Re: [WIRELESS-LAN] WiFi Direct

[Jeff Kell]

On 11/5/2012 6:57 PM, Craig Simons wrote:
Yet, part of me wants to recommend it as the "official solution" for
screencasting (ie Miracast
) rather than
fight a losing fight with AirPlay and mDNS over wireless.

The problem appears to be that AirPlay / Bonjour devices will not play
any other games, you accomodate them at whatever cost, or you lose their
proponents.

I have issues with wireless video streaming in the first place (it's not
the proper media), but going wireless-to-wireless with it is doubling
the airwaves cost.  And if you have thin APs and central controller,
you're likely doubling your controller traffic as well.  It just DOES
NOT FIT an enterprise wireless network.

You can try to drop it locally off of the APs onto the local network,
but now you're no longer on the enterprise network... 

WiFi Direct just introduces more interference and airwave congestion. 
Not exactly an enterprise solution.

If they would play in 5G where there is some room for competition,
perhaps; but it's a death knell for b/g 2.4G.

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] See you at Educause...(Denver, CO)

[Hanset, Philippe C]

Colleen,

> - What are others doing to support home networking products in the enterprise 
> (besides just Apple products)?  Ways to do this without having to completely 
> adapt a vendor solution & be locked into an end to end solution.
> 

Could you (or anyone on the list) give a few examples of home networking 
products that you have in mind and the challenges that come with them
I can think of:
Printers (interference, security, being on same layer 2)
the slew of Apple products (and equivalent products) (the challenges of mDNS)
Game consoles (the ones that cannot do 802.1x)
What else?


> - Any good success stories with IPv6 on wireless? Or location based authZ on 
> wireless?

Any specific use case for Location based AuthZ on Wi-Fi?

> 
> I know I'll have access to login after the conference is over to review the 
> session, so I hope these will be discussed!
> 

The session is not recorded but we will try to provide a good summary of the 
discussion back on the list

Thanks,

Philippe

> Colleen Szymanik
> University of Pennsylvania 
> 
> On Nov 5, 2012, at 2:44 PM, "Entwistle, Bruce"  
> wrote:
> 
>> I am unable to attend but would be interested in comments related to the 
>> topics mentioned.
>> 
>> Bruce Entwistle
>> Network Manager
>> University of Redlands
>> 
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
>> Sent: Friday, November 02, 2012 4:25 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] See you at Educause...(Denver, CO)
>> 
>> The Wireless-LAN session is on Wednesday Nov 7, from 10:30 till 11:20 
>> Mountain Time, room 402.
>> 
>> Topics that come to mind:
>> 
>> -802.11AC Why wait? Why jump?
>> -How to empower users with Bonjour needs?
>> (or consequences for not doing it)
>> -Is Wireless management slowly moving to the switch? What does it mean for 
>> us?
>> (Will it all work with openflow seamlessly?)
>> 
>> Any other topic you want us to discuss?
>> 
>> Thanks,
>> 
>> Have a good Weekend,
>> 
>> Philippe
>> 
>> Univ. of TN
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] See you at Educause...(Denver, CO)

[Colleen Szymanik]

I am interested in hearing about these topics as well, but I'm not @ Educause 
this week either.

A couple other things I'd love to hear about from others:

- What are others doing to support home networking products in the enterprise 
(besides just Apple products)?  Ways to do this without having to completely 
adapt a vendor solution & be locked into an end to end solution.

- Any good success stories with IPv6 on wireless? Or location based authZ on 
wireless?

I know I'll have access to login after the conference is over to review the 
session, so I hope these will be discussed!

Colleen Szymanik
University of Pennsylvania 

On Nov 5, 2012, at 2:44 PM, "Entwistle, Bruce"  
wrote:

> I am unable to attend but would be interested in comments related to the 
> topics mentioned.
> 
> Bruce Entwistle
> Network Manager
> University of Redlands
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
> Sent: Friday, November 02, 2012 4:25 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] See you at Educause...(Denver, CO)
> 
> The Wireless-LAN session is on Wednesday Nov 7, from 10:30 till 11:20 
> Mountain Time, room 402.
> 
> Topics that come to mind:
> 
> -802.11AC Why wait? Why jump?
> -How to empower users with Bonjour needs?
> (or consequences for not doing it)
> -Is Wireless management slowly moving to the switch? What does it mean for us?
> (Will it all work with openflow seamlessly?)
> 
> Any other topic you want us to discuss?
> 
> Thanks,
> 
> Have a good Weekend,
> 
> Philippe
> 
> Univ. of TN
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiFi Direct

[Craig Simons]

How does everyone plan on dealing with Wi-Fi Direct from both a policy and a 
technology perspective? From an RF management point of view, I can't imagine a 
situation where it would be possible to individually manage all devices, 
printers, projectors, etc that can create Wi-Fi direct networks. And while an 
official policy might be able to steer frequency usage, it would be pretty 
tough to enforce without an existing sensor/countermeasures infrastructure in 
place (of which I would also assume 802.11w will eventually make useless 
anyway). 


