Re: [WIRELESS-LAN] RADIUS Servers Load Balancing

[Walter Reynolds]

On option, though not a true load balancer, is to set up a proxy
FreeRadius server and use the Calling-Station-ID as the key on which RADIUS
server to send the request to.

We have not done this yet, but are planning on it for this fall.



Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438

On Wed, Jul 6, 2016 at 9:16 AM, Dennis Xu  wrote:

> Hello,
> Has anyone had success stories about deploying RADIUS servers behind load
> balancers to support large number of concurrent 802.1X users? We just
> deployed 5 FreeRADIUS servers behind Cisco ACE and observed packets drop
> issues at ACE. By far, I suspect the issue was caused by the RADIUS
> stickiness(by calling-station-ID). Has anyone deployed RADIUS load
> balancing without using stickiness?
>
> Thanks.
>
>
> Dennis Xu, MASc, CCIE #13056
> Analyst 3, Network Infrastructure
> Computing and Communications Services(CCS)
> University of Guelph
>
> 519-824-4120 Ext 56217
> d...@uoguelph.ca
> www.uoguelph.ca/ccs
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] RADIUS Servers Load Balancing

[Jeremy Gibbs]

We are using 6 RADIUS servers behind a SLB setup.  We haven't run this
during the semester, so this will be the first semester where all of the NAC
appliances / RADIUS is LB.  We are using our Enterasys S4 core to do this
and a feature they call "Server Load Balancing" which is based on LSNAT.  I
believe we have stickiness turned on because that is required for our
setup, although it is only sticky for that session.  We LB based on
concurrent connections to each server.

Currently, I have one of the servers out of the SLB group.  But SLB does a
good job so far.

[image: Inline image 1]




*--Jeremy L. Gibbs*
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Wed, Jul 6, 2016 at 11:33 AM, Curtis K. Larsen 
wrote:

> We have 10 back-end FreeRADIUS VM's (5 in each data center) and two
> front-end FreeRADIUS Load
> balancers (1 in each DC).  We've used this config successfully for about 6
> years.  FreeRADIUS
> natively load balances quite well and we do it based on calling-station-id
> so it is sticky and
> balanced very evenly.  In fact, we tried at one point to use Netscalers
> and found that FreeRADIUS
> handled the health-checking aspects a little better and provided better
> visibility with graphs
> using graphite/tessera , radsniff, etc.  We normally do about 300
> requests/sec as well, but I've
> seen it as high as 1,000 the first two weeks of school.
>
> We get commercial support from PacketFence/Inverse on this configuration.
>
>
> Thanks,
>
> --
> Curtis K. Larsen
> Senior Network Engineer
> University of Utah IT/CIS
>
>
>
> On Wed, July 6, 2016 9:07 am, Joe Rogers wrote:
> >
> > We're running a cluster of 8 FreeRADIUS servers behind two pairs of
> > Citrix Netscaler's in different data centers which inject two anycast-IP
> > VIPs into our backbone routing tables.  This has worked very well in our
> > environment for many years.  If a Netscaler fails or the member servers
> > behind it fail, the route is simply withdrawn and traffic switches over
> > to the other data center's Netscalers.  We made sure to keep sessions
> > 'sticky' to a given server as long as everything is operating normally.
> > We use the NAS IP addr for persistence.  It doesn't provide perfectly
> > even load-balancing over the servers (some NAS' are busier than
> > others).  But, it worked well enough for us.  The servers generally see
> > around 300 requests/sec (auth and acct combined) during a normal
> semester.
> >
> > *Joe Rogers*
> > Associate Director, Network Engineering
> >
> > University of South Florida – Information Technology
> > 4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620
> > j...@usf.edu | Tel: (813) 974-7369
> > www.usf.edu/it | Facebook: /USF Information Technology | Twitter: @
> USF_IT
> >
> > On 07/06/2016 09:16 AM, Dennis Xu wrote:
> >> Hello,
> >> Has anyone had success stories about deploying RADIUS servers behind
> >> load balancers to support large number of concurrent 802.1X users? We
> >> just deployed 5 FreeRADIUS servers behind Cisco ACE and observed
> >> packets drop issues at ACE. By far, I suspect the issue was caused by
> >> the RADIUS stickiness(by calling-station-ID). Has anyone deployed
> >> RADIUS load balancing without using stickiness?
> >>
> >> Thanks.
> >>
> >>
> >> Dennis Xu, MASc, CCIE #13056
> >> Analyst 3, Network Infrastructure
> >> Computing and Communications Services(CCS)
> >> University of Guelph
> >>
> >> 519-824-4120 Ext 56217
> >> d...@uoguelph.ca
> >> www.uoguelph.ca/ccs
> >>
> >> ** Participation and subscription information for this
> >> EDUCAUSE Constituent Group discussion list can be found at
> >> http://www.educause.edu/groups/.
> >>
> >
> >
> > **
> > Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can
> > be found at http://www.educause.edu/groups/.
> >
> >
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] RADIUS Servers Load Balancing

