RE: PEAP vs TLS

[Jason Cook]

- Support 802.1x? -
Yes

- use EAP-PEAP on campus? -
Yes

- use EAP-TLS on campus? –
Yes

- What PKI/CA do you use: -

- If both, why and is one preferred? -
We’ve always had EAP-PEAP since 2006 when we first started. We used Cloudpath 
Wizard a few years later to help configure clients, and migrated to Cloudpath 
Enrolment System when it came out and use EAP-TLS.
We don’t force EAP-TLS, but essentially push all users requiring support to 
Cloudpath and EAP-TLS
EAP-PEAP remains available, we may consider turning it of in the future but 
there’s other fish to fry. TLS is organically growing pretty well.

If you want EAP-TLS Cloudpath has been great, many people love Secure W2. Check 
them both out

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:

Less lockouts from client devices are a great bonus at password change time. 
Also if an AD lockout occurs (for any reason), an EAP-TLS configured device 
still gets authenticated and has wifi access.

Have generally found that many clients are happier on EAP-TLS. After reports of 
stability issues, investigating RF and no real problems. EAP-TLS and users 
claim things are better.

--
Jason Cook
Information Technology and Digital Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

CRICOS Provider Number 00123M
---
This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright.  If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system.  No representation 
is made that this email is free of viruses.  Virus scanning is recommended and 
is the responsibility of the recipient.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Morton
Sent: Saturday, 24 February 2018 3:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] PEAP vs TLS

We currently use EAP-PEAP for our eduroam/802.1x, but are now considering 
adding EAP-TLS to the mix. We have several potential PKIs that we could use, 
but all of them will take some work to get them ready for a production launch. 
Given that resources are limited, I’m looking for some data points about others 
who have moved, are thinking of moving or have decided not to adopt EAP-TLS.

To help gather some data can you please answer this short survey?

Do you:

- Support 802.1x? -

If yes, do you:

- use EAP-PEAP on campus? -

- use EAP-TLS on campus? -
- What PKI/CA do you use: -

- If both, why and is one preferred? -

- If only PEAP, are you planning EAP-TLS? -

Brief description of why you’re doing what you’re doing and anything else that 
might be helpful:



Thank you in advance


David



David Morton
Director, Networks & Telecommunications
Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV
University of Washington
dmor...@uw.edu
tel 206.221.7814

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: point-to-point wireless backhauls

[Yahya M. Jaber]

We use Cisco 1572, they can have multiple types of antenna's at the same time, 
so I can use the same AP with a directional antenna to reach the Root AP, and 
use another two omni antenna's for clients access. Also, I can connect a camera 
"or industrial Switch" to its PoE+ port.
Other solution  for good client access is to use daisy chain by connecting 
another AP to the MESH Via PoE+ port.

Yahya Jaber.
Sr. Wireless Engineer
IT Network & Communications - Engineering
Building 14, Level 3, Rm 308-WS07
KAUST 23955-6900 Thuwal, KSA

Email yahya.ja...@kaust.edu.sa
Office +966 (0) 12 8081237
Mobile +966 (0) 558697555
On Call Rotation Mobile: +966 54 470 1177

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Tuesday, February 20, 2018 20:03
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] point-to-point wireless backhauls

This has come up a few times, but I wanted to ask introduce a deviation from 
the larger (trunk) discussion - what are people recommending for small 
backhauls over wireless (e.g to support a 1-2 devices, such as CCTV) for 
example at a ball field?  If you are offering WiFi services to people attending 
events, do you need to reconcile the introduction of a point-to-point backhaul 
into your site planning?

Have any of you used the NanoBeamAC units?

-Brian


Brian Helman, M.Ed |  Director, ITS/Networking Services | *: 978.542.7272
Salem State University, 352 Lafayette St., Salem Massachusetts 01970
GPS: 42.502129, -70.894779

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

EIGRP equal cost load balancing over wireless bridges

[Mark Duling]

Hello all,

Is anyone running two pairs of inexpensive wireless bridges–say ubiquity
AirFiber–and using EIGRP equal cost load balancing over them? It seems to
me that should be an inexpensive way to support reasonably high bandwidth
building over redundant links.