Yet, part of me wants to recommend it as the "official solution" for 
screencasting (ie Miracast ) rather than fight a losing fight with AirPlay and 
mDNS over wireless. 

My sense is that all TVs, projectors, printers, and BYOD type devices will 
eventually support it and managing the impacts it will be inevitable. I'd be 
interested in what each of you are planning and whether or not anyone has done 
any testing in a production environment. 


Regards, 
Craig 




SFU SIMON FRASER UNIVERSITY 
Network Services 

Craig Simons 
Network and Systems Administrator 

Phone: 778-782-8036 
Cell: 604-649-7977 
Email: craigsim...@sfu.ca 
Twitter: simonscraig 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] See you at Educause...(Denver, CO)

[Entwistle, Bruce]

I am unable to attend but would be interested in comments related to the topics 
mentioned.

Bruce Entwistle
Network Manager
University of Redlands


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Friday, November 02, 2012 4:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] See you at Educause...(Denver, CO)

The Wireless-LAN session is on Wednesday Nov 7, from 10:30 till 11:20 Mountain 
Time, room 402.

Topics that come to mind:

-802.11AC Why wait? Why jump?
-How to empower users with Bonjour needs?
 (or consequences for not doing it)
-Is Wireless management slowly moving to the switch? What does it mean for us?
 (Will it all work with openflow seamlessly?)

Any other topic you want us to discuss?

Thanks,

Have a good Weekend,

Philippe

Univ. of TN

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless in a truck

[Luke Jenkins]

Check out http://www.powerwerx.com/batteries-chargers/

I've used products from this company for a few projects and have always been 
happy. Look at either a battery separator or battery isolator and, as Jonathan 
recommended, use a separate battery with the AH rating you need for your 
project.

Be careful about what you hook up to a car power system, 12 volts doesn't 
always mean 12 volts. You will see a swing of +- 25% between when the battery 
is low and what the alternator puts out. Either check to make sure that the 
gear you're hooking up is happy with a large range, or take extra steps to 
smooth out the power.

Ham radio folks have been running RF gear in cars for decades now. See what 
resources you can dig up with that in mind.

-Luke

=-=-=-=-=-=-=-=-=-=-=-=
Luke Jenkins
Network Engineer
Weber State University



On Nov 5, 2012, at 4:24 AM, Jonathan Gazeley  
wrote:

> On 02/11/12 20:33, Chuck Enfield wrote:
>> Seems to me the power supply in the truck is your best bet.  The router
>> probably runs on DC at relatively low power compared to something like a
>> car stereo, and the truck's battery would make as good an all-weather UPS
>> as anything I can think of.
> 
> I don't have any direct experience running wireless in a truck, but I do 
> frequently run a motorised telescope from a car battery in remote locations. 
> I would advise against running anything directly from the truck's battery in 
> case you over-discharge it and are unable to start the engine again.
> 
> Either use a deep-cycle leisure battery (which can be charged from the engine 
> when running, but kept separate from the main vehicle battery when 
> discharging) or if you really want to run off the main battery, include some 
> electronics that will prevent over-discharge.
> 
> You can find these kind of systems in motorhomes - perhaps ask a motorhome 
> service centre about getting this kind of circuit put into your truck.
> 
> Cheers,
> Jonathan
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: How to separate the access privilege of staff and students

[Adam T Ferrero]

  We do exactly this with Freeradius as well.  We key off of an ldap attribute 
that distinguishes between staff and student.  It is done in the post-auth 
section of the outer tunnel virtual server (WPA2 enterprise SSID).  Because we 
allow NAC guest accounts (non-ldap), we have a final block that will place 
those guests on a guest vlan if that ldap attribute doesn't exist.

  Our wireless controllers are set to honor the vlan attribute from radius 
accepts (tunnel-private-group-id) and default to a "registration" vlan if it 
doesn't exist.  That registration network gives a captive portal page (but 
users aren't supposed to ever get there for that reason).

  We even had to extend to distinguish between controller IP addresses to set 
unique vlans because of our scale.  We had a /21 in place for students in a 
particular equipment room.  At max we had three wireless controllers in that 
room sharing the IP space, but even with 10 minute lease times we exhausted the 
supply frequently.  Now we have a /20 for student for each of those 
controllers.  4,000 IPs for student would be about 26 students per AP.  
Thankfully, we are not that dense yet but I didn't expect us to need this much 
so soon.  Users continue to suck down what we provide, we just try not to be 
too far behind increasing capacity to match.  On a good day we increase when we 
break 75% of the capacity.

