Re: [WIRELESS-LAN] ID Engines, 802.1x Supplicant Configuration
Lee, We've had good experience with the Id Engines 802.1X installer. Initially we couldn't find an installer that would do 100% of the 802.1X configuration so we wrote our own that created the 802.1X wireless SSID, configured encryption, server certificates, and MSCHAP properties. However that was hard to support as new 3rd party supplicants came out. Our testing showed that the Id Engine's performed as well as our installer and included Macintosh support. It seems to work most of the time and they are really good about fixing problems as soon you find them. So far they are the only solution that does 100% of the configuration and I'd highly recommend them. --- David Spindler University of Texas at Austin Phone: 512-475-9299(w) 512-775-8033(c) Public Key at : http://webspace.utexas.edu/~spindler/pubkey.txt On Fri, 28 Sep 2007, Lee H Badman wrote: We are roughly 2/3 of the way through a migration of users to 802.1x, having retired our wireless VPN option and working towards drastically reducing our captive portal gateways. Before the opening of school, we put a lot of effort into "scripting" client configuration utilities for XP, Vista, and Mac, which basically created a new wireless profile on each machine using the native supplicant in each OS. We did look at both ID Engines and Juniper's Odyssey client as potential alternatives, but each had limits at the time (no Vista support, no Mac, no support for foreign languages, etc) Although our methods were pretty good, as we look towards improvement we're wondering if anyone has actually tried ID Engines on a large scale (we have 5,000 + users on when we get busy, and that will grow fast as the WLAN continues to grow), and wouldn't mind sharing feedback? Thanks- Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] ID Engines, 802.1x Supplicant Configuration
Have you tried the Aruba version? -Emerson -Original Message- From: David Spindler [mailto:[EMAIL PROTECTED] Sent: Monday, October 01, 2007 11:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] ID Engines, 802.1x Supplicant Configuration Lee, We've had good experience with the Id Engines 802.1X installer. Initially we couldn't find an installer that would do 100% of the 802.1X configuration so we wrote our own that created the 802.1X wireless SSID, configured encryption, server certificates, and MSCHAP properties. However that was hard to support as new 3rd party supplicants came out. Our testing showed that the Id Engine's performed as well as our installer and included Macintosh support. It seems to work most of the time and they are really good about fixing problems as soon you find them. So far they are the only solution that does 100% of the configuration and I'd highly recommend them. --- David Spindler University of Texas at Austin Phone: 512-475-9299(w) 512-775-8033(c) Public Key at : http://webspace.utexas.edu/~spindler/pubkey.txt On Fri, 28 Sep 2007, Lee H Badman wrote: > We are roughly 2/3 of the way through a migration of users to 802.1x, > having retired our wireless VPN option and working towards drastically > reducing our captive portal gateways. Before the opening of school, we > put a lot of effort into "scripting" client configuration utilities for > XP, Vista, and Mac, which basically created a new wireless profile on > each machine using the native supplicant in each OS. > > We did look at both ID Engines and Juniper's Odyssey client as potential > alternatives, but each had limits at the time (no Vista support, no Mac, > no support for foreign languages, etc) > > Although our methods were pretty good, as we look towards improvement > we're wondering if anyone has actually tried ID Engines on a large scale > (we have 5,000 + users on when we get busy, and that will grow fast as > the WLAN continues to grow), and wouldn't mind sharing feedback? > > Thanks- > > > > Lee H. Badman > Wireless/Network Engineer > Information Technology and Services > Syracuse University > 315 443-3003 > > > ** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WiSM/6500 and LWAPP
I agree, the WiSM/WLC docs are unimpressive. This FAQ has some useful bit and pieces: http://cisco.com/en/US/customer/products/ps6366/products_qanda_item09186a008064a991.shtml Note that Cisco has recently re-engineered the radio resource management (RRM) system to make it more stable. You need recent code to get the latest fixes (we're running 4.1.185.0). This doc explains how RRM works in detail: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072c759.shtml If you have the Wireless Control Server then you can run reports on channel and power changes for all APs known to the controllers and that can show you how things are working WRT to RF channel assignments and power levels in RRM. Be aware that even with the new RRM system the channels can repeatedly change due to anything that RRM regards as excessive external interference. After I lost my connection on my Dell laptop at every Friday morning staff meeting I found that it was due to the microwave oven down the hall being used to heat breakfast. (My laptop has a pretty common setup: WinXP with Intel PRO/Wireless 2200BG NIC with current OS and NIC patch levels.) Other staffers at the meeting didn't notice the change from chan 1 to 11. Presumably their NICs and drivers were better at maintaining a connection and following the channel. However, rather than risk other users on campus losing their connections due to the "microwave burrito effect" we decided to tell RRM to chill out on the channel changes and modified the RRM channel change behavior on all WLCs to occur only once per 24 hours at 3 am. The new code makes this easy to configure, but the commands to do so are in the release notes and haven't made it into the main docs as yet. -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking [EMAIL PROTECTED] / 512.475.9265 On Tue, Sep 25, 2007 at 11:56:05AM -0700, Pham, Loc wrote: > > Guys, > > I am assume the deployment of few 6500/WiSM and about 800 AP. So >far just read up on the Doc ( which is very primitive ! ). > > Deployment will be mix of LEAP/PEAP environment. > > Any word of wisdom? gotcha? > > TIA, > > >Regards, > >Loc Pham, CCIE # 17030 - Sr. Network Staff, > >IT Network Architecture & Security,UCSF Medical Center > >Office 415-353-4492 > > >** Participation and subscription information for this >EDUCAUSE Constituent Group discussion list can be found at >http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
[no subject]
Just now starting to poke at this- we have an open-auth network and an 802.1x network. In areas where we are more hot-spotty and a client can only see a single AP, we're getting a fair number of reports that the 802.1x network is weaker in signal out of the same LWAPP Cisco AP than the open WLAN SSID is. My first thought is that it's likely in the way that RSSI/"bars" are displayed on individual clients, but we're also hearing that the 802.1x network in these spots was too weak to use, but when jumping over to the open network, the connection was usable. Has anyone else had to deal with this perception? Mostly this seems to be a Mac issue, but not exclusively. Again- haven't done much real testing, but are hearing it enough where I wonder if others have seen similar. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN]
Hi, We have also seen this when looking into problem areas using Airmagnet Laptop analyzer the signal strength from the same ap on different ssids fluctuates, usually with the open ssid having stronger signal strength. Not sure why, but we would also be interested to hear if there is a reason. Regards, Peter. Peter Arbouin Network Engineer Network Operations Centre, ITS Queensland University of Technology Brisbane, QLD, Australia PH: (07) 313 81030 From: Lee H Badman [mailto:[EMAIL PROTECTED] Sent: Tuesday, 2 October 2007 6:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Just now starting to poke at this- we have an open-auth network and an 802.1x network. In areas where we are more hot-spotty and a client can only see a single AP, we're getting a fair number of reports that the 802.1x network is weaker in signal out of the same LWAPP Cisco AP than the open WLAN SSID is. My first thought is that it's likely in the way that RSSI/"bars" are displayed on individual clients, but we're also hearing that the 802.1x network in these spots was too weak to use, but when jumping over to the open network, the connection was usable. Has anyone else had to deal with this perception? Mostly this seems to be a Mac issue, but not exclusively. Again- haven't done much real testing, but are hearing it enough where I wonder if others have seen similar. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.