[Curtis K. Larsen]

We have 10 back-end FreeRADIUS VM's (5 in each data center) and two front-end 
FreeRADIUS Load
balancers (1 in each DC).  We've used this config successfully for about 6 
years.  FreeRADIUS
natively load balances quite well and we do it based on calling-station-id so 
it is sticky and
balanced very evenly.  In fact, we tried at one point to use Netscalers and 
found that FreeRADIUS
handled the health-checking aspects a little better and provided better 
visibility with graphs
using graphite/tessera , radsniff, etc.  We normally do about 300 requests/sec 
as well, but I've
seen it as high as 1,000 the first two weeks of school.

We get commercial support from PacketFence/Inverse on this configuration.


Thanks,

-- 
Curtis K. Larsen
Senior Network Engineer
University of Utah IT/CIS



On Wed, July 6, 2016 9:07 am, Joe Rogers wrote:
>
> We're running a cluster of 8 FreeRADIUS servers behind two pairs of
> Citrix Netscaler's in different data centers which inject two anycast-IP
> VIPs into our backbone routing tables.  This has worked very well in our
> environment for many years.  If a Netscaler fails or the member servers
> behind it fail, the route is simply withdrawn and traffic switches over
> to the other data center's Netscalers.  We made sure to keep sessions
> 'sticky' to a given server as long as everything is operating normally.
> We use the NAS IP addr for persistence.  It doesn't provide perfectly
> even load-balancing over the servers (some NAS' are busier than
> others).  But, it worked well enough for us.  The servers generally see
> around 300 requests/sec (auth and acct combined) during a normal semester.
>
> *Joe Rogers*
> Associate Director, Network Engineering
>
> University of South Florida – Information Technology
> 4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620
> j...@usf.edu | Tel: (813) 974-7369
> www.usf.edu/it | Facebook: /USF Information Technology | Twitter: @ USF_IT
>
> On 07/06/2016 09:16 AM, Dennis Xu wrote:
>> Hello,
>> Has anyone had success stories about deploying RADIUS servers behind
>> load balancers to support large number of concurrent 802.1X users? We
>> just deployed 5 FreeRADIUS servers behind Cisco ACE and observed
>> packets drop issues at ACE. By far, I suspect the issue was caused by
>> the RADIUS stickiness(by calling-station-ID). Has anyone deployed
>> RADIUS load balancing without using stickiness?
>>
>> Thanks.
>>
>>
>> Dennis Xu, MASc, CCIE #13056
>> Analyst 3, Network Infrastructure
>> Computing and Communications Services(CCS)
>> University of Guelph
>>
>> 519-824-4120 Ext 56217
>> d...@uoguelph.ca
>> www.uoguelph.ca/ccs
>>
>> ** Participation and subscription information for this
>> EDUCAUSE Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can
> be found at http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Mark Duling]

We upgraded our 8500 series from 8.1.131.0 to 8.2.111.0 Saturday. Haven't
seen any issues yet. We're using n+1 redundancy.


On Wed, Jul 6, 2016 at 12:46 AM, Mathieu Sturm 
wrote:

> We’ve replaced our 1130’s last year and are going for 8.2MR next week.
>
> Has anyone done the upgrade? We want to try out the 1810w’s.
>
>
>
>
>
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> --
> [image: http://www.hogent.be/www/assets/Image/maillogo.png]
>
> Hogeschool Gent
> Dienst Financiën en ICT
> Valentin Vaerwyckweg 1
> BE-9000 Gent
> mathieu.st...@hogent.be
> HoGent.be
>
>
>
>
>
>
>
> *Van:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *Namens *Tristan Gulyas
> *Verzonden:* woensdag 6 juli 2016 2:46
> *Aan:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Onderwerp:* Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good,
> bad?
>
>
>
> Hi Lee,
>
>
>
> Do you happen to have a bug ID?
>
>
>
> We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are
> replaced.  We're currently testing on 8.2 MR for hyperlocation.
>
> --
>
> *TRISTAN GULYAS*
>
> Senior Network Engineer
>
>
>
> *Infrastructure Services, eSolutions*
>
> Monash University
>
> 738 Blackburn Road
>
> Clayton 3168
>
> Australia
>
>
>
> E: tristan.gul...@monash.edu
>
> monash.edu
>
>
>
> On 1 Sep 2015, at 1:33 AM, Lee H Badman  > wrote:
>
>
>
> I am hearing an ugly not-public issue with .120.
>
>
>
> From a colleague:
>
>
>
> 1.  Running 8.1.111.0
>
> 2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the
> controller.
>
> 3.   The command “sh cdp n detail” shows all normal and the APs are
> getting the correct IP address;
>
> 4.   However, the output of “sh interface ” only shows
> one-way-traffic:  From the switch to the AP and nothing coming back from
> the AP;
>
> 5.   AP refuses to join the controller;
>
> 6.   If I console into the AP I will see a lot of newly-generated
> crash logs pointing to the corruption of the radio drivers.  I do NOT
> understand how the corruption of radio drivers preventing the AP from
> joining the controller.
>
> 7.   The AP did NOT boot into ROMmon;
>
> 8.   If I delete the IOS and force the AP to boot the recovery image,
> the AP will join properly.
>
>
>
> TAC told him this is a known bug that WAS NOT fixed on .120, but would be
> on the next MR release around November. You may want to hold out for that
> one.
>
>
>
> -Lee
>
>
>
>
>
>
>
> *Lee Badman* | Network Architect
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003   *f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Cosgrove, John
> *Sent:* Monday, August 31, 2015 11:22 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> 
> *Subject:* Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good,
> bad?
>
>
>
> I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if
> anyone has any concerns or issues.  Not date planned and just doing
> pre-testing at this point but want to do this in the next 2 months.
>
>
>
> Thx
>
>
>
> *John Cosgrove*
> Wireless Network Staff Specialist
>
>
>
> Penn State Hershey Medical Center and Health System
>
> Penn State College of Medicine
>
> 140 Sipe Ave
>
> Hershey, PA 17033
>
> Phone:   717-531-6131
> EMail:*jcosgr...@hmc.psu.edu *
>
> Web: http://pennstatehershey.org
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Paul Sedy
> *Sent:* Monday, August 31, 2015 11:13 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good,
> bad?
>
>
>
> Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.
>
>
>
> Paul Sedy
>
> The Master’s College
>
> Director of IT Operations
>
> 21726 Placerita Canyon Rd, Santa Clarita, CA 91321
>
> 661.362.2340 | rps...@masters.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Dan Brisson
> *Sent:* Monday, August 31, 2015 5:46 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good,
> bad?
>
>
>
> Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm
> seeing a fair amount of them on my 3702i's.
>
> Thanks!
> -dan
>
>
> Dan Brisson
>
> Network Engineer
>
> University of Vermont
>
>
>
>
>
>
>
> On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
>
> Hi Lee,
>
>
>
> The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and
> (CSCuq86269)
>
>
>
> CSCut98006 DFS detections due to high energy profile signature –
> AP2600/3600 specific fix
>
>
>
> Fixed in Image  8.0.110.22 f

Re: [WIRELESS-LAN] RADIUS Servers Load Balancing

[Joe Rogers]

We're running a cluster of 8 FreeRADIUS servers behind two pairs of 
Citrix Netscaler's in different data centers which inject two anycast-IP 
VIPs into our backbone routing tables.  This has worked very well in our 
environment for many years.  If a Netscaler fails or the member servers 
behind it fail, the route is simply withdrawn and traffic switches over 
to the other data center's Netscalers.  We made sure to keep sessions 
'sticky' to a given server as long as everything is operating normally.  
We use the NAS IP addr for persistence.  It doesn't provide perfectly 
even load-balancing over the servers (some NAS' are busier than 
others).  But, it worked well enough for us.  The servers generally see 
around 300 requests/sec (auth and acct combined) during a normal semester.


*Joe Rogers*
Associate Director, Network Engineering

University of South Florida – Information Technology
4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620
j...@usf.edu | Tel: (813) 974-7369
www.usf.edu/it | Facebook: /USF Information Technology | Twitter: @ USF_IT

On 07/06/2016 09:16 AM, Dennis Xu wrote:

Hello,
Has anyone had success stories about deploying RADIUS servers behind 
load balancers to support large number of concurrent 802.1X users? We 
just deployed 5 FreeRADIUS servers behind Cisco ACE and observed 
packets drop issues at ACE. By far, I suspect the issue was caused by 
the RADIUS stickiness(by calling-station-ID). Has anyone deployed 
RADIUS load balancing without using stickiness?


Thanks.