I ask because a while back as a test I changed a remote building with two
pairs of wireless transparent bridges (one acting as primary / other acting
as backup, each pair a different vendor but both wired interfaces 100 Mb)
from routing over the primary to use equal cost load balancing over both.
After that we'd occasionally see our Cisco capwap APs disassociate and
re-associate from our WLCs on campus where they weren't doing that when
data was routed over a single link.

Does anyone know why that might happen with ECLB? Or in any case, is anyone
successfully using a dual link wireless bridge setup with both links
active? Thanks

Mark - Biola IT Operations

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

[Greg Briggs]

I solve replacement items (of many kinds) with a formula that works for
small and large deployments.  It works for everything from switches to
toilet paper so I have used it for more than my day job.  It can and can be
expressed in a spreadsheet like this "=CEILING(N1*M1,1)" where N is a
column with the calculated need and M is a rate at which you need spares,
or it is consumed before your next purchase.  The formula is sometimes
calculated on a spreadsheet and sometimes it is just a rough estimate in my
head.  Here are some example starting values for the M column.  Optionally
you can add a field for the ceiling value to reflect things that are only
available in quantities greater than one.  For example 10 for hotdogs and 8
for hotdog buns.  The formalization of this formula is adapted from one my
manager used, so credit is due to David Allen.


   - 1.1 for something like a new line of APs you don't already have a
   deployment of.  This allows for 10 spares in a deployment of 100 in case
   some arrive DOA or I find a flaw in my plan after the order/ post install.
   I would be more conservative if I didn't think I was ever going to need
   that model of APs elsewhere, and just take the heat if I end up short.
   - 1.01 for the subsequent deployment of APs if spares are already on
   hand.
   - 1.1 for something that is mission critical but we only have a few of.
   - 1 for expensive things that have a high availability feature and are
   under a reasonably quick turnaround service/replacement contract.
   - 1.2 for items that we ran out of quickly last time we made an annual
   purchase.
   - 1.05 for inexpensive things that would save some time to have spares
   of, but are only a minor inconvenience if you run out.

Modify the value for subsequent orders based on current inventory or if you
find that the failure (or consumption) rate is higher than expected.
Another reason to modify the value is if replacements can be found locally,
or if you can count a similar model of item that you have spare of as a
replacement.  MTBF is another variable to consider.

Using this formula also helps determine the support level because you can
calculate what you need to make the cheaper support levels a better value
with an acceptable and/or similar risk.

Greg Briggs
Network Manager
Pacific Lutheran University


On Tue, Feb 27, 2018 at 8:23 AM, Jeffrey D. Sessler  wrote:

>
>- Look at the turn-around time for warranty replacement. The free
>limited-lifetime may take longer than if the AP is under an extended
>contract.
>- Evaluate your deployment plan. If your deployment is coverage-based,
>where the loss of a single AP could be devastating to clients, then keep
>more spares. If you have a dense deployment where the loss of one or more
>APs is of little consequence, keep less.
>- Spares are technology collecting dust with the same life-cycle as
>those in production. If you have 5000 APs and spare 2%, that’s 100 APs that
>would likely cover a moderately sized building, and provide a lot of
>in-fill.
>- If you keep spares, make sure to cycle them into production i.e.
>always install them into a new project, and put new APs back on the spare
>shelf.
>- When you upgrade controller code, pull those spares out and let them
>upgrade too, then test that they still work.
>
>
>
> Jeff
>
>
>
> *From: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU> on behalf of "Trinklein, Jason R" 
> *Reply-To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Date: *Monday, February 26, 2018 at 10:21 AM
> *To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Offline/Spare Gear Inventory Size
>
>
>
> Hi All,
>
>
>
> I’m curious to know the size of your spare gear inventories. Do you keep a
> percentage of each model of AP in inventory, and what is your reasoning?
> Storms? Last minute/emergency wireless coverage needs?
>
>
>
> What percentage of your live gear do you keep as offline inventory? (100
> live APs with 1 inventory AP = 1% offline inventory).
>
>
>
> With Xirrus, we had an offline inventory of more than 10% of live
> inventory. We kept that inventory to cover the high failure rate of the
> equipment, the incidence of hurricanes and lightning strikes in our area,
> the broad range of AP models on campus, and last minute large events in low
> coverage areas.
>
>
>
> We are evaluating the minimum offline inventory for our new Aruba gear as
> we finish up the vendor switch. I have been thinking 1-2%, but I want to
> see what you guys do first, and why.
>
>
>
> Thank you,
>
> --
>
> *Jason Trinklein*
>
> *Wireless Engineering Manager*
>
> College of Charleston
>
> 81 St. Philip Street | Office 311D | Charleston, SC 29403
> 

