Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Sweetser, Frank E 
In theory, yes - I doubt that anyone is going to deploy 11ax with earlier 
standards disabled (except for base 11b data rates, anyway).  The problem is 
there's a bug in commonly deployed Intel driver versions which prevents the 
client from attaching to the network if 11ax rates are enabled at all:

https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Jennifer Minella 

Sent: Wednesday, October 9, 2019 6:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs


I don’t believe ClearPass Device Insight shows driver details – I just skimmed 
through endpoint details page and attributes and don’t see it.

At the risk of asking a dumb question, is there a reason not to simply deploy 
the 500-series with backwards compatibility enabled? That would allow you to 
offer a seamless experience for clients in a mixed-PHY-standard environment and 
support current clients on n/ac and even a/b/g etc.



Cheers!

-jj

___

Jennifer Minella, CISSP, HP MASE

VP of Engineering & Security

Carolina Advanced Digital, Inc.

www.cadinc.com

j...@cadinc.com

919.460.1313 Main Office

919.539.2726 Mobile/text

[CAD LOGO EMAIL SIG]





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 7:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs



We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.html&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3D&reserved=0)

We've been notifying clients and were updating drivers until instructed
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models
for a while, so the issues
won't all show right away.

Anyone looked into identifying the machines needing updated through
fingerprinting
(Aruba Insight or Airwave or Clearpass ) ?


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of WIRELESS-LAN automatic digest 
system
Sent: Wednesday, October 9, 2019 15:00
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: WIRELESS-LAN Digest - 8 Oct 2019 to 9 Oct 2019 (#2019-167)



[LISTSERV mailing list 
manager]

[LISTSERV 
15.0]





WIRELESS-LAN Digest - 8 Oct 2019 to 9 Oct 2019 (#2019-167)
Table of contents:

  *   WLC & ISE combo issues (5)
  *   Aruba Wi-Gi 6 APs
  *   [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs (3)
  *   Wi-Fi Design Consulting (3)

  1.  WLC & ISE combo issues
 *   Re: WLC & ISE combo issues (10/09)
From: Mathieu Sturm mailto:mathieu.st...@hogent.be>>
 *   Re: WLC & ISE combo issues (10/09)
From: "Kenny, Eric" mailto:eric_ke...@harvard.edu>>
 *   Re: WLC & ISE combo issues (10

Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Jennifer Minella 
I don't believe ClearPass Device Insight shows driver details - I just skimmed 
through endpoint details page and attributes and don't see it.
At the risk of asking a dumb question, is there a reason not to simply deploy 
the 500-series with backwards compatibility enabled? That would allow you to 
offer a seamless experience for clients in a mixed-PHY-standard environment and 
support current clients on n/ac and even a/b/g etc.

Cheers!
-jj
___
Jennifer Minella, CISSP, HP MASE
VP of Engineering & Security
Carolina Advanced Digital, Inc.
www.cadinc.com
j...@cadinc.com
919.460.1313 Main Office
919.539.2726 Mobile/text
[CAD LOGO EMAIL SIG]


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 7:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.html&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3D&reserved=0)

We've been notifying clients and were updating drivers until instructed
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models
for a while, so the issues
won't all show right away.

Anyone looked into identifying the machines needing updated through
fingerprinting
(Aruba Insight or Airwave or Clearpass ) ?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of WIRELESS-LAN automatic digest 
system
Sent: Wednesday, October 9, 2019 15:00
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: WIRELESS-LAN Digest - 8 Oct 2019 to 9 Oct 2019 (#2019-167)

[LISTSERV mailing list manager]
[LISTSERV 15.0]


WIRELESS-LAN Digest - 8 Oct 2019 to 9 Oct 2019 (#2019-167)
Table of contents:

  *   WLC & ISE combo issues (5)
  *   Aruba Wi-Gi 6 APs
  *   [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs (3)
  *   Wi-Fi Design Consulting (3)

