date:20080411

Re: [WIRELESS-LAN] Meru Captive Portal

2008-04-11 Thread Alan Carlson

- Original Message - 
From: "Sean Che" <[EMAIL PROTECTED]>

To: 
Sent: Friday, April 11, 2008 2:57 PM
Subject: [WIRELESS-LAN] Meru Captive Portal

Dear All,

We are using Meru product here in Wayne State University.  Recently we 
have been having issues on its captive portal with SSL certificate.  Since 
the built-in captive portal uses self-sign certificate, users see security 
pop-up from their browsers whenever they are redirected to the login page. 
We were told by Meru support person that custom cert are not supported in 
controller firmware version 3.4. and since we are using AP300 series 
products, it will not be support in its newer version 3.5, not until 3.6 
come out.  We are wondering if anybody else in this group are having the 
same problem and how did you solve the problem?  Thanks!

Sean Che
Network Engineer
Network Services
Wayne State University

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

2008-04-11 Thread Lee Weers

I haven't yet.  That is still my stumbling block.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Friday, April 11, 2008 3:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

How did you deal with Wireless PDAs?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Friday, April 11, 2008 4:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Enabling the check server cert has been very hit and miss for me.  It
has depended on mostly on the client drivers.  Some wouldn't auth until
it was checked.

For domain computers, I created a group that we add all wireless
computer objects too, and that group is then in the IAS policy.  The
less secure way is to add the group "Domain computers".  By default all
Domain Computers are added to this group.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Friday, April 11, 2008 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Where is your publicly recognized certificate?  On your IAS server? AD
Server?  I have our certificate servers setup and IAS servers but can't
enable the option to check the server's certificate.  If I uncheck that
option in the wireless configuration settings it works.

Also how does everyone handle domain computers?  I issued all computers
certificates and told the system to authenticate as the computer if
possible so they could hit active directory to authenticate.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Tuesday, April 08, 2008 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I don't run redundant certificate authorities.  I also only have 1 IAS
server because we are in the beginning stages of our deployment (so far
a high of about 90 clients).  I am planning to expand to a 2nd IAS
server this fall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Tuesday, April 08, 2008 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Do you run redundant Certificate Authorities?  Or if your certificate
authority goes down is your wireless out until you rebuild and restore?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Thursday, April 03, 2008 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP
WESM.  We are using Peap and MS-CHAPv2 with a WLAN certificate from
Verisign.

The documents I used to setup the IAS server is here.
http://support.microsoft.com/kb/325725/en-us
http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_
1.mspx

Our wireless setup document is here
http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF

CAVEATS I have found.
You do need to authenticate the computer accounts for domain joined
computers' login scripts to run.  That was a big gotcha I found.  Then
on personally owned computers you need to turn off use computer
credentials.

Also PDA's I have yet to get working.  They say they work with
PEAP-MS-CHAP-v2, but they still want a personal certificate.  I don't
know why they still want a personal cert.  So if someone wants to help
me with that problem or help me dig up the info to enable EAP-TLS on an
IAS server I'd be glad to hear from you.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Wednesday, April 02, 2008 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Does anyone have experience setting up a Cisco WiSM with IAS Radius and
Encryption.  Basically I want to have our WiSM authenticate wireless
users to our Active Directory, which we can do directly.  I also want
the wireless secured through WPA and/or

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

2008-04-11 Thread Daniel Bennett

How did you deal with Wireless PDAs?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Lee Weers
Sent: Friday, April 11, 2008 4:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Enabling the check server cert has been very hit and miss for me.  It
has depended on mostly on the client drivers.  Some wouldn't auth until
it was checked.

For domain computers, I created a group that we add all wireless
computer objects too, and that group is then in the IAS policy.  The
less secure way is to add the group "Domain computers".  By default all
Domain Computers are added to this group.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Friday, April 11, 2008 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Where is your publicly recognized certificate?  On your IAS server? AD
Server?  I have our certificate servers setup and IAS servers but can't
enable the option to check the server's certificate.  If I uncheck that
option in the wireless configuration settings it works.

Also how does everyone handle domain computers?  I issued all computers
certificates and told the system to authenticate as the computer if
possible so they could hit active directory to authenticate.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Tuesday, April 08, 2008 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I don't run redundant certificate authorities.  I also only have 1 IAS
server because we are in the beginning stages of our deployment (so far
a high of about 90 clients).  I am planning to expand to a 2nd IAS
server this fall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Tuesday, April 08, 2008 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Do you run redundant Certificate Authorities?  Or if your certificate
authority goes down is your wireless out until you rebuild and restore?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Thursday, April 03, 2008 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP
WESM.  We are using Peap and MS-CHAPv2 with a WLAN certificate from
Verisign.

The documents I used to setup the IAS server is here.
http://support.microsoft.com/kb/325725/en-us
http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_
1.mspx

Our wireless setup document is here
http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF

CAVEATS I have found.
You do need to authenticate the computer accounts for domain joined
computers' login scripts to run.  That was a big gotcha I found.  Then
on personally owned computers you need to turn off use computer
credentials.