  I hope the snippet helps (I changed IPs and pvids to protect the innocent).

  Adam


post-auth {

if ((Huntgroup-Name == "wireless") && (User-Name == 
Calling-Station-Id)) {
# User-Name == Calling-Station-Id => mac filtering / open 
wireless - allow controller to set vlan
noop
}
elsif ((Huntgroup-Name == "wireless") && 
("%{reply:ldapStafforStudentAttribute}" == "staff")) {
# Wireless controller, not open wireless as above, must be WPA2 
802.1x call.  Set vlan id via ldap attr
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
# staff go to vlan 3008 on all controllers (separate IP 
addressing, but identical pvid in different rooms)
Tunnel-Private-Group-ID = "3008"
}
}
elsif ((Huntgroup-Name == "wireless") && ("%{reply: 
ldapStafforStudentAttribute }" == "student")) {
# Wireless controller, not open wireless as above, must be WPA2 
802.1x call.  Set vlan id via ldap attr
switch "%{NAS-IP-Address}" {
   case "10.10.10.13" {
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
# students on the .13 controller go to vlan 3006
Tunnel-Private-Group-ID = "3006"
}
}
   case "10.10.10.17" {
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
# students on the .17 controller go to vlan 3007
Tunnel-Private-Group-ID = "3007"
}
}
   case {
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
# students on every other controller go to vlan 
3009 (we used to have the same pvid everywhere until we need to grow so large)
Tunnel-Private-Group-ID = "3009"
}
}
}
}
else {
# Non-ldap guests
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
   # non-ldap accounts (guests) get placed on vlan 3005 (which has 
router filter and firewall implications to restrict to general web browsing)
   Tunnel-Private-Group-ID = "3005"
}
}
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Linchuan Yang
Sent: Monday, November 05, 2012 12:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] How to separate the access privilege of staff and 
students

Dear All

Good morning. We want to separate the access privilege of staff and students by 
using the same SSID. We are using free radius linked with Active Directory. 
Could you please explain how to do it in detail? Shall we need ACS (ISE) or 
other?

Thank you, and have a nice day.

Yours,
Linchuan Yang (Antony)
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia Univer

RE: [WIRELESS-LAN] How to separate the access privilege of staff and students

[Danny Eaton]

Antony,

 

We do that on wireless (Rice Owls). Essentially, the radius returns a status
of "staff" or "student" based on the credentials provided, which maps to an
MPLS VPN.  Each VRF has a separate firewall policy, both internally and
externally.  The wireless controllers then map the reply to a VLAN.  If you
want to hear more, email me offline.

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Linchuan Yang
Sent: Monday, November 05, 2012 11:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] How to separate the access privilege of staff and
students

 

Dear All

 

Good morning. We want to separate the access privilege of staff and students
by using the same SSID. We are using free radius linked with Active
Directory. Could you please explain how to do it in detail? Shall we need
ACS (ISE) or other?

 

Thank you, and have a nice day.

 

Yours,

Linchuan Yang (Antony)

Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

 

 

!DSPAM:911,5097f348229955578618184! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

How to separate the access privilege of staff and students

[Linchuan Yang]

Dear All

Good morning. We want to separate the access privilege of staff and students by 
using the same SSID. We are using free radius linked with Active Directory. 
Could you please explain how to do it in detail? Shall we need ACS (ISE) or 
other?

Thank you, and have a nice day.

Yours,
Linchuan Yang (Antony)
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] wireless printers in dorms

[Barrantes, Rita]

Yes, at University of Houston we are in the middle of an awareness campaign to 
educate students how to move to 5Ghz. We opened a WiFi service desk at the 
library to check devices and educate students. We are giving away a WiFi dual 
band adapter per week (raffle) for students who stop at the service desk. We 
are publishing information about 5ghz and the benefits, in student newspapers, 
web site, email communications, and social media. We have seen an increased of 
number of devices using 5ghz since we launched the campaign in September.

Sent from my iPhone

On Nov 3, 2012, at 9:21 PM, "Adam Forsyth" 
mailto:forsy...@luther.edu>> wrote:

I wasn't intending to suggest a policy banning 2.4Ghz or saying that I wanted 
to stop offering service in that band.  Just thinking out loud of a policy that 
we'd make our best effort to make 2.4Ghz work, but 5Ghz would be the better 
performing more reliable networkI guess though, policy or not that's 
already how things are working out due to the nature of both bands and Rogue 
consumer devices.

