date:20200828

Re: [WIRELESS-LAN] Antenna mounting suggestions

2020-08-28 Thread John Turner

I did this back in the mid 2K time frame. I can tell you it was a disaster.
Mounting AP’s up high causes issues in far away places. We would have users
on the 4 th floor connecting to AP’s mounted on the roof of a building 150’
away.

Second with the trees you are suggesting are there they will suck up the RF
quickly.

Do you have any blue lights on the quad? Those are great locations.
Alternatively at the ground level can you penetrate next to a fire
standpipe or environmental sensor with a patch antenna?

You are going to spend a lot of time and money mounting them on the roof
plus the service issues down the road for limited benefit.



On Fri, Aug 28, 2020 at 5:47 PM Enfield, Chuck  wrote:

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> PS – I also recommend bonding the AP and mount to the main conductor for
> the lightening protection system (LPS).  Without equalizing the potential a
> strike may arc from the grounding conductor of the LPS to your wireless
> gear which (if
>
> you’re doing it right) will have its own ground.  Without bonding you can
> expect very different potentials during a strike, and when that close
> together arcing is likely.
>
>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>
> *On Behalf Of *Enfield, Chuck
>
>
> *Sent:* Friday, August 28, 2020 5:29 PM
>
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>
>
> *Subject:* Re: [WIRELESS-LAN] Antenna mounting suggestions
>
>
>
>
>
>
>
>
>
> The library is an excellent candidate for a non-penetrating roof mount.
> If you google it you’ll find many options.  Don’t get crazy with the size
> or you’ll have to have a structure engineer make sure the roof can handle
> the spot loading.
>
> I did the wind load calculations and I think a 100MPH wind could result in
> 23lb of lateral load on an AP-375, so there’s no need for tons of ballast.
> Also, put a pad of some sort (usually available where you order your mount)
> between the mount and the antenna
>
> to project the roof membrane.
>
>
>
>
>
> For Building 2, if you’re trying to cover that smallish space between the
> buildings I’d definitely recommend wall-mounted panel antennas.  Put the AP
> above the ceiling inside, drill a ¾” hole in the wall, and mount an ant-35
> (or something
>
> similar) flat to the wall outside.  If you paint it to blend in with the
> brick it will almost disappear.
>
>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>
> *On Behalf Of *Brian Helman
>
>
> *Sent:* Friday, August 28, 2020 3:50 PM
>
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>
>
> *Subject:* [WIRELESS-LAN] Antenna mounting suggestions
>
>
>
>
>
>
>
>
>
> Hey everyone:
>
>
>
>
>
> I hope you’re coping with the chaos and enrollment challenges.
>
>
>
>
>
> So we’re rolling out a major wireless upgrade using Aruba gear.  A part of
> this rollout is to provide wireless coverage to a few outdoor spaces.  One
> of these spaces is a quad flanked by 2 relatively tall buildings (about 6
> stories).  One
>
> of those buildings has a flat roof with no knee wall or parapet.  The
> other has a parapet that has glass on the outside.  Both are
> rubber-membrane roofs, so mechanical attachment isn’t going to fly.  The
> building with the parapet only has about a 6’ clearance
>
> between the wall and solar panels, so I only have about 2’ to work with.
>
>
>
>
>
> Building 1:
>
>
> Flat roof
>
>
> Rubber membrane
>
>
> Roof has a minimal lip before you drop 6 stories
>
>
> Has a penthouse that is recessed from the side of the building that I can
> put electronics on/in
>
>
>
>
>
> Building 2:
>
>
> Library
>
>
> Flat roof
>
>
> Rubber membrane
>
>
> ~40” knee wall/parapet
>
>
> Rubber membrane goes almost to top of knee wall, then is capped with lead
> and a lightning ground
>
>
> Outside of wall is glass
>
>
>
>
>
> Our basic philosophy here is to separate the access points and antennas
> (ie use external antennas).  We can’t attach anything to the face of the
> Library (Building 2) because of the glass and I don’t really want to have
> to maintain electronics
>
> over the edge of a building anyway.  So, how are people installing
> antennas on roofs pointed down to cover quads 60+’ below?  I’ll figure out
> where to  put the AP’s and dress in the cables.
>
>
>
>
>
> Mounting at ground-level isn’t going to work.  There is too much sidewalk
> and landscaping that would have to be disrupted.  It’d be a budget-buster.
>
>
>
>
>
> Again, physically attaching anything isn’t going to be acceptable and in
> Building 2’s (Library) case, a large weighted sled will encroach on the
> service area for the solar panels.  There will be several antennae on each
> roof.
>
>
>
>
>
> Here are photos.  The photo of Building 1 is a few years old.  The angle
> with the rocks isn’t the side of the building I’m putting the antennae.
> You can see that in the 2nd photo.  I just included the 1st photo because
>
> it