  1.  WLC & ISE combo issues
 *   Re: WLC & ISE combo issues (10/09)
From: Mathieu Sturm mailto:mathieu.st...@hogent.be>>
 *   Re: WLC & ISE combo issues (10/09)
From: "Kenny, Eric" mailto:eric_ke...@harvard.edu>>
 *   Re: WLC & ISE combo issues (10/09)
From: Dennis Xu mailto:d...@uoguelph.ca>>
 *   Re: WLC & ISE combo issues (10/09)
From: Kitri Waterman mailto:wate...@wwu.edu>>
 *   Re: WLC & ISE combo issues (10/09)
From: "Heavrin, Lynn" mailto:lheav...@wustl.edu>>
  2.  Aruba Wi-Gi 6 APs
 *   Re: Aruba Wi-Gi 6 APs (10/09)
From: Michael Davis mailto:da...@udel.edu>>
  3.  [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs
 *   Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 
APs (10/09)
From: "Sweetser, Frank E" mailto:f...@wpi.edu>>
 *   Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 
APs (10/09)
From: Michael Davis mailto:da...@udel.edu>>
 *   Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 
APs (10/09)
From: "Sweetser, Frank E" mailto:f...@wpi.edu>>
  4.  Wi-Fi Design Consulting
 *   Wi-Fi Design Consulting (10/09)
From: "Enfield, Chuck" mailto:cae...@psu.edu>>
 *   Re: Wi-Fi Design Consulting (10/09)
From: Bryan Ward mailto:bryan.w...@dartmouth.edu>>
 *   Re: Wi-Fi Design Consulting (10/09)
From: "Enfield, Chuck" mailto:cae...@psu.edu>>


Browse the WIRELESS-LAN online 
archives.

[Anti-Virus 
Filter][Powered
 by the LISTSERV Email List 
Manager]


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-09 Thread Heavrin, Lynn 
We have the same 5441 messages and we are on 8.5.135.0 and ISE 2.2 patch 12.   
I don’t have any evidence it’s service impacting but it is annoying.   You need 
to upgrade from patch 5 to address some serious bug and vulnerabilities.  Patch 
15 is out.

We also get the 5441 messages on our VPN auth on ISE so it’s not isolated to 
wifi.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Kitri Waterman 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, October 9, 2019 at 10:17 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Mathieu Sturm 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, October 8, 2019 at 11:11 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained

anyway, I think you’re going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[cid:image001.png@01D57EB5.7BF03DA0]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be


**
Replies to EDUCAUSE Community Group emails are sent to the entire com

RE: Wi-Fi Design Consulting

2019-10-09 Thread Enfield, Chuck 
Yes. 😊

Routine demand is pretty low, but we have 5000+ at a few events each year.  The 
aesthetic concerns are relaxed for temporary APs, so the best solution may be a 
mix of permanent APs for coverage and temporary APs for capacity.  We’re 
keeping an open mind.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Bryan Ward
Sent: Wednesday, October 9, 2019 3:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wi-Fi Design Consulting

Permanent or Temporary?

--
Bryan Ward
Network Engineer
Dartmouth College Network Services
603-646-2245
bryan.w...@dartmouth.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, October 9, 2019 2:48 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi Design Consulting

Hi Folks,

We’re interested in providing Wi-Fi coverage for large events on the mall in 
front of our main administrative building.  The campus architects are concerned 
about aesthetics and are looking to hire design firms who can address the total 
system design, including Wi-Fi coverage, radio stealthing, power distribution, 
and network backhaul.  Can anybody recommend any firms that can handle that 
full scope of work?

Any vendors who can provide references from similar jobs should feel free to 
contact me off-list.

Thanks,

Chuck Enfield
Manager, Wireless & Cellular
Penn State IT
119L USB2, UP, PA 16802
Office: 814.863.8715

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Wi-Fi Design Consulting

2019-10-09 Thread Bryan Ward 
Permanent or Temporary?

--
Bryan Ward
Network Engineer
Dartmouth College Network Services
603-646-2245
bryan.w...@dartmouth.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, October 9, 2019 2:48 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi Design Consulting

Hi Folks,

We’re interested in providing Wi-Fi coverage for large events on the mall in 
front of our main administrative building.  The campus architects are concerned 
about aesthetics and are looking to hire design firms who can address the total 
system design, including Wi-Fi coverage, radio stealthing, power distribution, 
and network backhaul.  Can anybody recommend any firms that can handle that 
full scope of work?