Dennis Xu, MASc, CCIE #13056
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS)
University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Jeffrey D. Sessler]

I’m running 8.2MR1 to support new 3800 WAPs and it’s been 100% stable. The 
dynamic bandwidth selection (DBS) is very cool (originally added in 8.1). Even 
in my densest deployments, a good majority of my AP’s are able to run in 
80Mhz-wide.

There is an engineering build 8.2.110.7 – this is focused on the new 
1800/2800/3800’s, so if you are deploying them, best to get that build from TAC 
– or – sign up for the 8.2MR2 beta and get it that way.

8.2MR2 is also in beta and due in July. It was being worked on concurrently 
with MR1 for quick release after the new 1800/2800/3800’s FCS.

https://supportforums.cisco.com/discussion/13059961/82mr2-beta-availability

Jeff


From: "wireless-lan@listserv.educause.edu"  
on behalf of Mathieu Sturm 
Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Wednesday, July 6, 2016 at 12:46 AM
To: "wireless-lan@listserv.educause.edu" 
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

We’ve replaced our 1130’s last year and are going for 8.2MR next week.
Has anyone done the upgrade? We want to try out the 1810w’s.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer
--
[ttp://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Tristan Gulyas
Verzonden: woensdag 6 juli 2016 2:46
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: http://pennstatehershey.org


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sen

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[McClintic, Thomas]

We are using WiSM2’s but here are our issues so far with 8.0.120

-HA SSO Failovers caused by unknown process crash (no crash file)
-Engineering release installed which caused HA failures (both controllers) due 
to mDNS process watchdog crash
-DHCP issues for idle timed out clients performing l3 roam (session timeout not 
expired)

We have workarounds plus engineer release in place for the above items and are 
stable at the moment. We continue to work with TAC to remove the workarounds.

8.0 has not been friendly to us, however I hear praises from others about it.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, July 06, 2016 7:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

This far after the fact, I’d have to comb through a few thousand emails…

Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Tuesday, July 05, 2016 8:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: 
http://pennstatehershey.org

RADIUS Servers Load Balancing

[Dennis Xu]

Hello, 
Has anyone had success stories about deploying RADIUS servers behind load 
balancers to support large number of concurrent 802.1X users? We just deployed 
5 FreeRADIUS servers behind Cisco ACE and observed packets drop issues at ACE. 
By far, I suspect the issue was caused by the RADIUS stickiness(by 
calling-station-ID). Has anyone deployed RADIUS load balancing without using 
stickiness? 

Thanks. 


Dennis Xu, MASc, CCIE #13056 
Analyst 3, Network Infrastructure 
Computing and Communications Services(CCS) 
University of Guelph 

519-824-4120 Ext 56217 
d...@uoguelph.ca 
www.uoguelph.ca/ccs 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Lee H Badman]

This far after the fact, I’d have to comb through a few thousand emails…

Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Tuesday, July 05, 2016 8:46 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: http://pennstatehershey.org


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan



Dan Brisson

Network Engineer

University of Vermont






On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
Hi Lee,

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)

CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

Fixed in Image  8.0.110.22 for 3600/2600 platforms

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

This week Cisco should be able to confirm ETA for this second part of the fix

(this is my TAC case SR 634977857 Flapping AP radio causing Alarms in Prime)


Gertjan Scharloo
ICT Consultant
_

Universit

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Liebe, Andreas]

Hi Mathieu,

we’re running 8.2.110.0 on several controllers (5508, 5520) without issues. We 
have one 8.0 controller left for our remaining 1130s.

Andreas
--
Andreas Liebe, Kommunikationssysteme
Technische Universität Darmstadt
Hochschulrechenzentrum, Mornewegstraße 30, D-64293 Darmstadt
Telefon +49 6151 16-71011, Fax +49 6151 16-71198 
http://www.hrz.tu-darmstadt.de/komsys

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mathieu Sturm
Sent: Wednesday, July 6, 2016 9:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

We’ve replaced our 1130’s last year and are going for 8.2MR next week.
Has anyone done the upgrade? We want to try out the 1810w’s.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Tristan Gulyas
Verzonden: woensdag 6 juli 2016 2:46
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: http://pennstatehershey.org


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Mathieu Sturm]

We’ve replaced our 1130’s last year and are going for 8.2MR next week.
Has anyone done the upgrade? We want to try out the 1810w’s.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Tristan Gulyas
Verzonden: woensdag 6 juli 2016 2:46
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: http://pennstatehershey.org


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan



Dan Brisson

Network Engineer

University of Vermont






On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
Hi Lee,

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)

CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

Fixed in Image  8.0.110.22 for 3600/2600 platforms

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

This week Cisco should be able to confirm ETA for this second part of the fix

(this is my TAC case SR 634977857 Flapping AP radio causing Alarms i