RE: Antenna mounting suggestions

2020-08-28 Thread Enfield, Chuck

PS - I also recommend bonding the AP and mount to the main conductor for the 
lightening protection system (LPS).  Without equalizing the potential a strike 
may arc from the grounding conductor of the LPS to your wireless gear which (if 
you're doing it right) will have its own ground.  Without bonding you can 
expect very different potentials during a strike, and when that close together 
arcing is likely.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Friday, August 28, 2020 5:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Antenna mounting suggestions

The library is an excellent candidate for a non-penetrating roof mount.  If you 
google it you'll find many options.  Don't get crazy with the size or you'll 
have to have a structure engineer make sure the roof can handle the spot 
loading.  I did the wind load calculations and I think a 100MPH wind could 
result in 23lb of lateral load on an AP-375, so there's no need for tons of 
ballast.  Also, put a pad of some sort (usually available where you order your 
mount) between the mount and the antenna to project the roof membrane.

For Building 2, if you're trying to cover that smallish space between the 
buildings I'd definitely recommend wall-mounted panel antennas.  Put the AP 
above the ceiling inside, drill a ¾" hole in the wall, and mount an ant-35 (or 
something similar) flat to the wall outside.  If you paint it to blend in with 
the brick it will almost disappear.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Brian Helman
Sent: Friday, August 28, 2020 3:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Antenna mounting suggestions

Hey everyone:

I hope you're coping with the chaos and enrollment challenges.

So we're rolling out a major wireless upgrade using Aruba gear.  A part of this 
rollout is to provide wireless coverage to a few outdoor spaces.  One of these 
spaces is a quad flanked by 2 relatively tall buildings (about 6 stories).  One 
of those buildings has a flat roof with no knee wall or parapet.  The other has 
a parapet that has glass on the outside.  Both are rubber-membrane roofs, so 
mechanical attachment isn't going to fly.  The building with the parapet only 
has about a 6' clearance between the wall and solar panels, so I only have 
about 2' to work with.

Building 1:
Flat roof
Rubber membrane
Roof has a minimal lip before you drop 6 stories
Has a penthouse that is recessed from the side of the building that I can put 
electronics on/in

Building 2:
Library
Flat roof
Rubber membrane
~40" knee wall/parapet
Rubber membrane goes almost to top of knee wall, then is capped with lead and a 
lightning ground
Outside of wall is glass

Our basic philosophy here is to separate the access points and antennas (ie use 
external antennas).  We can't attach anything to the face of the Library 
(Building 2) because of the glass and I don't really want to have to maintain 
electronics over the edge of a building anyway.  So, how are people installing 
antennas on roofs pointed down to cover quads 60+' below?  I'll figure out 
where to  put the AP's and dress in the cables.

Mounting at ground-level isn't going to work.  There is too much sidewalk and 
landscaping that would have to be disrupted.  It'd be a budget-buster.

Again, physically attaching anything isn't going to be acceptable and in 
Building 2's (Library) case, a large weighted sled will encroach on the service 
area for the solar panels.  There will be several antennae on each roof.

Here are photos.  The photo of Building 1 is a few years old.  The angle with 
the rocks isn't the side of the building I'm putting the antennae.  You can see 
that in the 2nd photo.  I just included the 1st photo because it's a better 
view of the roof:



VENDORS:  I'm already working with Aruba and an integrator.  If you have 
mounting suggestions, please let me know, but there is no sales opportunity 
here.

Thanks,
Brian


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subs

RE: Antenna mounting suggestions

2020-08-28 Thread Enfield, Chuck

The library is an excellent candidate for a non-penetrating roof mount.  If you 
google it you'll find many options.  Don't get crazy with the size or you'll 
have to have a structure engineer make sure the roof can handle the spot 
loading.  I did the wind load calculations and I think a 100MPH wind could 
result in 23lb of lateral load on an AP-375, so there's no need for tons of 
ballast.  Also, put a pad of some sort (usually available where you order your 
mount) between the mount and the antenna to project the roof membrane.