Also PDA's I have yet to get working.  They say they work with
PEAP-MS-CHAP-v2, but they still want a personal certificate.  I don't
know why they still want a personal cert.  So if someone wants to help
me with that problem or help me dig up the info to enable EAP-TLS on an
IAS server I'd be glad to hear from you.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Wednesday, April 02, 2008 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Does anyone have experience setting up a Cisco WiSM with IAS Radius and
Encryption.  Basically I want to have our WiSM authenticate wireless
users to our Active Directory, which we can do directly.  I also want
the wireless secured through WPA and/or WPA2 encryption without having
to email the key to everyone.  I know it can be done but can't find out
how to do this.

The process I want:
1. Computer connects to AP
2. Encryption key is passed to computer and transmission is now secured
3. Internet Browser redirected to login page
4. AD credentials are entered
5. Authen

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

2008-04-11 Thread Lee Weers

Enabling the check server cert has been very hit and miss for me.  It
has depended on mostly on the client drivers.  Some wouldn't auth until
it was checked.

For domain computers, I created a group that we add all wireless
computer objects too, and that group is then in the IAS policy.  The
less secure way is to add the group "Domain computers".  By default all
Domain Computers are added to this group.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Friday, April 11, 2008 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Where is your publicly recognized certificate?  On your IAS server? AD
Server?  I have our certificate servers setup and IAS servers but can't
enable the option to check the server's certificate.  If I uncheck that
option in the wireless configuration settings it works.

Also how does everyone handle domain computers?  I issued all computers
certificates and told the system to authenticate as the computer if
possible so they could hit active directory to authenticate.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Tuesday, April 08, 2008 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I don't run redundant certificate authorities.  I also only have 1 IAS
server because we are in the beginning stages of our deployment (so far
a high of about 90 clients).  I am planning to expand to a 2nd IAS
server this fall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Tuesday, April 08, 2008 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Do you run redundant Certificate Authorities?  Or if your certificate
authority goes down is your wireless out until you rebuild and restore?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Thursday, April 03, 2008 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP
WESM.  We are using Peap and MS-CHAPv2 with a WLAN certificate from
Verisign.

The documents I used to setup the IAS server is here.
http://support.microsoft.com/kb/325725/en-us
http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_
1.mspx

Our wireless setup document is here
http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF

CAVEATS I have found.
You do need to authenticate the computer accounts for domain joined
computers' login scripts to run.  That was a big gotcha I found.  Then
on personally owned computers you need to turn off use computer
credentials.

Also PDA's I have yet to get working.  They say they work with
PEAP-MS-CHAP-v2, but they still want a personal certificate.  I don't
know why they still want a personal cert.  So if someone wants to help
me with that problem or help me dig up the info to enable EAP-TLS on an
IAS server I'd be glad to hear from you.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Wednesday, April 02, 2008 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Does anyone have experience setting up a Cisco WiSM with IAS Radius and
Encryption.  Basically I want to have our WiSM authenticate wireless
users to our Active Directory, which we can do directly.  I also want
the wireless secured through WPA and/or WPA2 encryption without having
to email the key to everyone.  I know it can be done but can't find out
how to do this.

The process I want:
1. Computer connects to AP
2. Encryption key is passed to computer and transmission is now secured
3. Internet Browser redirected to login page
4. AD credentials are entered
5. Authenticate
6. Internal IP issued and good to go.

We have 1,3,4,5,6 done.  Step 2 we have working by putting the key into
the computers but that is a pain.

Any suggestions?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educ

Meru Captive Portal

2008-04-11 Thread Sean Che


Dear All,

We are using Meru product here in Wayne State University.  Recently we 
have been having issues on its captive portal with SSL certificate.  
Since the built-in captive portal uses self-sign certificate, users see 
security pop-up from their browsers whenever they are redirected to the 
login page.  We were told by Meru support person that custom cert are 
not supported in controller firmware version 3.4. and since we are using 
AP300 series products, it will not be support in its newer version 3.5, 
not until 3.6 come out.  We are wondering if anybody else in this group 
are having the same problem and how did you solve the problem?  Thanks!


Sean Che
Network Engineer
Network Services
Wayne State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

2008-04-11 Thread Lee Weers

My public cert is on the IAS server.  I used the certificates mmc to
generate the cert request to send to verisign so I didn't have to
install IIS.



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Friday, April 11, 2008 2:43 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Where is your publicly recognized certificate?  On your IAS server? AD
Server?  I have our certificate servers setup and IAS servers but can't
enable the option to check the server's certificate.  If I uncheck that
option in the wireless configuration settings it works.