Any vendors who can provide references from similar jobs should feel free to 
contact me off-list.

Thanks,

Chuck Enfield
Manager, Wireless & Cellular
Penn State IT
119L USB2, UP, PA 16802
Office: 814.863.8715

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Wi-Fi Design Consulting

2019-10-09 Thread Enfield, Chuck 
Hi Folks,

We’re interested in providing Wi-Fi coverage for large events on the mall in 
front of our main administrative building.  The campus architects are concerned 
about aesthetics and are looking to hire design firms who can address the total 
system design, including Wi-Fi coverage, radio stealthing, power distribution, 
and network backhaul.  Can anybody recommend any firms that can handle that 
full scope of work?

Any vendors who can provide references from similar jobs should feel free to 
contact me off-list.

Thanks,

Chuck Enfield
Manager, Wireless & Cellular
Penn State IT
119L USB2, UP, PA 16802
Office: 814.863.8715

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-09 Thread Kitri Waterman 
8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Mathieu Sturm 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, October 8, 2019 at 11:11 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained

anyway, I think you’re going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire c

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Sweetser, Frank E 
We had to ask SecureW2 to provide the report.  Who knows - if enough of us ask, 
maybe they'll make it a standard one 🙂

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 8:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We do onboard with SecureW2, but only in the past 10 months and it's 
encouraged, not required.

Did you have to request a custom report from SW2 support for this?  I don't see 
that info available
in the standard report templates and they also a 2 month window.


On 10/9/19 8:36 AM, Sweetser, Frank E wrote:
Are you doing any kind of onboarding?  We were able to generate a report of 
driver versions for our client base from SecureW2, for example.

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 
on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 7:57 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 

Subject: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.html&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3D&reserved=0)

We've been notifying clients and were updating drivers until instructed
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models
for a while, so the issues
won't all show right away.

Anyone looked into identifying the machines needing updated through
fingerprinting
(Aruba Insight or Airwave or Clearpass ) ?



On 9/5/19 3:08 PM, Turner, Ryan H wrote:
> We've done a test deployment of Aruba 515s.  There seem to be some driver 
> compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
> connect and see SSIDs just fine in our building with 315s.  When she came to 
> the building with 515s, she saw nothing.  I updated her drivers, and then 
> everything worked.  So just be aware you might see more of that.  We were 
> running 8.503 code (I think).
>
>
> Ryan Turner
> Head of Networking
> The University of North Carolina at Chapel Hill
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
> r...@unc.edu
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
> 
>  On Behalf Of Chris Brizzell
> Sent: Thursday, September 5, 2019 2:45 PM
> To: 
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Aruba Wi-Gi 6 APs
>
> Anyone have any Wi-Fi 6 APs deployed yet, and if so any thoughts either good 
> or bad. I'm looking at swapping out the APs in our dining hall first, since 
> they seem to get the most use.
>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forwar

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-09 Thread Dennis Xu 
Is this a new deployment or do you have more users this year than last year? It 
could be load related. That 5441 error log indicates there are queued RADIUS 
packets at ISE which cannot be processed in timely manner. Try adding ISE 
service node to see if that can help. Also check this link about something to 
be tuned at WLC side: 
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html.

Cheers,

Dennis Xu | Analyst III, Network Infrastructure
Computing and Communications Services (CCS) | University of Guelph
University Centre | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56217 | d...@uoguelph.ca 
www.uoguelph.ca/ccs | twitter.com/ccsnews | facebook.com/CCSUofG


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kenny, Eric
Sent: Wednesday, October 9, 2019 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

Hi Mathieu,

One thing you might want to verify is that the RADIUS timeout values match in 
both the WLCs and in ISE.  If these values differ, you may end up in a 
situation like this where one side gives up and the other side is not aware.
---
Eric Kenny
Network Architect
Harvard University ITS
---