For Building 2, if you're trying to cover that smallish space between the 
buildings I'd definitely recommend wall-mounted panel antennas.  Put the AP 
above the ceiling inside, drill a ¾" hole in the wall, and mount an ant-35 (or 
something similar) flat to the wall outside.  If you paint it to blend in with 
the brick it will almost disappear.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Brian Helman
Sent: Friday, August 28, 2020 3:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Antenna mounting suggestions

Hey everyone:

I hope you're coping with the chaos and enrollment challenges.

So we're rolling out a major wireless upgrade using Aruba gear.  A part of this 
rollout is to provide wireless coverage to a few outdoor spaces.  One of these 
spaces is a quad flanked by 2 relatively tall buildings (about 6 stories).  One 
of those buildings has a flat roof with no knee wall or parapet.  The other has 
a parapet that has glass on the outside.  Both are rubber-membrane roofs, so 
mechanical attachment isn't going to fly.  The building with the parapet only 
has about a 6' clearance between the wall and solar panels, so I only have 
about 2' to work with.

Building 1:
Flat roof
Rubber membrane
Roof has a minimal lip before you drop 6 stories
Has a penthouse that is recessed from the side of the building that I can put 
electronics on/in

Building 2:
Library
Flat roof
Rubber membrane
~40" knee wall/parapet
Rubber membrane goes almost to top of knee wall, then is capped with lead and a 
lightning ground
Outside of wall is glass

Our basic philosophy here is to separate the access points and antennas (ie use 
external antennas).  We can't attach anything to the face of the Library 
(Building 2) because of the glass and I don't really want to have to maintain 
electronics over the edge of a building anyway.  So, how are people installing 
antennas on roofs pointed down to cover quads 60+' below?  I'll figure out 
where to  put the AP's and dress in the cables.

Mounting at ground-level isn't going to work.  There is too much sidewalk and 
landscaping that would have to be disrupted.  It'd be a budget-buster.

Again, physically attaching anything isn't going to be acceptable and in 
Building 2's (Library) case, a large weighted sled will encroach on the service 
area for the solar panels.  There will be several antennae on each roof.

Here are photos.  The photo of Building 1 is a few years old.  The angle with 
the rocks isn't the side of the building I'm putting the antennae.  You can see 
that in the 2nd photo.  I just included the 1st photo because it's a better 
view of the roof:



VENDORS:  I'm already working with Aruba and an integrator.  If you have 
mounting suggestions, please let me know, but there is no sales opportunity 
here.

Thanks,
Brian


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [EXTERNAL] Re: [WIRELESS-LAN] Antenna mounting suggestions

2020-08-28 Thread Brian Helman

I have a tree line to deal with around the perimeter of the quad, so I’d have 
to be 20’ up.  Once a ladder is no longer practical, I have to go to the roof.

-Brian

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Ricardo Stella
Sent: Friday, August 28, 2020 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Antenna mounting suggestions

CAUTION: This email originated from outside of Salem State University. Do not 
click links or open attachments unless you recognize the sender and know the 
content is safe.

We went with outdoor APs but wall-mounted at about 10'-12' high. Depending on 
locations, we used either AP-365 with short arm mount brackets that extend out 
(AP hangs horizontally), or AP-367 mounted flat against the wall or with a 
slight incline down (we had to get the adjustable brackets cause the regular 
ones were out of stock).

These are smaller than the buckets 27x or 37x series. We are still not at 8x so 
can't use the 37x. And we did take advantage of the buy 3 get 2 free promotion 
- Since they all have to be the same type, we got 5 of each.

Since these tents get temporary power, another option was to run data to them 
and mount the APs inside the tents or on temporary poles - like it's done at 
conventions. But this way, the installation is permanent and the outdoor area 
will get coverage in the future regardless.

On Fri, Aug 28, 2020 at 3:51 PM Brian Helman 
mailto:bhel...@salemstate.edu>> wrote:
Hey everyone:

I hope you’re coping with the chaos and enrollment challenges.

So we’re rolling out a major wireless upgrade using Aruba gear.  A part of this 
rollout is to provide wireless coverage to a few outdoor spaces.  One of these 
spaces is a quad flanked by 2 relatively tall buildings (about 6 stories).  One 
of those buildings has a flat roof with no knee wall or parapet.  The other has 
a parapet that has glass on the outside.  Both are rubber-membrane roofs, so 
mechanical attachment isn’t going to fly.  The building with the parapet only 
has about a 6’ clearance between the wall and solar panels, so I only have 
about 2’ to work with.

