Re: [WIRELESS-LAN] Cisco Code Version

[Jeffrey D. Sessler]

I participate in the betas and even run a beta controller in production. This 
is complex stuff, and especially in EDU, we see things that no enterprise 
customer will even encounter – or test bed can simulate. For the most part, 
I’ve had no show-stopper issues going back to the post 5.2 days. That said, I 
keep a very open and direct dialog with the BU, and with something like the 
x800 series WAPs, my team did a lot of testing of the product to help get all 
the little bugs worked out.

Jeff

From: "wireless-lan@listserv.educause.edu"  
on behalf of James Helzerman 
Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Tuesday, August 1, 2017 at 3:39 PM
To: "wireless-lan@listserv.educause.edu" 
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I feel like we might be used as QA..anyone else?

On Aug 1, 2017 6:32 PM, "Mccormick, Kevin" 
> wrote:
They just released 8.2.160.0. They have not vetted the release as being stable. 
They will recommend after enough downloads and not a lot of bug issues.

Kevin 
McCormick
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website | 
Facebook | 
Twitter
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Tue, Aug 1, 2017 at 4:00 PM, Marcelo Maraboli 
> wrote:
Hello all

I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??

just a precaution ?

My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x code 
our there.


what's your opinion ?


regards,

On 7/31/17 4:11 PM, Paul Thompson wrote:

.160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're 
using either of those features.  I was told by a coworker that the engineering 
prereleases of it had helped with some real life Apple connectivity tics, but 
have less detail on specifics of that.

On Mon, 31 Jul 2017, Lee H Badman wrote:



151 here as well- is a bit frustrating that 160 just came out as we’re in our 
“freeze” period now for making changes, pre-semester. Other than the typical 
laundry list of cryptic bugs corrected, does anyone know if 160 addresses any 
real-world, commonly impactful 3800-related bugs?



Lee Badman | Network Architect

Certified Wireless Network Expert (#200) Information Technology Services 206 
Machinery Hall 120 Smith Drive Syracuse, New York 13244

t 315.443.3003 f 315.443.4325 e 
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY syr.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman Sent: 
Monday, July 31, 2017 1:57 PM To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Cisco Code Version



Hi.  For those with Cisco access points what code version are planning on 
running for start of fall semester?



At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet.



Thanks



-Jimmy



--

James Helzerman Wireless Network Engineer University of Michigan - ITS

Phone: 734-615-9541

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

--
Marcelo Maraboli Rosselott
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

I agree Lee, certainly production 8.5 you wouldn’t be too keen to go with the 
first release. We have a dev environment and spare old hardware so I was 
planning to run it up in the old gear hoping to get to point of potential PRD 
July 18…. Which is more MR2 time though, we’ll see how quickly that software 
progresses.

That’s right Nick, the ISE method isn’t exactly the offering we want but 
hopefully that will progress by the time 8.5 is stable. I’m also hoping other 
vendors might come to the table, we are a Cloudpath customer and from what I 
can see they have the framework already to provide a good interface for 
supporting it…. I’ve put a feature request in but hopefully the Ruckus side 
doesn’t stop them supporting something like this.

One this IPSK would give us now is the ability to change a PSK without a big 
bang. We need to roll over our PSK’s, while one only has about 50 devices and 
the other is student accommodation and easily managed over a break it still 
doesn’t sound fun.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick
Sent: Wednesday, 2 August 2017 1:04 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

While WLC 8.5 did add IPSK it is probably safe to say its rather worthless for 
most at this time.  For those who have used ISE if you watch the video on how 
they make IPSK work it isn’t feasible to give each of your users their own PSK 
key to connect to wireless.  The current implementation within ISE required no 
feature additions to ISE to make it work.  All they do is have a rule to 
classify a device and/or user and then send a particular PSK value that it 
should be using.  This is a 100% manual process  for each device and/or user as 
nothing is baked into ISE to have a user register their account or device(s) 
and be presented a PSK to use.