> On Oct 8, 2019, at 2:50 PM, Mathieu Sturm  wrote:
> 
> Hello, since the start of the new academic year we’ve been having some 
> troubles with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is 
> standby), around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 
> 3 radius-only nodes). 
>  
> We have this setup since 2018. There were some problems sometimes but nothing 
> major. Now recently it’s taking a long time for people to get connected. We 
> have around 20k students and 3K staff with peaks to nearly 9K associations.
>  
> The problem is that it is difficult to get connected sometimes. I see the 
> user trying to connect in the WLC’s but don’t see them trying in the ISE’s 
> (it looks like the attempt gets lost somewher).
> I can see the following worrying log message in the wlc:
>  
> RADIUS auth-server X.X.X.X unavailable
>  
> Or
>  
> These logs in the ISE
>  
> 5441 Endpoint started new session while the packet of previous session is 
> being processed. Dropping new session.
> 12930 Supplicant stopped responding to ISE after sending it the first 
> PEAP message
>  
>  
> It looks like there is some sort of bottleneck between WLC and ISE.
>  
> Further information: the identity store is a bunch of Windows Domain 
> Controllers (6 in total).
>  
> Any ideas?  
>  
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> 
> 
> 
> Directie Financiën, Infrastructuur en IT Afdeling Netwerkbeheer Campus 
> Schoonmeerssen - Gebouw B  Lokaal B0.75 Valentin Vaerwyckweg 1 - 9000 
> Gent
> +32 9 243 35 23
> www.hogent.be
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the 
> message, copy and paste their email address and forward the email 
> reply. Additional participation and subscription information can be 
> found at https://www.educause.edu/community
> 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-09 Thread Kenny, Eric 
Hi Mathieu,

One thing you might want to verify is that the RADIUS timeout values match in 
both the WLCs and in ISE.  If these values differ, you may end up in a 
situation like this where one side gives up and the other side is not aware.
--- 
Eric Kenny
Network Architect
Harvard University ITS
---

> On Oct 8, 2019, at 2:50 PM, Mathieu Sturm  wrote:
> 
> Hello, since the start of the new academic year we’ve been having some 
> troubles with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is 
> standby), around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 
> 3 radius-only nodes). 
>  
> We have this setup since 2018. There were some problems sometimes but nothing 
> major. Now recently it’s taking a long time for people to get connected. We 
> have around 20k students and 3K staff with peaks to nearly 9K associations.
>  
> The problem is that it is difficult to get connected sometimes. I see the 
> user trying to connect in the WLC’s but don’t see them trying in the ISE’s 
> (it looks like the attempt gets lost somewher).
> I can see the following worrying log message in the wlc:
>  
> RADIUS auth-server X.X.X.X unavailable
>  
> Or
>  
> These logs in the ISE
>  
> 5441 Endpoint started new session while the packet of previous session is 
> being processed. Dropping new session.
> 12930 Supplicant stopped responding to ISE after sending it the first PEAP 
> message
>  
>  
> It looks like there is some sort of bottleneck between WLC and ISE.
>  
> Further information: the identity store is a bunch of Windows Domain 
> Controllers (6 in total).
>  
> Any ideas?  
>  
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> 
> 
> 
> Directie Financiën, Infrastructuur en IT
> Afdeling Netwerkbeheer
> Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
> Valentin Vaerwyckweg 1 - 9000 Gent
> +32 9 243 35 23
> www.hogent.be
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
> 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Michael Davis 
We do onboard with SecureW2, but only in the past 10 months and it's 
encouraged, not required.


Did you have to request a custom report from SW2 support for this?  I 
don't see that info available

in the standard report templates and they also a 2 month window.


On 10/9/19 8:36 AM, Sweetser, Frank E wrote:
Are you doing any kind of onboarding?  We were able to generate a 
report of driver versions for our client base from SecureW2, for example.


Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and 
wrong." - HL Mencken


*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 


*Sent:* Wednesday, October 9, 2019 7:57 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 


*Subject:* [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs
We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.html&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3D&reserved=0)

We've been notifying clients and were updating drivers until instructed
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models
for a while, so the issues
won't all show right away.

Anyone looked into identifying the machines needing updated through
fingerprinting
(Aruba Insight or Airwave or Clearpass ) ?