Also how does everyone handle domain computers?  I issued all computers
certificates and told the system to authenticate as the computer if
possible so they could hit active directory to authenticate.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Tuesday, April 08, 2008 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I don't run redundant certificate authorities.  I also only have 1 IAS
server because we are in the beginning stages of our deployment (so far
a high of about 90 clients).  I am planning to expand to a 2nd IAS
server this fall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Tuesday, April 08, 2008 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Do you run redundant Certificate Authorities?  Or if your certificate
authority goes down is your wireless out until you rebuild and restore?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Thursday, April 03, 2008 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP
WESM.  We are using Peap and MS-CHAPv2 with a WLAN certificate from
Verisign.

The documents I used to setup the IAS server is here.
http://support.microsoft.com/kb/325725/en-us
http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_
1.mspx

Our wireless setup document is here
http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF

CAVEATS I have found.
You do need to authenticate the computer accounts for domain joined
computers' login scripts to run.  That was a big gotcha I found.  Then
on personally owned computers you need to turn off use computer
credentials.

Also PDA's I have yet to get working.  They say they work with
PEAP-MS-CHAP-v2, but they still want a personal certificate.  I don't
know why they still want a personal cert.  So if someone wants to help
me with that problem or help me dig up the info to enable EAP-TLS on an
IAS server I'd be glad to hear from you.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Wednesday, April 02, 2008 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Does anyone have experience setting up a Cisco WiSM with IAS Radius and
Encryption.  Basically I want to have our WiSM authenticate wireless
users to our Active Directory, which we can do directly.  I also want
the wireless secured through WPA and/or WPA2 encryption without having
to email the key to everyone.  I know it can be done but can't find out
how to do this.

The process I want:
1. Computer connects to AP
2. Encryption key is passed to computer and transmission is now secured
3. Internet Browser redirected to login page
4. AD credentials are entered
5. Authenticate
6. Internal IP issued and good to go.

We have 1,3,4,5,6 done.  Step 2 we have working by putting the key into
the computers but that is a pain.

Any suggestions?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituen

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

2008-04-11 Thread Daniel Bennett

Where is your publicly recognized certificate?  On your IAS server? AD Server?  
I have our certificate servers setup and IAS servers but can't enable the 
option to check the server's certificate.  If I uncheck that option in the 
wireless configuration settings it works.

Also how does everyone handle domain computers?  I issued all computers 
certificates and told the system to authenticate as the computer if possible so 
they could hit active directory to authenticate.

Thanks,

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Lee Weers
Sent: Tuesday, April 08, 2008 2:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I don't run redundant certificate authorities.  I also only have 1 IAS
server because we are in the beginning stages of our deployment (so far
a high of about 90 clients).  I am planning to expand to a 2nd IAS
server this fall.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Tuesday, April 08, 2008 1:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Do you run redundant Certificate Authorities?  Or if your certificate
authority goes down is your wireless out until you rebuild and restore?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee Weers
Sent: Thursday, April 03, 2008 1:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP
WESM.  We are using Peap and MS-CHAPv2 with a WLAN certificate from
Verisign.

The documents I used to setup the IAS server is here.
http://support.microsoft.com/kb/325725/en-us
http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_
1.mspx

Our wireless setup document is here
http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF

CAVEATS I have found.
You do need to authenticate the computer accounts for domain joined
computers' login scripts to run.  That was a big gotcha I found.  Then
on personally owned computers you need to turn off use computer
credentials.

Also PDA's I have yet to get working.  They say they work with
PEAP-MS-CHAP-v2, but they still want a personal certificate.  I don't
know why they still want a personal cert.  So if someone wants to help
me with that problem or help me dig up the info to enable EAP-TLS on an
IAS server I'd be glad to hear from you.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett
Sent: Wednesday, April 02, 2008 7:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Does anyone have experience setting up a Cisco WiSM with IAS Radius and
Encryption.  Basically I want to have our WiSM authenticate wireless
users to our Active Directory, which we can do directly.  I also want
the wireless secured through WPA and/or WPA2 encryption without having
to email the key to everyone.  I know it can be done but can't find out
how to do this.

The process I want:
1. Computer connects to AP
2. Encryption key is passed to computer and transmission is now secured
3. Internet Browser redirected to login page
4. AD credentials are entered
5. Authenticate
6. Internal IP issued and good to go.

We have 1,3,4,5,6 done.  Step 2 we have working by putting the key into
the computers but that is a pain.

Any suggestions?

Daniel R. Bennett
CompTIA Security+
Information Technology Security Analyst
Pennsylvania College of Technology
One College Ave
Williamsport, PA 17701
(P) 570.329.4989

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Jon Freeman

32 channels are supported (includes the 4.9 safety bands for anyone allowed to 
use them)...no reuse of any channels...

So, 1,6,11, then all of the 5Gig (including the latest).  Normally, the new 
extended channels (and safety) are used for bridging since full client support 
isn't up to par just yet.

But that means there's 23 channels to pick from - lots of flexibility in noisy 
environments.

Behaves a lot like a L2 wired switch.