Whats there now is good for having multiple PSK’s for different device types or 
user bases (such as all students) it isn’t that PPSK solution like others have. 
 Hopefully a ISE improvement will come at some point in the near future to 
allow a true per user PSK experience.

Granted using a 3rd party RADIUS server and writing your own interface would 
allow you issue a PSK per user not everyone has time for that.

--
Nick Ciesinski, Network Architect
University of Wisconsin - Whitewater
Office: MG208A | Phone: 262-472-7774
E-mail: ciesi...@uww.edu | SIP: 
ciesi...@uww.edu
PGP Key ID: 0x83042F05
--

On Jul 31, 2017, at 11:13 PM, Jason Cook 
> wrote:

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all ☺
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You maybe able to pass those Cisco-AV-Pairs with any radius 

RE: [WIRELESS-LAN] Cisco Code Version

[Jason Cook]

Sounds standard

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
Sent: Wednesday, 2 August 2017 8:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I feel like we might be used as QA..anyone else?

On Aug 1, 2017 6:32 PM, "Mccormick, Kevin" 
> wrote:
They just released 8.2.160.0. They have not vetted the release as being stable. 
They will recommend after enough downloads and not a lot of bug issues.

Kevin 
McCormick
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website | 
Facebook | 
Twitter
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Tue, Aug 1, 2017 at 4:00 PM, Marcelo Maraboli 
> wrote:
Hello all

I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??

just a precaution ?

My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x code 
our there.


what's your opinion ?


regards,

On 7/31/17 4:11 PM, Paul Thompson wrote:

.160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're 
using either of those features.  I was told by a coworker that the engineering 
prereleases of it had helped with some real life Apple connectivity tics, but 
have less detail on specifics of that.

On Mon, 31 Jul 2017, Lee H Badman wrote:



151 here as well- is a bit frustrating that 160 just came out as we’re in our 
“freeze” period now for making changes, pre-semester. Other than the typical 
laundry list of cryptic bugs corrected, does anyone know if 160 addresses any 
real-world, commonly impactful 3800-related bugs?



Lee Badman | Network Architect

Certified Wireless Network Expert (#200) Information Technology Services 206 
Machinery Hall 120 Smith Drive Syracuse, New York 13244

t 315.443.3003 f 315.443.4325 e 
lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY syr.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman Sent: 
Monday, July 31, 2017 1:57 PM To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] Cisco Code Version



Hi.  For those with Cisco access points what code version are planning on 
running for start of fall semester?



At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet.



Thanks



-Jimmy



--

James Helzerman Wireless Network Engineer University of Michigan - ITS

Phone: 734-615-9541

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

--
Marcelo Maraboli Rosselott
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Code Version

[James Helzerman]

I feel like we might be used as QA..anyone else?

On Aug 1, 2017 6:32 PM, "Mccormick, Kevin"  wrote:

They just released 8.2.160.0. They have not vetted the release as being
stable. They will recommend after enough downloads and not a lot of bug
issues.

Kevin McCormick

Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 298-1335 <3092981335> | Morgan Hall 106b
Connect with uTech: Website  | Facebook
 | Twitter



On Tue, Aug 1, 2017 at 4:00 PM, Marcelo Maraboli 
wrote:

> Hello all
>
> I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??
>
> just a precaution ?
>
> My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x
> code our there.
>
>
> what's your opinion ?
>
>
> regards,
>
>
> On 7/31/17 4:11 PM, Paul Thompson wrote:
>
>
> .160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're
> using either of those features.  I was told by a coworker that the
> engineering prereleases of it had helped with some real life Apple
> connectivity tics, but have less detail on specifics of that.
>
> On Mon, 31 Jul 2017, Lee H Badman wrote:
>
>
> 151 here as well- is a bit frustrating that 160 just came out as we’re in
> our “freeze” period now for making changes, pre-semester. Other than the
> typical laundry list of cryptic bugs corrected, does anyone know if 160
> addresses any real-world, commonly impactful 3800-related bugs?
>
>
>
> Lee Badman | Network Architect
>
> Certified Wireless Network Expert (#200) Information Technology Services
> 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244
>
> t 315.443.3003 <(315)%20443-3003> f 315.443.4325 <(315)%20443-4325> e
> lhbad...@syr.edu w its.syr.edu
>
> SYRACUSE UNIVERSITY syr.edu
>
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] On Behalf Of James Helzerman Sent:
> Monday, July 31, 2017 1:57 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Cisco Code Version
>
>
>
> Hi.  For those with Cisco access points what code version are planning on
> running for start of fall semester?
>
>
>
> At this point we looking at 8.2.151 possibly 8.2.160 but havent tested
> yet.
>
>
>
> Thanks
>
>
>
> -Jimmy
>
>
>
> --
>
> James Helzerman Wireless Network Engineer University of Michigan - ITS
>
> Phone: 734-615-9541 <(734)%20615-9541>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
>
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>
> --
> *Marcelo Maraboli Rosselott*
> Subdirector de Redes y Seguridad
> Dirección de Informática
> Pontificia Universidad Católica de Chile
> http://informatica.uc.cl/
> --
> Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
> Santiago, Chile
> Teléfono: (56) 22354 1341
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
>
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Code Version

[Mccormick, Kevin]

They just released 8.2.160.0. They have not vetted the release as being
stable. They will recommend after enough downloads and not a lot of bug
issues.

Kevin McCormick

Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 298-1335 <3092981335> | Morgan Hall 106b
Connect with uTech: Website  | Facebook
 | Twitter



On Tue, Aug 1, 2017 at 4:00 PM, Marcelo Maraboli 
wrote:

> Hello all
>
> I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??
>
> just a precaution ?
>
> My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x
> code our there.
>
>
> what's your opinion ?
>
>
> regards,
>
>
> On 7/31/17 4:11 PM, Paul Thompson wrote:
>
>
> .160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're
> using either of those features.  I was told by a coworker that the
> engineering prereleases of it had helped with some real life Apple
> connectivity tics, but have less detail on specifics of that.
>
> On Mon, 31 Jul 2017, Lee H Badman wrote:
>
>
> 151 here as well- is a bit frustrating that 160 just came out as we’re in
> our “freeze” period now for making changes, pre-semester. Other than the
> typical laundry list of cryptic bugs corrected, does anyone know if 160
> addresses any real-world, commonly impactful 3800-related bugs?
>
>
>
> Lee Badman | Network Architect
>
> Certified Wireless Network Expert (#200) Information Technology Services
> 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244
>
> t 315.443.3003 <(315)%20443-3003> f 315.443.4325 <(315)%20443-4325> e
> lhbad...@syr.edu w its.syr.edu
>
> SYRACUSE UNIVERSITY syr.edu
>
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] On Behalf Of James Helzerman Sent:
> Monday, July 31, 2017 1:57 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Cisco Code Version
>
>
>
> Hi.  For those with Cisco access points what code version are planning on
> running for start of fall semester?
>
>
>
> At this point we looking at 8.2.151 possibly 8.2.160 but havent tested
> yet.
>
>
>
> Thanks
>
>
>
> -Jimmy
>
>
>
> --
>
> James Helzerman Wireless Network Engineer University of Michigan - ITS
>
> Phone: 734-615-9541 <(734)%20615-9541>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>
> --
> *Marcelo Maraboli Rosselott*
> Subdirector de Redes y Seguridad
> Dirección de Informática
> Pontificia Universidad Católica de Chile
> http://informatica.uc.cl/
> --
> Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
> Santiago, Chile
> Teléfono: (56) 22354 1341
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Code Version

[Trenton Hurt]

http://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html#anc8


On Tue, Aug 1, 2017 at 5:00 PM Marcelo Maraboli 
wrote:

> Hello all
>
> I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??
>
> just a precaution ?
>
> My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x
> code our there.
>
>
> what's your opinion ?
>
>
> regards,
>
>
> On 7/31/17 4:11 PM, Paul Thompson wrote:
>
>
> .160 fixes some real world SIP and 802.11r Fast Transition bugs, if you're
> using either of those features.  I was told by a coworker that the
> engineering prereleases of it had helped with some real life Apple
> connectivity tics, but have less detail on specifics of that.
>
> On Mon, 31 Jul 2017, Lee H Badman wrote:
>
>
> 151 here as well- is a bit frustrating that 160 just came out as we’re in
> our “freeze” period now for making changes, pre-semester. Other than the
> typical laundry list of cryptic bugs corrected, does anyone know if 160
> addresses any real-world, commonly impactful 3800-related bugs?
>
>
>
> Lee Badman | Network Architect
>
> Certified Wireless Network Expert (#200) Information Technology Services
> 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244
>
> t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu
>
> SYRACUSE UNIVERSITY syr.edu
>
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] On Behalf Of James Helzerman Sent:
> Monday, July 31, 2017 1:57 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Cisco Code Version
>
>
>
> Hi.  For those with Cisco access points what code version are planning on
> running for start of fall semester?
>
>
>
> At this point we looking at 8.2.151 possibly 8.2.160 but havent tested
> yet.
>
>
>
> Thanks
>
>
>
> -Jimmy
>
>
>
> --
>
> James Helzerman Wireless Network Engineer University of Michigan - ITS
>
> Phone: 734-615-9541
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
>
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>
> --
> *Marcelo Maraboli Rosselott*
> Subdirector de Redes y Seguridad
> Dirección de Informática
> Pontificia Universidad Católica de Chile
> http://informatica.uc.cl/
> --
> Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
> Santiago, Chile
> Teléfono: (56) 22354 1341
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Code Version

[Marcelo Maraboli]

Hello all

I wonder why CISCO keeps 8.2.151 as "suggested" and not 8.2.160 ??

just a precaution ?

My Cisco partner is telling me to stay in 8.2.151 even if there is 8.5.x 
code our there.



what's your opinion ?


regards,


On 7/31/17 4:11 PM, Paul Thompson wrote:


.160 fixes some real world SIP and 802.11r Fast Transition bugs, if 
you're using either of those features.  I was told by a coworker that 
the engineering prereleases of it had helped with some real life Apple 
connectivity tics, but have less detail on specifics of that.


On Mon, 31 Jul 2017, Lee H Badman wrote:



151 here as well- is a bit frustrating that 160 just came out as 
we’re in our “freeze” period now for making changes, pre-semester. 
Other than the typical laundry list of cryptic bugs corrected, does 
anyone know if 160 addresses any real-world, commonly impactful 
3800-related bugs?




Lee Badman | Network Architect

Certified Wireless Network Expert (#200) Information Technology 
Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244


t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu

SYRACUSE UNIVERSITY syr.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James 
Helzerman Sent: Monday, July 31, 2017 1:57 PM To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco Code 
Version




Hi.  For those with Cisco access points what code version are 
planning on running for start of fall semester?




At this point we looking at 8.2.151 possibly 8.2.160 but havent 
tested yet.




Thanks



-Jimmy



--

James Helzerman Wireless Network Engineer University of Michigan - ITS

Phone: 734-615-9541

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.







**
Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


--
*Marcelo Maraboli Rosselott*
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Code Version

[Ciesinski, Nick]

While WLC 8.5 did add IPSK it is probably safe to say its rather worthless for 
most at this time.  For those who have used ISE if you watch the video on how 
they make IPSK work it isn’t feasible to give each of your users their own PSK 
key to connect to wireless.  The current implementation within ISE required no 
feature additions to ISE to make it work.  All they do is have a rule to 
classify a device and/or user and then send a particular PSK value that it 
should be using.  This is a 100% manual process  for each device and/or user as 
nothing is baked into ISE to have a user register their account or device(s) 
and be presented a PSK to use.

Whats there now is good for having multiple PSK’s for different device types or 
user bases (such as all students) it isn’t that PPSK solution like others have. 
 Hopefully a ISE improvement will come at some point in the near future to 
allow a true per user PSK experience.

Granted using a 3rd party RADIUS server and writing your own interface would 
allow you issue a PSK per user not everyone has time for that.

