RE: [WIRELESS-LAN] Replacing Bluesocket with Cisco NAC (formerly known as Clean Access)

2009-07-25 Thread Wim Bos 
I have a completely different question. Is any of you using auto RF. We are not 
in favor of it after using it for a while on several customer sites. The main 
issue is that with voip it tends to get instable and in a lot of cases it 
creates blackspots. I was curious on the experience with auto rf from this 
group.

It is basically brand independent. Most systems work the same way.

Thanks


Kind Regards,

Wim Bos

[cid:image002.jpg@01CA0D50.5F3A9520]



Strijkviertel 61

Phone +31 30 711 5685

3454 PK De Meern

Fax  +31 30 293 5711

Netherlands

Mobile  +31 6 246 45 713

www.lumiad.nl

w...@lumiad.nl







Lumiad, when it comes to wireless...

This communication contains information which is confidential and may also be 
privileged. It is for the exclusive use of the intended recipient(s). If you 
are not the intended recipient(s), please note that any distribution, copying 
or use of the communication or the information in it is strictly prohibited. If 
you have received this communication in error, please notify the sender 
immediately and then destroy any copies of it.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS)
Sent: zaterdag 25 juli 2009 11:49
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Replacing Bluesocket with Cisco NAC (formerly known 
as Clean Access)

Kevin,

Unfortunately I must agree with Manoj. Liberty University has historically been 
a Cisco shop. We are completing our move away from CCA.

CCA is primarily designed as a Layer-2 solution, although it may be deployed as 
a Layer-3 solution if VRF ( Virtual Routing & Forwarding) and PBR (Policy Based 
Routing) are added to the network.

We deployed CCA as a high availability solution for in-band wireless (with 
Cisco fat APs) & out-of-band wired. Actually out-of-band users are in-band 
until they are authenticated. The out-of-band solution for wireless is a 
relatively new offering that requires the Cisco lightweight wireless solution. 
I doubt you will find many that currently have this deployed.

Our new solution is a Layer-3 totally Out-of-Band solution.

We had over 30 physical servers for CCA on out network. The new solution has 4 
for high availability. We primarily used LDAP authentication against Active 
Directory for our students. For University machines, we used single sign on, 
eliminating the CCA login screen. We used RADIUS accounting to our Cisco ACS 
server.

We considered CCA and Cisco's lightweight wireless solution. We chose another 
vendor for wireless & NAC. Our new solution is not perfect, but it seems to 
meet our needs better than the Cisco solutions.

Feel free to contact me offline for more information.


Bruce Osborne
Network Engineer
Liberty University

From: Kevin Fitzgerald [mailto:kwfitzger...@ualr.edu]
Sent: Friday, July 24, 2009 10:59 AM
Subject: Re: Replacing Bluesocket with Cisco NAC (formerly known as Clean 
Access)

Well that's encouraging :)  I am curious about the dealbreaker issues that you 
had.  Did you uncover some important 'gotchas?'

K. Fitzgerald
UALR Networks
On Fri, Jul 24, 2009 at 9:47 AM, Manoj Abeysekera 
mailto:ma...@american.edu>> wrote:

We do have a similar setup although we are fast changing. We do OOB for wired 
with Cisco NAC (CCA). For wireless it still in-band with CCA. No offense but 
CCA seems to be a (and have been) very problematic product for us and we are 
hoping to change that soon.

Thanks

Manoj


--
P. Manoj Abeysekera, CWNA
Network Engineer
American University
4200 Wisconsin Ave, NW
Washington DC. 20016

Kevin Fitzgerald mailto:kwfitzger...@ualr.edu>>
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>

07/24/2009 10:21 AM
Please respond to
The EDUCAUSE Wireless Issues Constituent Group Listserv  
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>


To

WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

cc



Subject

[WIRELESS-LAN] Replacing Bluesocket with Cisco NAC (formerly known as Clean 
Access)








Hello all,

We are currently in the process of replacing our Bluesocket Secured Controller 
appliances with Cisco's NAC.  The Bluesockets are only used for LDAP auth (user 
login).   In our environment we will be doing wireless and wired out-of-band 
(OOB) in virtual gateway mode, and our NAC is centrally deployed.  Our wireless 
access points operate in lightweight mode using Cisco Wireless Lan Controllers. 
  All of our WAPS are Cisco 1231 (LWAPP) running off of Cisco WLCs.