 Jon
303-808-2666
Xirrus(tm) Array...the Air  is the Network(tm)...visit us at www.xirrus.com


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of James Eyrich
Sent: Friday, April 11, 2008 12:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] many clients, one room

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

What 14 channels are you using?
Are you reusing as you go around the array or using a band?



Jon Freeman wrote:
| Some math offers insight on this question?
|
|
|
| Assuming the following:
|
|
|
| · we?re looking at a single area (i.e. lecture hall),
|
| · No retransmits are allowed (not real world, but is a best case
| example)
|
| · we?re talking about an average sized PPT of 10MB (looking
| through my PPT folder this was just my average)
|
| · Student and teacher expectations of speed is drawn from their
| homes (i.e. cable and DSL), less than this will be noticed and likely
| complained about
|
| · the room?s average data rate is 54Mbs (10 people by 10 people
| = 50ftx50ft)
|
| · 100 people, all downloading at the same time
|
| · max radio density for Meru is 3 (i.e. 3 channels of coverage,
| this is the most non-overlapping channels you can light in this area
| without interference problems using their latest gear)
|
| · Actual throughput for TCP data is 20Mbs per channel (54Mbs
| less Wi-Fi management overheads ? this is a number referred to in the
| 802.11 spec and one I?ve observed many times)
|
| · Max radio density available from other shipping solutions
| today is 15 channels
|
|
|
| _Meru Solution:_
|
|
|
| · 20Mbs x 3 = 60Mbs converting to Bytes /8 = 7.5MB/sec /100
| people = .075MB/sec (using 1024KB to the MB, this is 76KB/sec/user of
TCP!)
|
| · Time to download 10MB/.075MB = 133 sec/user to download a 10MB
| file (_about 2 minutes_), so a 40MB file would take ~8min/user?.
|
| · Link throughput then is 76KBs TCP for each user?.you decide if
| that?s acceptable
|
|
|
| _14 channel solution:_
|
|
|
| · 20Mbs x 15 = 300Mbs
|
| · 5 times the bandwidth = 5 times the throughput
|
| · 76KBs/user x 5 = 380KBs TCP for each user of link throughput
| (and this is a little bit better than most uplink speeds on home
| broadband, www.speedtest.net  is what I?ve
| used on many LANs)
|
| · Instead of 2 minutes waiting, the 10MB file downloads with
| this solution in _26 seconds_, and about  1 ½ min for a 40MB file,
| versus 8 minutes.
|
|
|
| So, we can assume that Frank?s interviews from 2 years ago don?t account
| for the latest technologies.  Sorry Frank, I don?t mean to poke holes in
| your study, but it is 2 years old and we are talking about technology.
|
|
|
| Didn?t we stop trying to manage limited bandwidth when ATM failed?  When
| did we go back to thinking that?s ok?
|
|
|
| I like more power, more speed, better, faster?.
|
|
|
|  Jon
|
| 303-808-2666
|
| *Xirrus**?** Array...the**/ Air/**  **is the Network?...visit us at
| www.xirrus.com***
|
|
|
| *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
| [mailto:[EMAIL PROTECTED] *On Behalf Of *Frank Bulk
| *Sent:* Friday, April 11, 2008 10:07 AM
| *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
| *Subject:* Re: [WIRELESS-LAN] many clients, one room
|
|
|
| Based on research and interviews I performed two years ago, it appeared
| that for dense client usage in a confined space, Meru was the product
| most often implemented.  These organizations chose Meru because it
| worked well or better than the competitor.
|
|
|
| Competitors argued that their product wasn?t set up correctly or
| optimally.
|
|
|
| I?ll let others with production networks pipe in with their experiences.
|
|
|
| Frank
|
|
|
| *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
| [mailto:[EMAIL PROTECTED] *On Behalf Of *Don Wright
| *Sent:* Friday, April 11, 2008 9:59 AM
| *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
| *Subject:* [WIRELESS-LAN] many clients, one room
|
|
|
|I know this has been talked about and debated on this list before,
| but what are people doing today when faced with a request like the need
| ?for 100 students simultaneously downloading a powerpoint
presentation".
| Recently there was discussion on MCA vs. SCA vendors and how each
| handles this worst case scenario.   Since we are an MCA (Aruba), I?d be
| interested in hearing what others have done

Re: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread James Eyrich


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

What 14 channels are you using?
Are you reusing as you go around the array or using a band?