Re: [WIRELESS-LAN] PEAP vs TLS

[Aaron Abitia]

 Hi David,

Aaron here from Cal Poly University in San Luis Obispo...

*Do you*:

- Support 802.1x? -

Yes.


*If yes, do you*:

- use EAP-PEAP on campus? -

Yes.

- use EAP-TLS on campus? -

Yes.

- What PKI/CA do you use: -

For PEAP, we use Comodo/Incommon as the CA for the RADIUS and HTTPS certs
that we load into Aruba Clearpass, which acts as our RADIUS.  For EAP-TLS,
we use Aruba Clearpass Onboarding, which acts as its own PKI, and again, we
use Comodo/Incommon as the CA for the RADIUS and HTTPS certs in Clearpass.

- If both, why and is one preferred? -

We started out with PEAP, then rolled in EAP-TLS; the reason for this was
that because we're Education, we don't have centralized management of
devices, but rather BYOD, so getting certs to users' devices so that the
devices bark less was difficult.  With PEAP, we made a mobile config
profile available to IOS users so that those devices barked less about
seeing a new cert--you still get a "I see a new cert" popup in IOS/AppleOS
but at least there's no dreaded "Not Verified" message in red letters--then
with non-Apple devices we made do with the Root CA certs that came with the
OS, but that still meant that we had to instruct users on how to configure
the "verify server certificate" settings.

All of those certificate issues is why we started using Aruba's Onboarding
for EAP-TLS, where all we needed to worry about having valid RADIUS/HTTPS
certs on Clearpass.  The device connects to the Onboarding SSID, they login
with a browser and the device is then provisioned for our main SSID.  With
EAP-TLS, your WiFi system doesn't go down if AD has a problem because
devices are authenticated to Clearpass.  Also, there's less password
problems that come with AD, should a user's account get locked. And, if a
device is infected, you can revoke access for that one device, instead of
blocking their username and thus all their devices. But the main thing is
that your help desk theoretically has fewer visits since users can use
Onboarding anywhere.  We wanted to eventually turn off PEAP, but by having
PEAP available, there's that safety net if users cannot Onboard, and also,
we do PEAP on Eduroam as well.  Because we have ~25K devices that all want
on WiFi, there's always going to be users who, for whatever reason, are
unable to Onboard...their device is messed up, the provisioning process
crashes, etc.  That said, with PEAP there can be issues of manual device
configuration, depending upon the OS; that is less of a factor today as it
used to be, though.


- If only PEAP, are you planning EAP-TLS? -

Brief description of why you’re doing what you’re doing and anything else
that might be helpful:

One of the main issues that may influence which way you go is how sensitive
your organization is to popups on devices, in particular "certificate
cannot be verified" type messages.  Some universities don't care, just
click "OK" or "Proceed" the one time and you'll never see it again, in
which case PEAP might be okay for you.  In other universities, they won't
allow that, the whole connection experience must be as free of those popups
as possible, and that's where Aruba Onboarding helps.  As far as the manual
configuration on devices that you need to do for a PEAP connection, that
has subsided as OSes got better at WiFi; in the early days of WiFi that was
a bigger issue and is what made EAP-TLS/Onboarding so attractive.


P.S. Go Cougars...sorry man, I lived in Pullman as a kid.