--
Nick Ciesinski, Network Architect
University of Wisconsin - Whitewater
Office: MG208A | Phone: 262-472-7774
E-mail: ciesi...@uww.edu | SIP: 
ciesi...@uww.edu
PGP Key ID: 0x83042F05
--

On Jul 31, 2017, at 11:13 PM, Jason Cook 
> wrote:

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all ☺
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You maybe able to pass those Cisco-AV-Pairs with any radius server.

Kevin 
McCormick
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website | 
Facebook | 
Twitter
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook 
> wrote:
There is a lot of resolved caveats in the 160 release for the 2800/3800 series. 
We’ve only got a handful of 2800’s operational but a lot to be installed, have 
hit 1 issue but haven’t identified it with a known bug yet.

Despite showing “users connected” to an AP, new users couldn’t join. I 
certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP 
with strong signal. Rebooting the AP resolved it, came across it on 2 out of 16 
AP’s last week. Due to impact we couldn’t get right into troubleshooting or 
logging a case, but intend to if it returns. Hopefully it’s not on critically 
locate AP’s this time

At this stage likely we’ll be testing and migrating to 8.2.160 (from 8.2.151) 
in the next few weeks

Was keen to begin playing with 

Re: [WIRELESS-LAN] Cisco Code Version

[James Andrewartha]

Yeah, that fabric paradigm seems … well, let’s just quote from 
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/few.html

> VXLAN

> After a TCP connection flap in the WLC, it takes about five to six minutes to 
> reestablish the connection. During this time, the access tunnels gets reset 
> during client join.

Table 2 AP Support
AP

Support

11N

No

11AC Wave 1

Yes

11AC Wave 2

Yes

Mesh

No

Table 3 Client Security


Security

Support

Open and Static WEP

No

Table 4 IPv6 Support
IPv6

Support

IPv6 Infra Support

No

IPv6 Client Support

No



And it needs a whole ‘nother controller (APIC-EM) with supported switches 
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/datasheet-c78-739052.html
 and WLC (8540, 5520, 3504 only).

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Lee H Badman 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, 1 August 2017 at 8:10 pm
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Cisco Code Version

I’m interested here, greatly… but:


-  8.5 will have to bake thoroughly for us. Not touching it until MR3 
or beyond. Zero trust or faith in early WLC code anymore- seems it’s all beta 
quality at best anymore.

-  Need to see if Cisco requires more licensing in ISE somehow to 
enable the feature (we only use ISE for basic RADIUS right now), and what the 
complexity to implement ends up being.


But if it scales, and if it isn’t nonsensically licensed, and if the code that 
supports it is eventually solid, and if you can use it without getting sucked 
into an immature, complicated, buggy fabric paradigm, it could be hugely 
enabling in certain environments.


-Lee


Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, August 01, 2017 12:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all ☺
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You maybe able to pass those Cisco-AV-Pairs with any radius server.

Kevin 
McCormick
Network Administrator
University 

RE: [WIRELESS-LAN] Cisco Code Version

[Lee H Badman]

Thanks, Jake.

-Original Message-
From: Jake Snyder [jsnyde...@gmail.com]
Received: Tuesday, 01 Aug 2017, 9:35
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] Cisco Code Version

Lee,
IPSK falls into base licensing as it is just RADIUS 802.1X.

However, you need base licenses for every device doing an IPSK, which may 
increase the number of base licenses you need.  If you were doing MAB before 
for those devices, it should be a wash.

Sent from my iPhone

On Aug 1, 2017, at 6:10 AM, Lee H Badman 
> wrote:

I’m interested here, greatly… but:


-  8.5 will have to bake thoroughly for us. Not touching it until MR3 
or beyond. Zero trust or faith in early WLC code anymore- seems it’s all beta 
quality at best anymore.

-  Need to see if Cisco requires more licensing in ISE somehow to 
enable the feature (we only use ISE for basic RADIUS right now), and what the 
complexity to implement ends up being.