On 9/5/19 3:08 PM, Turner, Ryan H wrote:
> We've done a test deployment of Aruba 515s.  There seem to be some 
driver compatibility issues.  We have 2 IT buildings.  I had an 
induvial able to connect and see SSIDs just fine in our building with 
315s.  When she came to the building with 515s, she saw nothing.  I 
updated her drivers, and then everything worked.  So just be aware you 
might see more of that.  We were running 8.503 code (I think).

>
>
> Ryan Turner
> Head of Networking
> The University of North Carolina at Chapel Hill
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
> r...@unc.edu
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Chris Brizzell

> Sent: Thursday, September 5, 2019 2:45 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Aruba Wi-Gi 6 APs
>
> Anyone have any Wi-Fi 6 APs deployed yet, and if so any thoughts 
either good or bad. I'm looking at swapping out the APs in our dining 
hall first, since they seem to get the most use.

>



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Sweetser, Frank E 
Are you doing any kind of onboarding?  We were able to generate a report of 
driver versions for our client base from SecureW2, for example.

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 
Sent: Wednesday, October 9, 2019 7:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [EXT] Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We currently have the Wi-Fi 6 extensions disabled because of the Intel
Driver issues
(https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fsupport%2Farticles%2F54799%2Fnetwork-and-i-o%2Fwireless-networking.html&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=PPsyPwaUPetmfINaNm1FZVxnaI8DN9ydJ%2BA704MhLwM%3D&reserved=0)

We've been notifying clients and were updating drivers until instructed
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models
for a while, so the issues
won't all show right away.

Anyone looked into identifying the machines needing updated through
fingerprinting
(Aruba Insight or Airwave or Clearpass ) ?



On 9/5/19 3:08 PM, Turner, Ryan H wrote:
> We've done a test deployment of Aruba 515s.  There seem to be some driver 
> compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
> connect and see SSIDs just fine in our building with 315s.  When she came to 
> the building with 515s, she saw nothing.  I updated her drivers, and then 
> everything worked.  So just be aware you might see more of that.  We were 
> running 8.503 code (I think).
>
>
> Ryan Turner
> Head of Networking
> The University of North Carolina at Chapel Hill
> +1 919 445 0113 Office
> +1 919 274 7926 Mobile
> r...@unc.edu
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  On Behalf Of Chris Brizzell
> Sent: Thursday, September 5, 2019 2:45 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Aruba Wi-Gi 6 APs
>
> Anyone have any Wi-Fi 6 APs deployed yet, and if so any thoughts either good 
> or bad. I'm looking at swapping out the APs in our dining hall first, since 
> they seem to get the most use.
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=efoZ7Lfjw%2BTUgWe9FEL0LVfpv%2FWhAAIwv9x0lPMmxM8%3D&reserved=0
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393581783&sdata=efoZ7Lfjw%2BTUgWe9FEL0LVfpv%2FWhAAIwv9x0lPMmxM8%3D&reserved=0


--
  Mike Davis
  IT - University of Delaware  - 302.831.8756
  Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cfs%40WPI.EDU%7Cbc693525d46e464edc2308d74cafd52b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637062190393591782&sdata=LNCloiMnGQQajPdDENZGO9U%2Bvk161X9YfoPPrZEUSCY%3D&reserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

2019-10-09 Thread Michael Davis 
We currently have the Wi-Fi 6 extensions disabled because of the Intel 
Driver issues

(https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html)

We've been notifying clients and were updating drivers until instructed 
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines 
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing 
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models 
for a while, so the issues

won't all show right away.

Anyone looked into identifying the machines needing updated through 
fingerprinting

(Aruba Insight or Airwave or Clearpass ) ?



On 9/5/19 3:08 PM, Turner, Ryan H wrote:

We've done a test deployment of Aruba 515s.  There seem to be some driver 
compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
connect and see SSIDs just fine in our building with 315s.  When she came to 
the building with 515s, she saw nothing.  I updated her drivers, and then 
everything worked.  So just be aware you might see more of that.  We were 
running 8.503 code (I think).


Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu



-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Chris Brizzell
Sent: Thursday, September 5, 2019 2:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

Anyone have any Wi-Fi 6 APs deployed yet, and if so any thoughts either good or 
bad. I'm looking at swapping out the APs in our dining hall first, since they 
seem to get the most use.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community