On Fri, Feb 23, 2018 at 8:58 AM, David Morton  wrote:

> We currently use EAP-PEAP for our eduroam/802.1x, but are now considering
> adding EAP-TLS to the mix. We have several potential PKIs that we could
> use, but all of them will take some work to get them ready for a production
> launch. Given that resources are limited, I’m looking for some data points
> about others who have moved, are thinking of moving or have decided not to
> adopt EAP-TLS.
>
> To help gather some data can you please answer this short survey?
>
> *Do you*:
>
> - Support 802.1x? -
>
> *If yes, do you*:
>
> - use EAP-PEAP on campus? -
>
> - use EAP-TLS on campus? -
> - What PKI/CA do you use: -
>
> - If both, why and is one preferred? -
>
> - If only PEAP, are you planning EAP-TLS? -
>
> Brief description of why you’re doing what you’re doing and anything else
> that might be helpful:
>
>
>
> Thank you in advance
>
>
> David
>
>
>
>
> David Morton
> Director, Networks & Telecommunications
> Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV
> University of Washington
> dmor...@uw.edu
> tel 206.221.7814 <(206)%20221-7814>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>


-- 
Aaron Abitia
Network Analyst
Enterprise Systems, Networks
Information Technology Services
Cal Poly State University
Tel: 805.756.1295

**
Participation and subscription information for this EDUCAUSE Constituent 

Re: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

[Jeffrey D. Sessler]

  *   Look at the turn-around time for warranty replacement. The free 
limited-lifetime may take longer than if the AP is under an extended contract.
  *   Evaluate your deployment plan. If your deployment is coverage-based, 
where the loss of a single AP could be devastating to clients, then keep more 
spares. If you have a dense deployment where the loss of one or more APs is of 
little consequence, keep less.
  *   Spares are technology collecting dust with the same life-cycle as those 
in production. If you have 5000 APs and spare 2%, that’s 100 APs that would 
likely cover a moderately sized building, and provide a lot of in-fill.
  *   If you keep spares, make sure to cycle them into production i.e. always 
install them into a new project, and put new APs back on the spare shelf.
  *   When you upgrade controller code, pull those spares out and let them 
upgrade too, then test that they still work.

Jeff

From: "wireless-lan@listserv.educause.edu"  
on behalf of "Trinklein, Jason R" 
Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Monday, February 26, 2018 at 10:21 AM
To: "wireless-lan@listserv.educause.edu" 
Subject: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

Hi All,

I’m curious to know the size of your spare gear inventories. Do you keep a 
percentage of each model of AP in inventory, and what is your reasoning? 
Storms? Last minute/emergency wireless coverage needs?

What percentage of your live gear do you keep as offline inventory? (100 live 
APs with 1 inventory AP = 1% offline inventory).

With Xirrus, we had an offline inventory of more than 10% of live inventory. We 
kept that inventory to cover the high failure rate of the equipment, the 
incidence of hurricanes and lightning strikes in our area, the broad range of 
AP models on campus, and last minute large events in low coverage areas.

We are evaluating the minimum offline inventory for our new Aruba gear as we 
finish up the vendor switch. I have been thinking 1-2%, but I want to see what 
you guys do first, and why.

Thank you,
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009

DID YOU KNOW? The Princeton Review selected the College of Charleston as one of 
50 schools focused on providing students with practical experiences that take 
their academics to the next level.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: PEAP vs TLS

[Eriks Rugelis]

>Do you:
>- Support 802.1x? - 
Yes.

>If yes, do you:
>- use EAP-PEAP on campus? - 
Yes.

>- use EAP-TLS on campus? - 
No.

>- What PKI/CA do you use: - 
GlobalSign.

>- If only PEAP, are you planning EAP-TLS? - 
No.

When 801.1x was launched here, PEAP was the lowest common denominator for 
machine-based authentication across the fleet of BYOD clients.  PEAP continues 
to be deemed 'good enough' for our needs.  A project proposal to deploy EAP-TLS 
continues to be difficult to justify resource allocations to proceed vs. other 
service improvements and operational fires.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Offline/Spare Gear Inventory Size

[McGuire, Michael]

We are an Aruba shop for wireless as well and see very few APs in need of 
replacement (with the exception of the hospitality APs in our ResHalls).

I keep 2 of each model currently in production as dedicated spares in addition 
to those that have been purchased and not yet deployed for the same reasons 
mentioned by Bruce below.