Jon Freeman wrote:
| Some math offers insight on this question?
|
|
|
| Assuming the following:
|
|
|
| · we?re looking at a single area (i.e. lecture hall),
|
| · No retransmits are allowed (not real world, but is a best case
| example)
|
| · we?re talking about an average sized PPT of 10MB (looking
| through my PPT folder this was just my average)
|
| · Student and teacher expectations of speed is drawn from their
| homes (i.e. cable and DSL), less than this will be noticed and likely
| complained about
|
| · the room?s average data rate is 54Mbs (10 people by 10 people
| = 50ftx50ft)
|
| · 100 people, all downloading at the same time
|
| · max radio density for Meru is 3 (i.e. 3 channels of coverage,
| this is the most non-overlapping channels you can light in this area
| without interference problems using their latest gear)
|
| · Actual throughput for TCP data is 20Mbs per channel (54Mbs
| less Wi-Fi management overheads ? this is a number referred to in the
| 802.11 spec and one I?ve observed many times)
|
| · Max radio density available from other shipping solutions
| today is 15 channels
|
|
|
| _Meru Solution:_
|
|
|
| · 20Mbs x 3 = 60Mbs converting to Bytes /8 = 7.5MB/sec /100
| people = .075MB/sec (using 1024KB to the MB, this is 76KB/sec/user of
TCP!)
|
| · Time to download 10MB/.075MB = 133 sec/user to download a 10MB
| file (_about 2 minutes_), so a 40MB file would take ~8min/user?.
|
| · Link throughput then is 76KBs TCP for each user?.you decide if
| that?s acceptable
|
|
|
| _14 channel solution:_
|
|
|
| · 20Mbs x 15 = 300Mbs
|
| · 5 times the bandwidth = 5 times the throughput
|
| · 76KBs/user x 5 = 380KBs TCP for each user of link throughput
| (and this is a little bit better than most uplink speeds on home
| broadband, www.speedtest.net  is what I?ve
| used on many LANs)
|
| · Instead of 2 minutes waiting, the 10MB file downloads with
| this solution in _26 seconds_, and about  1 ½ min for a 40MB file,
| versus 8 minutes.
|
|
|
| So, we can assume that Frank?s interviews from 2 years ago don?t account
| for the latest technologies.  Sorry Frank, I don?t mean to poke holes in
| your study, but it is 2 years old and we are talking about technology.
|
|
|
| Didn?t we stop trying to manage limited bandwidth when ATM failed?  When
| did we go back to thinking that?s ok?
|
|
|
| I like more power, more speed, better, faster?.
|
|
|
|  Jon
|
| 303-808-2666
|
| *Xirrus**?** Array...the**/ Air/**  **is the Network?...visit us at
| www.xirrus.com***
|
|
|
| *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
| [mailto:[EMAIL PROTECTED] *On Behalf Of *Frank Bulk
| *Sent:* Friday, April 11, 2008 10:07 AM
| *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
| *Subject:* Re: [WIRELESS-LAN] many clients, one room
|
|
|
| Based on research and interviews I performed two years ago, it appeared
| that for dense client usage in a confined space, Meru was the product
| most often implemented.  These organizations chose Meru because it
| worked well or better than the competitor.
|
|
|
| Competitors argued that their product wasn?t set up correctly or
| optimally.
|
|
|
| I?ll let others with production networks pipe in with their experiences.
|
|
|
| Frank
|
|
|
| *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
| [mailto:[EMAIL PROTECTED] *On Behalf Of *Don Wright
| *Sent:* Friday, April 11, 2008 9:59 AM
| *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
| *Subject:* [WIRELESS-LAN] many clients, one room
|
|
|
|I know this has been talked about and debated on this list before,
| but what are people doing today when faced with a request like the need
| ?for 100 students simultaneously downloading a powerpoint
presentation".
| Recently there was discussion on MCA vs. SCA vendors and how each
| handles this worst case scenario.   Since we are an MCA (Aruba), I?d be
| interested in hearing what others have done or are planning for large
| classrooms and auditoriums.
|
| --
| Don Wright
| Network Technologies Group
| Brown University
|
| wire --- less, wi-fi ))) more
|
| ** Participation and subscription information for this EDUCAUSE
| Constituent Group discussion list can be found at
| http://www.educause.edu/groups/.
|
| ** Participation and subscription information for this EDUCAUSE
| Constituent Group discussion list can be found at
| http://www.educause.edu/groups/.
|
| ** Participation and subscription information for this EDUCAUSE
| Constituent Group discussion list can be found at
| http://www.educause.edu/groups/.

- --
James Eyrich
Wireless and Wired Network Designer
CITES - Network Design and Maintenance - Network Design Office
University of Illinois

[EMAIL PROTECTE

RE: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Jon Freeman

Load balancing is there.  There's a trick to making it work but it does (trick 
as in tricking the client to connect to less used channel/radio) - and, no 
breakage to the 802.11 spec at all i.e. fully compliant and certified.

 Jon
303-808-2666
Xirrus(tm) Array...the Air  is the Network(tm)...visit us at www.xirrus.com

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Wilson Dillaway
Sent: Friday, April 11, 2008 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] many clients, one room

Jon,
  Given that the clients make all the decisions, how can we 
assure, given 14 channels, that the users will equally balance 
themselves across all 14, rather than bunching up?