We are moving to a Cisco end-to-end solution composed of the NAC, WLCs, and 
WAPs.

I'd love to hear from some folks who have already gone down this road.  The 
documentation that I've read often refers to RADIUS accounting records.  Has 
anyone implemented a wireless OOB solution with LDAP?

Kindest regards,
K. Fitzgera

RE: Replacing Bluesocket with Cisco NAC (formerly known as Clean Access)

2009-07-25 Thread Osborne, Bruce W. (NS) 
Kevin,

Unfortunately I must agree with Manoj. Liberty University has historically been 
a Cisco shop. We are completing our move away from CCA.

CCA is primarily designed as a Layer-2 solution, although it may be deployed as 
a Layer-3 solution if VRF ( Virtual Routing & Forwarding) and PBR (Policy Based 
Routing) are added to the network.

We deployed CCA as a high availability solution for in-band wireless (with 
Cisco fat APs) & out-of-band wired. Actually out-of-band users are in-band 
until they are authenticated. The out-of-band solution for wireless is a 
relatively new offering that requires the Cisco lightweight wireless solution. 
I doubt you will find many that currently have this deployed.

Our new solution is a Layer-3 totally Out-of-Band solution.

We had over 30 physical servers for CCA on out network. The new solution has 4 
for high availability. We primarily used LDAP authentication against Active 
Directory for our students. For University machines, we used single sign on, 
eliminating the CCA login screen. We used RADIUS accounting to our Cisco ACS 
server.

We considered CCA and Cisco's lightweight wireless solution. We chose another 
vendor for wireless & NAC. Our new solution is not perfect, but it seems to 
meet our needs better than the Cisco solutions.

Feel free to contact me offline for more information.


Bruce Osborne
Network Engineer
Liberty University

From: Kevin Fitzgerald [mailto:kwfitzger...@ualr.edu]
Sent: Friday, July 24, 2009 10:59 AM
Subject: Re: Replacing Bluesocket with Cisco NAC (formerly known as Clean 
Access)

Well that's encouraging :)  I am curious about the dealbreaker issues that you 
had.  Did you uncover some important 'gotchas?'

K. Fitzgerald
UALR Networks
On Fri, Jul 24, 2009 at 9:47 AM, Manoj Abeysekera 
mailto:ma...@american.edu>> wrote:

We do have a similar setup although we are fast changing. We do OOB for wired 
with Cisco NAC (CCA). For wireless it still in-band with CCA. No offense but 
CCA seems to be a (and have been) very problematic product for us and we are 
hoping to change that soon.

Thanks

Manoj


--
P. Manoj Abeysekera, CWNA
Network Engineer
American University
4200 Wisconsin Ave, NW
Washington DC. 20016


Kevin Fitzgerald mailto:kwfitzger...@ualr.edu>>
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>

07/24/2009 10:21 AM
Please respond to
The EDUCAUSE Wireless Issues Constituent Group Listserv  
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>


To

WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

cc

Subject

[WIRELESS-LAN] Replacing Bluesocket with Cisco NAC (formerly known as Clean 
Access)






Hello all,

We are currently in the process of replacing our Bluesocket Secured Controller 
appliances with Cisco's NAC.  The Bluesockets are only used for LDAP auth (user 
login).   In our environment we will be doing wireless and wired out-of-band 
(OOB) in virtual gateway mode, and our NAC is centrally deployed.  Our wireless 
access points operate in lightweight mode using Cisco Wireless Lan Controllers. 
  All of our WAPS are Cisco 1231 (LWAPP) running off of Cisco WLCs.

We are moving to a Cisco end-to-end solution composed of the NAC, WLCs, and 
WAPs.

I'd love to hear from some folks who have already gone down this road.  The 
documentation that I've read often refers to RADIUS accounting records.  Has 
anyone implemented a wireless OOB solution with LDAP?

Kindest regards,
K. Fitzgerald
Computing Services Networks
University of Arkansas at Little Rock


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.