Also I suppose short of banning 2.4Ghz, it's hard to get student's attention to 
get them to buy 5Ghz capable computers, but I agree banning 2.4Ghz would cause 
many complaints.

Does anyone have methods that you've used that have been successful in 
educating students to make the choice to spend a few extra dollars for dual 
band wireless when they're purchasing a new laptop?


On Wed, Oct 31, 2012 at 6:43 AM, Osborne, Bruce W 
mailto:bosbo...@liberty.edu>> wrote:
Banning 2.4 GHz would ban a large portion of the consumer PCs and mobile 
devices and all current game consoles.

I know that would not work here. We initially only offered IPTV on 5GHz n and 
had to expand the offering to 2.4GHz due to complaints from students. Excluding 
game consoles would also be a very big issue here.

Bruce Osborne
Network Engineer
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Adam Forsyth [mailto:forsy...@luther.edu]
Sent: Tuesday, October 30, 2012 8:41 PM
Subject: Re: wireless printers in dorms

Has anyone declared 2.4Ghz hopeless and made a policy declaring that users that 
want a working well performing wireless network connection need to make 
arrangements to connect to the 5Ghz network?  If a policy like that could fly, 
then it would be easier to run a 5Ghz network with great performance for all of 
the laptops to connect to.  2.4Ghz could become a best effort waste land 
polluted by all of the printers with their rogue ssid's, slowed down by the 
wii's that insist on making 802.11B connections before they'll make 802.11G 
connections, interfered with by the bluetooth, wifi-direct, etc.

Of course, I guess this is only a good idea until 5Ghz becomes the new 2.4Ghz.  
I suppose it's probably only a matter of time until devices like printers have 
dual band radios and can cause 5Ghz problems too.

On Tue, Oct 30, 2012 at 2:36 PM, Tom O'Donnell 
mailto:to...@maine.edu>> wrote:
> I left out a couple factors... I don't know if the printers are
> printing wirelessly, or that students even intend them to. They just
> show up with wireless enabled, and whatever education we've done on
> the subject doesn't seem to help.
>
> Sometimes we'll find a printer and the person has a USB cable. "Nope,
> I'm not using wireless on my printer, just the USB." But they don't
> realize the wireless is on.
>
> We don't intend for them to work, at any rate. We prohibit it, but
> going door to door hasn't worked completely. Word gets around the
> dorms, and students hide their printers :)
>
> --
> Tom O'Donnell
> Senior Manager of Network and Server Systems Information Technology
> Services University of Maine at Farmington
> (207) 778-7336
>
>
> On Tue, Oct 30, 2012 at 3:07 PM, Julian Y Koh 
> mailto:kohs...@northwestern.edu>> wrote:
>> On Oct 30, 2012, at 13:53 , Tom O'Donnell 
>> mailto:to...@maine.edu>>
>>  wrote:
>>>
>>> I was wondering how other schools handle wireless printers in the
>>> dorms.  This seems to be the year everyone showed up with one, and
>>> they're causing connectivity problems in our 2.4GHz space.
>>
>> How well do the printers work anyway wirelessly?  Depending on the service 
>> advertisement protocols and printing protocols used, the client types, your 
>> authentication requirements (since most printers don't do 
>> WPA2-Enterprise/802.1X) and your subnetting/address assignment scheme, I 
>> wonder how successful people are at actually getting these things to work 
>> anyway.
>>
>>
>> --
>> Julian Y. Koh
>> Manager, Network Transport, Telecommunications and Network Services
>> Northwestern University Information Technology (NUIT)
>> 2001 Sheridan Road #G-166
>> Evanston, IL 60208
>> 847-467-5780
>> NUIT Web Site:  PGP Public
>> Key:

Re: [WIRELESS-LAN] Wireless in a truck

[Jonathan Gazeley]

On 02/11/12 20:33, Chuck Enfield wrote:

Seems to me the power supply in the truck is your best bet.  The router
probably runs on DC at relatively low power compared to something like a
car stereo, and the truck's battery would make as good an all-weather UPS
as anything I can think of.


I don't have any direct experience running wireless in a truck, but I do 
frequently run a motorised telescope from a car battery in remote 
locations. I would advise against running anything directly from the 
truck's battery in case you over-discharge it and are unable to start 
the engine again.


Either use a deep-cycle leisure battery (which can be charged from the 
engine when running, but kept separate from the main vehicle battery 
when discharging) or if you really want to run off the main battery, 
include some electronics that will prevent over-discharge.


You can find these kind of systems in motorhomes - perhaps ask a 
motorhome service centre about getting this kind of circuit put into 
your truck.


Cheers,
Jonathan

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.