   Wilson


Jon Freeman wrote:
> Some math offers insight on this question...
> 
>  
> 
> Assuming the following:
> 
>  
> 
> · we're looking at a single area (i.e. lecture hall),
> 
> · No retransmits are allowed (not real world, but is a best case 
> example)
> 
> · we're talking about an average sized PPT of 10MB (looking 
> through my PPT folder this was just my average)
> 
> · Student and teacher expectations of speed is drawn from their 
> homes (i.e. cable and DSL), less than this will be noticed and likely 
> complained about
> 
> · the room's average data rate is 54Mbs (10 people by 10 people 
> = 50ftx50ft)
> 
> · 100 people, all downloading at the same time
> 
> · max radio density for Meru is 3 (i.e. 3 channels of coverage, 
> this is the most non-overlapping channels you can light in this area 
> without interference problems using their latest gear)
> 
> · Actual throughput for TCP data is 20Mbs per channel (54Mbs 
> less Wi-Fi management overheads - this is a number referred to in the 
> 802.11 spec and one I've observed many times)
> 
> · Max radio density available from other shipping solutions 
> today is 15 channels
> 
>  
> 
> _Meru Solution:_
> 
>  
> 
> · 20Mbs x 3 = 60Mbs converting to Bytes /8 = 7.5MB/sec /100 
> people = .075MB/sec (using 1024KB to the MB, this is 76KB/sec/user of TCP!)
> 
> · Time to download 10MB/.075MB = 133 sec/user to download a 10MB 
> file (_about 2 minutes_), so a 40MB file would take ~8min/user
> 
> · Link throughput then is 76KBs TCP for each useryou decide if 
> that's acceptable
> 
>  
> 
> _14 channel solution:_
> 
>  
> 
> · 20Mbs x 15 = 300Mbs
> 
> · 5 times the bandwidth = 5 times the throughput
> 
> · 76KBs/user x 5 = 380KBs TCP for each user of link throughput 
> (and this is a little bit better than most uplink speeds on home 
> broadband, www.speedtest.net  is what I've 
> used on many LANs)
> 
> · Instead of 2 minutes waiting, the 10MB file downloads with 
> this solution in _26 seconds_, and about  1 ½ min for a 40MB file, 
> versus 8 minutes.
> 
>  
> 
> So, we can assume that Frank's interviews from 2 years ago don't account 
> for the latest technologies.  Sorry Frank, I don't mean to poke holes in 
> your study, but it is 2 years old and we are talking about technology.
> 
>  
> 
> Didn't we stop trying to manage limited bandwidth when ATM failed?  When 
> did we go back to thinking that's ok?
> 
>  
> 
> I like more power, more speed, better, faster
> 
>  
> 
>  Jon
> 
> 303-808-2666
> 
> *Xirrus**(tm)** Array...the**/ Air/**  **is the Network(tm)...visit us at 
> www.xirrus.com***
> 
>  
> 
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Frank Bulk
> *Sent:* Friday, April 11, 2008 10:07 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] many clients, one room
> 
>  
> 
> Based on research and interviews I performed two years ago, it appeared 
> that for dense client usage in a confined space, Meru was the product 
> most often implemented.  These organizations chose Meru because it 
> worked well or better than the competitor.
> 
>  
> 
> Competitors argued that their product wasn't set up correctly or 
> optimally.  
> 
>  
> 
> I'll let others with production networks pipe in with their experiences.
> 
>  
> 
> Frank 
> 
>  
> 
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Don Wright
> *Sent:* Friday, April 11, 2008 9:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] many clients, one room
> 
>  
> 
>I know this has been talked about and debated on this list before, 
> but what are people doing today when faced with a request like the need 
> "for 100 students simultaneously downloading a powerpoint presentation".   
> Recently there was discussion on MCA vs. SCA vendors and how each 
> handles this worst case scenario.   Since we are an MCA (Aruba), I'd be 
> interested in hearing what others have done or are pl

Re: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Wilson Dillaway


Jon,
 Given that the clients make all the decisions, how can we 
assure, given 14 channels, that the users will equally balance 
themselves across all 14, rather than bunching up?


  Wilson


Jon Freeman wrote:

Some math offers insight on this question…

 


Assuming the following:

 


· we’re looking at a single area (i.e. lecture hall),

· No retransmits are allowed (not real world, but is a best case 
example)


· we’re talking about an average sized PPT of 10MB (looking 
through my PPT folder this was just my average)


· Student and teacher expectations of speed is drawn from their 
homes (i.e. cable and DSL), less than this will be noticed and likely 
complained about


· the room’s average data rate is 54Mbs (10 people by 10 people 
= 50ftx50ft)


· 100 people, all downloading at the same time

· max radio density for Meru is 3 (i.e. 3 channels of coverage, 
this is the most non-overlapping channels you can light in this area 
without interference problems using their latest gear)


· Actual throughput for TCP data is 20Mbs per channel (54Mbs 
less Wi-Fi management overheads – this is a number referred to in the 
802.11 spec and one I’ve observed many times)


· Max radio density available from other shipping solutions 
today is 15 channels


 


_Meru Solution:_

 

· 20Mbs x 3 = 60Mbs converting to Bytes /8 = 7.5MB/sec /100 
people = .075MB/sec (using 1024KB to the MB, this is 76KB/sec/user of TCP!)


