, Craig Eyre wrote: Hey All, I ran 7.4 code on our 5508's when it came out and noticed that my coverage area was drastically reduced. I had to roll back to 7.3 after I found this bug. It mentions only affecting the 5508 but I've seen many bugs affect platforms that weren't listed. Thought I would add that into the mix for everyone. TPC in 7.4 reduces transmit power to lower than expected values. Symptom: In 7.4, primarily in high density setups, neighbor rssi is much higher than prior code versions. This causes the transmit power to be lowered. Conditions: Workaround: Setup min - max power levels for TPC, so that the power levels do not fall below the expected value Craig Eyre Network Analyst IT Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary AB T2P 3T5 P. 403.440.5199 E. ce...@mtroyal.ca "The difference between a successful person and others is not a lack of strength, not a lack of knowledge, but rather in a lack of will." Vincent T. Lombardi Jeffrey Sessler ---04/25/2013 05:19:17 PM---The AP and code download issue, at least the bug mentioned, was a problem with the code loaded at ma From: Jeffrey Sessler j...@scrippscollege.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU, Date: 04/25/2013 05:19 PM Subject: Re: [WIRELESS-LAN] Cisco WiSM2 7.4 stability issues? Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU The AP and code download issue, at least the bug mentioned, was a problem with the code loaded at manufacturing on some WiSM2 cards. The installed code was missing some of the AP boot code, and without the AP boot code, AP's never got what they needed. Re-installing the same code and/or newer fixed it. That's not really a bug out of development - it's a problem with manufacturing. As for rebooting AP's - It could be a fringe case that's causing it. We had a heck of a time with the original 1252 AP's occasionally rebooting/locking a radio, and the wireless business unit worked directly with us on resolving the issues. In just about every case, the issue was something unexpected from a client, and once identified, Cisco coded around it. If you'd like to pass on specific issues, I'd be happy to raise them via my channels. My local team seems to get a pretty fast response from the wireless business unit. Jeff On Thursday, April 25, 2013 at 3:35 PM, in message 943da0e70434ca499ad0088fb90eaadebd8...@suex10-mbx-05.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: Hi Jeff, Agreed on client stuff, but not on rebooting APs and code downloads that hang. Its just too much in line with Cisco's long bug train a' running... Would be different if this wasnt premium equipment. Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeffrey Sessler [j...@scrippscollege.edu] Sent: Thursday, April 25, 2013 5:42 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re:
RE: Paying for eduroam (US)?
Jason, thanks for the posting, that was the first we'd heard of eduroam going to fee based service, we've been using it for a year or so and it's been very helpful, but I'm not sure it's going to be worth $2500 a year to have it. Internet2 will be collecting the fees for non-members and turn the majority to us (we have formed a company to manage the growth of the service called ANYROAM LLC) http://www.internet2.edu/netplus/eduroam/pricing.html From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Schmidt, Jason W Sent: Friday, April 26, 2013 11:14 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Paying for eduroam (US)? After inquiring about joining eduroam (US), I was a little more than shocked to discover that this is now a paid service offered by Internet2. As we are not I2 members, the yearly costs would be about $1500/year for our institution. I am wondering what other people think about this, especially non-I2 members. Is this service worth that much per year? I am also concerned that these costs will slow or halt adoption of eduroam at smaller non-I2 schools, thereby limiting the benefits of the service. -- Jason Schmidt Network Engineer UW-Whitewater ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.