As for the hospitality APs, the ones we see needing occasional replacement are 
most likely a result of the conditions they’re deployed in. Common issues are 
mounting posts breaking off on the back, damaged pins on the Ethernet 
connections and not booting after who knows what has been done to it. I try to 
keep a few extra of these on-hand to replace as there are issues and RMA them 
with the lifetime warranty.


- Michael

Michael McGuire
Network Systems Administrator
Monmouth University
mmcgu...@monmouth.edu
732.263.5589
[cid:image002.png@01D049D1.4BBE4E60]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Operations)
Sent: Tuesday, February 27, 2018 7:46
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

We have needed to replace very few of our Aruba APs. We keep inventory mainly 
for the following reasons:


  1.  Temporary large event deployments
  2.  Coverage adjustments
  3.  Last minute projects that cannot wait for ordered equipment – We are a 
construction-heavy school.
  4.  Pull backs from areas being remodeled. Those moving in generally purchase 
newer equipment.
  5.  Lab testing for new configuration & troubleshooting.

We try to keep some of our latest recommended model APs.

Regards,

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trinklein, Jason R [mailto:trinkle...@cofc.edu]
Sent: Monday, February 26, 2018 1:21 PM
Subject: Offline/Spare Gear Inventory Size

Hi All,

I’m curious to know the size of your spare gear inventories. Do you keep a 
percentage of each model of AP in inventory, and what is your reasoning? 
Storms? Last minute/emergency wireless coverage needs?

What percentage of your live gear do you keep as offline inventory? (100 live 
APs with 1 inventory AP = 1% offline inventory).

With Xirrus, we had an offline inventory of more than 10% of live inventory. We 
kept that inventory to cover the high failure rate of the equipment, the 
incidence of hurricanes and lightning strikes in our area, the broad range of 
AP models on campus, and last minute large events in low coverage areas.

We are evaluating the minimum offline inventory for our new Aruba gear as we 
finish up the vendor switch. I have been thinking 1-2%, but I want to see what 
you guys do first, and why.

Thank you,
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009

DID YOU KNOW? The Princeton Review selected the College of Charleston as one of 
50 schools focused on providing students with practical experiences that take 
their academics to the next level.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Offline/Spare Gear Inventory Size

[Julian Y Koh]

> On Feb 26, 2018, at 12:20, Trinklein, Jason R  wrote:
> 
> 
> I’m curious to know the size of your spare gear inventories. Do you keep a 
> percentage of each model of AP in inventory, and what is your reasoning? 
> Storms? Last minute/emergency wireless coverage needs?

In addition to what’s already been mentioned, there are places where it can be 
advantageous to buy, say, your entire year’s supply of something so that you 
get a bigger purchasing discount.

-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Offline/Spare Gear Inventory Size

[Osborne, Bruce W (Network Operations)]

We have needed to replace very few of our Aruba APs. We keep inventory mainly 
for the following reasons:


  1.  Temporary large event deployments
  2.  Coverage adjustments
  3.  Last minute projects that cannot wait for ordered equipment – We are a 
construction-heavy school.
  4.  Pull backs from areas being remodeled. Those moving in generally purchase 
newer equipment.
  5.  Lab testing for new configuration & troubleshooting.

We try to keep some of our latest recommended model APs.

Regards,

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Trinklein, Jason R [mailto:trinkle...@cofc.edu]
Sent: Monday, February 26, 2018 1:21 PM
Subject: Offline/Spare Gear Inventory Size

Hi All,

I’m curious to know the size of your spare gear inventories. Do you keep a 
percentage of each model of AP in inventory, and what is your reasoning? 
Storms? Last minute/emergency wireless coverage needs?

What percentage of your live gear do you keep as offline inventory? (100 live 
APs with 1 inventory AP = 1% offline inventory).

With Xirrus, we had an offline inventory of more than 10% of live inventory. We 
kept that inventory to cover the high failure rate of the equipment, the 
incidence of hurricanes and lightning strikes in our area, the broad range of 
AP models on campus, and last minute large events in low coverage areas.

We are evaluating the minimum offline inventory for our new Aruba gear as we 
finish up the vendor switch. I have been thinking 1-2%, but I want to see what 
you guys do first, and why.