· Time to download 10MB/.075MB = 133 sec/user to download a 10MB 
file (_about 2 minutes_), so a 40MB file would take ~8min/user….


· Link throughput then is 76KBs TCP for each user….you decide if 
that’s acceptable


 


_14 channel solution:_

 


· 20Mbs x 15 = 300Mbs

· 5 times the bandwidth = 5 times the throughput

· 76KBs/user x 5 = 380KBs TCP for each user of link throughput 
(and this is a little bit better than most uplink speeds on home 
broadband, www.speedtest.net  is what I’ve 
used on many LANs)


· Instead of 2 minutes waiting, the 10MB file downloads with 
this solution in _26 seconds_, and about  1 ½ min for a 40MB file, 
versus 8 minutes.


 

So, we can assume that Frank’s interviews from 2 years ago don’t account 
for the latest technologies.  Sorry Frank, I don’t mean to poke holes in 
your study, but it is 2 years old and we are talking about technology.


 

Didn’t we stop trying to manage limited bandwidth when ATM failed?  When 
did we go back to thinking that’s ok?


 


I like more power, more speed, better, faster….

 


 Jon

303-808-2666

*Xirrus**™** Array...the**/ Air/**  **is the Network™...visit us at 
www.xirrus.com***


 

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Frank Bulk

*Sent:* Friday, April 11, 2008 10:07 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] many clients, one room

 

Based on research and interviews I performed two years ago, it appeared 
that for dense client usage in a confined space, Meru was the product 
most often implemented.  These organizations chose Meru because it 
worked well or better than the competitor.


 

Competitors argued that their product wasn’t set up correctly or 
optimally.  

 


I’ll let others with production networks pipe in with their experiences.

 

Frank 

 

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:[EMAIL PROTECTED] *On Behalf Of *Don Wright

*Sent:* Friday, April 11, 2008 9:59 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] many clients, one room

 

   I know this has been talked about and debated on this list before, 
but what are people doing today when faced with a request like the need 
“for 100 students simultaneously downloading a powerpoint presentation".   
Recently there was discussion on MCA vs. SCA vendors and how each 
handles this worst case scenario.   Since we are an MCA (Aruba), I’d be 
interested in hearing what others have done or are planning for large 
classrooms and auditoriums.


--
Don Wright
Network Technologies Group
Brown University
 
wire --- less, wi-fi ))) more


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Jon Freeman

Some math offers insight on this question...

 

Assuming the following:

 

· we're looking at a single area (i.e. lecture hall), 

· No retransmits are allowed (not real world, but is a best case 
example)

· we're talking about an average sized PPT of 10MB (looking through my 
PPT folder this was just my average)

· Student and teacher expectations of speed is drawn from their homes 
(i.e. cable and DSL), less than this will be noticed and likely complained about

· the room's average data rate is 54Mbs (10 people by 10 people = 
50ftx50ft) 

· 100 people, all downloading at the same time

· max radio density for Meru is 3 (i.e. 3 channels of coverage, this is 
the most non-overlapping channels you can light in this area without 
interference problems using their latest gear)

· Actual throughput for TCP data is 20Mbs per channel (54Mbs less Wi-Fi 
management overheads - this is a number referred to in the 802.11 spec and one 
I've observed many times)

· Max radio density available from other shipping solutions today is 15 
channels

 

Meru Solution:

 

· 20Mbs x 3 = 60Mbs converting to Bytes /8 = 7.5MB/sec /100 people = 
.075MB/sec (using 1024KB to the MB, this is 76KB/sec/user of TCP!)

· Time to download 10MB/.075MB = 133 sec/user to download a 10MB file 
(about 2 minutes), so a 40MB file would take ~8min/user

· Link throughput then is 76KBs TCP for each useryou decide if 
that's acceptable

 

14 channel solution:

 

· 20Mbs x 15 = 300Mbs

· 5 times the bandwidth = 5 times the throughput

· 76KBs/user x 5 = 380KBs TCP for each user of link throughput (and 
this is a little bit better than most uplink speeds on home broadband, 
www.speedtest.net   is what I've used on many LANs)

· Instead of 2 minutes waiting, the 10MB file downloads with this 
solution in 26 seconds, and about  1 ½ min for a 40MB file, versus 8 minutes.

 

So, we can assume that Frank's interviews from 2 years ago don't account for 
the latest technologies.  Sorry Frank, I don't mean to poke holes in your 
study, but it is 2 years old and we are talking about technology.

 

Didn't we stop trying to manage limited bandwidth when ATM failed?  When did we 
go back to thinking that's ok?

 

I like more power, more speed, better, faster

 

 Jon

303-808-2666

Xirrus(tm) Array...the Air  is the Network(tm)...visit us at www.xirrus.com

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Frank Bulk
Sent: Friday, April 11, 2008 10:07 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] many clients, one room

 

Based on research and interviews I performed two years ago, it appeared that 
for dense client usage in a confined space, Meru was the product most often 
implemented.  These organizations chose Meru because it worked well or better 
than the competitor.