But if it scales, and if it isn’t nonsensically licensed, and if the code that 
supports it is eventually solid, and if you can use it without getting sucked 
into an immature, complicated, buggy fabric paradigm, it could be hugely 
enabling in certain environments.


-Lee


Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, August 01, 2017 12:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

Thanks, I am aware it’s any radius server so it seems I identified my issue a 
bit hastily./… or not at all :)
It’s been a while since I played with an Aerohive AP but 3 years ago it was so 
easy to get this up and running on a single AP with different vlans and there’s 
self-registration as well. There were enterprise concerns about how that scales 
and redundancy back then and I haven’t followed the progress of that.

The radius method means it’s not quite an out of the box solution that was so 
simple with PPSK, but perhaps this is architecture requirements…  I guess it 
might be that easy if your using ICE. We are pretty keen to use this at some 
level, ideally with self-rego offering. Using freeradius I’m sure we can 
achieve this, but ongoing management could become interesting/a fair bit of 
development for the self-rego. No doubt we’ll look further into it in a couple 
of months once a few other priorities are ticked off

Regards

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, 1 August 2017 11:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Code Version

>From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair."

 -Sam
This email sent from a mobile computing device. Please excuse typos and brevity.

On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin 
> wrote:
I just looked at the IPSK video from CIsco here.

https://www.youtube.com/watch?v=deEv-aNXfL0

Not 100% sure ISE is required by the sound of the video.

They say a radius serve such as ISE, and of course Cisco is going to try and 
sell you ISE.

They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
along with MAC filtering and AAA override.

You maybe able to pass those Cisco-AV-Pairs with any radius server.

Kevin 
McCormick
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website | 
Facebook | 
Twitter
[http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg]

On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook 
> wrote:
There is a lot of resolved caveats in the 160 release for the 2800/3800 series. 
We’ve only got a handful of 2800’s operational but a lot to be installed, have 
hit 1 issue but haven’t identified it with a known bug yet.

Despite showing “users connected” to 

Re: [WIRELESS-LAN] New Crazy Wireless Devices

[Michael Davis]

We're just starting to see some of the early groups start showing up on 
campus.

The early trends seem to be Amazon Echo/Dots and Google Home systems, among
the ever growing trend of Smart TVs.  The most interesting new device to 
show up so

far as been a Ring Doorbell system.

thanks
mike

On 7/31/17 4:39 PM, Peter P Morrissey wrote:


Wondering if anyone has noticed any new trends in popular wireless 
devices that we might expect returning students to want to connect in 
their residences when they return?


Not being a gamer, this one was new to me. It apparently streams games 
on running on your laptop to your TV over a WiFi connection and also 
provides input for controllers. Seems like something that could use up 
a bit of bandwidth. The good news is that it appears to support 11ac.


http://store.steampowered.com/app/353380/Steam_Link/

Pete Morrissey

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: New Crazy Wireless Devices

[Osborne, Bruce W (Network Operations)]

Our students are wireless only, though. Any idea what protocols they use for 
discovery? It probably could be added to Aruba AirGroup.


Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hunter Fuller [mailto:hf0...@uah.edu]
Sent: Monday, July 31, 2017 6:04 PM
Subject: Re: New Crazy Wireless Devices

We saw a surge of these after the 2015 holiday season. Like other gaming 
devices, we MAC whitelist, and recommend that the users use wired if possible. 
Haven't seen much trouble out of them.

On Mon, Jul 31, 2017 at 3:39 PM Peter P Morrissey 
> wrote:
Wondering if anyone has noticed any new trends in popular wireless devices that 
we might expect returning students to want to connect in their residences when 
they return?

Not being a gamer, this one was new to me. It apparently streams games on 
running on your laptop to your TV over a WiFi connection and also provides 
input for controllers. Seems like something that could use up a bit of 
bandwidth. The good news is that it appears to support 11ac.

http://store.steampowered.com/app/353380/Steam_Link/

Pete Morrissey


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
--

--
Hunter Fuller
Network Engineer
VBH Annex B-5
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.