Thank you,
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 300–8009

DID YOU KNOW? The Princeton Review selected the College of Charleston as one of 
50 schools focused on providing students with practical experiences that take 
their academics to the next level.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester

[Mike Atkins]

We also setup a Speedtest.net (Ookla) public speed test server at Notre
Dame.  Our main motivation was to manage perception.  We are on a state run
optical network.  Our speedtest.net traffic went from campus on the north
end of the state, to central Indiana, to Chicago, then back to South Bend.
The closest geographical Speedtest.net public server was already in our
town, but due to our ISP setup there was a lot of excessive travel.  The
closest geographical test server did not appear to be on a fast enough link
either.  We unsuccessfully tried to get Speedtest.net to point our public
IP space to Indianapolis speedtest.net servers to get a more accurate test
results.  I see Comcast and AT are able to point speedtest.net to the
closest logical test server instead of closest geographical test server.
We ended up installing the Speedtest.net free public server.  Without the
paid subscription we do not get access to detailed information on test
results.  Less detail was fine for us because we just needed to handle the
perception issue caused by speed tests going around the state(s) to a less
optimal test server.  We also setup a lightweight server
http://speedtest.nd.edu but found a lot of students prefer (trust) third
party test results from sites they use at home.  Even some faculty will use
speedtest.net as a quick check prior to setting up iperf or perfsonar.  It
is quick and easy…. If the results look okay they move on to solving the
world’s problems instead of building infrastructure to test our
infrastructure.  Which circles back to getting users to trust your
infrastructure simply because of a test result that used to be out of our
scope.



Side note, HDD speed affects Ookla speedtest.net server performance.  We
ended up putting an NVMe drive into the old repurposed server to better
serve multi gigabit connections.













*Mike Atkins *

Network Engineer

Office of Information Technology

University of Notre Dame



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Amel Caldwell
*Sent:* Monday, February 26, 2018 10:59 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester



We also have an instance of the Ookla speedtest at the University of
Washington.  One thing I notices is for clients on private IP space, the
speedtest shows a NATed IP, even though the server is on campus.  This is
because not everything is local.  Anyway, having someone send me a
screenshot or tell me their IP address is the NATed address is not that
helpful.  I believe we are considering an alternative when our year is up.



Amel Caldwell

University of Washington UW-IT

Wi-Fi Network Engineer

Wi-Fi Service Manager



am...@uw.edu

206-543-2915





*From: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Osborne, Bruce W (Network
Operations)" 
*Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Date: *Monday, February 26, 2018 at 4:56 AM
*To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Subject: *Re: [WIRELESS-LAN] Bandwidth/Throughput/Latency Tester



That is what we use.



http://speedtest.liberty.edu





*Bruce Osborne*

*Senior Network Engineer*

*Network Operations - Wireless*

 *(434) 592-4229*

*LIBERTY UNIVERSITY*

*Training Champions for Christ since 1971*



*From:* Adam Forsyth [mailto:forsy...@luther.edu ]
*Sent:* Friday, February 23, 2018 9:53 AM
*Subject:* Re: Bandwidth/Throughput/Latency Tester



Isn't this: https://www.ookla.com/speedtest-custom what you asked Ookla
about and were told that it doesn't exist?  I ran a version of that on a
local server a few years ago.I got the premium subscription for a year but
ultimately decided I hadn't figured out how to get any advantage from its
ability to save test results into a database.  I have since moved to using
https://github.com/adolfintel/speedtest (which Clemson also mentioned)
because I wanted a speedtest that was HTML5 and didn't use flash, and at
the time Ookla's speedtest custom required flash.  It looks like maybe its
also all HTML5 now so maybe I'll take a look at that again.



On Tue, Feb 20, 2018 at 11:56 AM, Fishel Erps <
0030ecf871d2-dmarc-requ...@listserv.educause.edu> wrote:

Hello everyone.



I’m curious to find out what other universities are doing to test
throughput, internally, to proof their networks.  I’m looking for something
that functions like Ookla’s Speedtest.net (browser-based, no required
clients) , but that runs internally (I have already contacted them
directly, and been told that they only provide products that are alive on
the public net).



As we all know, % of utilization and available throughput are not
one-in-the-same, and I need a way to address and diagnose legitimate
performance complaints,