 

Competitors argued that their product wasn't set up correctly or optimally.  

 

I'll let others with production networks pipe in with their experiences.

 

Frank  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Don Wright
Sent: Friday, April 11, 2008 9:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] many clients, one room

 

   I know this has been talked about and debated on this list before, but what 
are people doing today when faced with a request like the need "for 100 
students simultaneously downloading a powerpoint presentation".   
Recently there was discussion on MCA vs. SCA vendors and how each handles 
this worst case scenario.   Since we are an MCA (Aruba), I'd be interested in 
hearing what others have done or are planning for large classrooms and 
auditoriums.

-- 
Don Wright
Network Technologies Group
Brown University
 
wire --- less, wi-fi ))) more

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Paynter, Jeffrey

We went with a conventional approach using Cisco LWAPPs.  We have
several auditoriums that require 105 simultaneous devices (laptops) to
be using the wireless for lectures, seminars, etc.  The auditoriums
already have 802.11 a, b/g coverage using Cisco LWAPPs.  In order to get
the device density we enhanced the coverage by adding additional 1131
LWAPPs and turning off the b/g 2.4 GHz radio in each AP.  The students
use laptops that are set to use 802.11a only.  This also allows for a
few to use 802.11b/g.  For 105 devices we used 4 additional 1131 APs, or
about 25 devices per AP.  The students have been using this all year
with no complaints.  This was before the 802.11 a/n, b/g/n 1252 AP was
available.

Jeff Paynter
University of Rochester Medical Center




From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Don Wright
Sent: Friday, April 11, 2008 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] many clients, one room

 

   I know this has been talked about and debated on this list before,
but what are people doing today when faced with a request like the need
"for 100 students simultaneously downloading a powerpoint presentation".

Recently there was discussion on MCA vs. SCA vendors and how each
handles this worst case scenario.   Since we are an MCA (Aruba), I'd be
interested in hearing what others have done or are planning for large
classrooms and auditoriums.

-- 
Don Wright
Network Technologies Group
Brown University
 
wire --- less, wi-fi ))) more

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WCS client count...

2008-04-11 Thread Hector J Rios

Cisco WCS users,

I'm sure most of you know this already but in case you don't, beware of
the client count statistics in both WCS and controllers. If you have a
WLAN with web auth or 802.1X and a client associates to that WLAN, the
client gets added to the client count whether authentication is
successful or not. This can be misleading, especially if you are using
these statistics for future planning. We often get questions about the
number of users that we have on our network. The statistics we get, we
get them from our radius server. That way we know for a fact that a
client is actually logged on and is not just a user that forgot to turn
off his/her wireless adapter (99% of our users) and is associated to a
WLAN.

Thanks,

Hector Rios
Telecommunications Analyst, NI
LSU Information Technology Services

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] many clients, one room

2008-04-11 Thread Frank Bulk

Based on research and interviews I performed two years ago, it appeared that
for dense client usage in a confined space, Meru was the product most often
implemented.  These organizations chose Meru because it worked well or
better than the competitor.

 

Competitors argued that their product wasn't set up correctly or optimally.


 

I'll let others with production networks pipe in with their experiences.

 

Frank  

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Don Wright
Sent: Friday, April 11, 2008 9:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] many clients, one room

 

   I know this has been talked about and debated on this list before, but
what are people doing today when faced with a request like the need "for 100
students simultaneously downloading a powerpoint presentation".   
Recently there was discussion on MCA vs. SCA vendors and how each
handles this worst case scenario.   Since we are an MCA (Aruba), I'd be
interested in hearing what others have done or are planning for large
classrooms and auditoriums.

-- 
Don Wright
Network Technologies Group
Brown University
 
wire --- less, wi-fi ))) more

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

many clients, one room

2008-04-11 Thread Don Wright

I know this has been talked about and debated on this list before, but
what are people doing today when faced with a request like the need ³for 100
students simultaneously downloading a powerpoint presentation".
Recently there was discussion on MCA vs. SCA vendors and how each
handles this worst case scenario.   Since we are an MCA (Aruba), I¹d be
interested in hearing what others have done or are planning for large
classrooms and auditoriums.

-- 
Don Wright
Network Technologies Group
Brown University
 
wire --- less, wi-fi ))) more


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Meru Captive Portal

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

Meru Captive Portal

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

RE: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2

RE: [WIRELESS-LAN] many clients, one room

Re: [WIRELESS-LAN] many clients, one room

RE: [WIRELESS-LAN] many clients, one room

Re: [WIRELESS-LAN] many clients, one room

RE: [WIRELESS-LAN] many clients, one room

RE: [WIRELESS-LAN] many clients, one room

WCS client count...

RE: [WIRELESS-LAN] many clients, one room

many clients, one room

16 matches

Site Navigation

Mail list logo

Footer information