Building 1:
Flat roof
Rubber membrane
Roof has a minimal lip before you drop 6 stories
Has a penthouse that is recessed from the side of the building that I can put 
electronics on/in

Building 2:
Library
Flat roof
Rubber membrane
~40” knee wall/parapet
Rubber membrane goes almost to top of knee wall, then is capped with lead and a 
lightning ground
Outside of wall is glass

Our basic philosophy here is to separate the access points and antennas (ie use 
external antennas).  We can’t attach anything to the face of the Library 
(Building 2) because of the glass and I don’t really want to have to maintain 
electronics over the edge of a building anyway.  So, how are people installing 
antennas on roofs pointed down to cover quads 60+’ below?  I’ll figure out 
where to  put the AP’s and dress in the cables.

Mounting at ground-level isn’t going to work.  There is too much sidewalk and 
landscaping that would have to be disrupted.  It’d be a budget-buster.

Again, physically attaching anything isn’t going to be acceptable and in 
Building 2’s (Library) case, a large weighted sled will encroach on the service 
area for the solar panels.  There will be several antennae on each roof.

Here are photos.  The photo of Building 1 is a few years old.  The angle with 
the rocks isn’t the side of the building I’m putting the antennae.  You can see 
that in the 2nd photo.  I just included the 1st photo because it’s a better 
view of the roof:

VENDORS:  I’m already working with Aruba and an integrator.  If you have 
mounting suggestions, please let me know, but there is no sales opportunity 
here.

Thanks,
Brian

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

--
°(((=((===°°°(((

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

RE: Antenna mounting suggestions

2020-08-28 Thread Floyd, Brad

Brian,
Take a look at this base. It's 25.5" x 37.5". The URL is: 
https://www.solidsignal.com/pview.asp?p=NP-6000
Thanks,
Brad

From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of 
owner-wireless-...@listserv.educause.edu
Sent: Friday, August 28, 2020 2:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [POSSIBLE FORGED] [WIRELESS-LAN] Antenna mounting suggestions

[EXTERNAL SENDER]
Hey everyone:

I hope you're coping with the chaos and enrollment challenges.

So we're rolling out a major wireless upgrade using Aruba gear.  A part of this 
rollout is to provide wireless coverage to a few outdoor spaces.  One of these 
spaces is a quad flanked by 2 relatively tall buildings (about 6 stories).  One 
of those buildings has a flat roof with no knee wall or parapet.  The other has 
a parapet that has glass on the outside.  Both are rubber-membrane roofs, so 
mechanical attachment isn't going to fly.  The building with the parapet only 
has about a 6' clearance between the wall and solar panels, so I only have 
about 2' to work with.

Building 1:
Flat roof
Rubber membrane
Roof has a minimal lip before you drop 6 stories
Has a penthouse that is recessed from the side of the building that I can put 
electronics on/in

Building 2:
Library
Flat roof
Rubber membrane
~40" knee wall/parapet
Rubber membrane goes almost to top of knee wall, then is capped with lead and a 
lightning ground
Outside of wall is glass

Our basic philosophy here is to separate the access points and antennas (ie use 
external antennas).  We can't attach anything to the face of the Library 
(Building 2) because of the glass and I don't really want to have to maintain 
electronics over the edge of a building anyway.  So, how are people installing 
antennas on roofs pointed down to cover quads 60+' below?  I'll figure out 
where to  put the AP's and dress in the cables.

Mounting at ground-level isn't going to work.  There is too much sidewalk and 
landscaping that would have to be disrupted.  It'd be a budget-buster.

Again, physically attaching anything isn't going to be acceptable and in 
Building 2's (Library) case, a large weighted sled will encroach on the service 
area for the solar panels.  There will be several antennae on each roof.

Here are photos.  The photo of Building 1 is a few years old.  The angle with 
the rocks isn't the side of the building I'm putting the antennae.  You can see 
that in the 2nd photo.  I just included the 1st photo because it's a better 
view of the roof:



VENDORS:  I'm already working with Aruba and an integrator.  If you have 
mounting suggestions, please let me know, but there is no sales opportunity 
here.

Thanks,
Brian


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Antenna mounting suggestions

2020-08-28 Thread Ricardo Stella

We went with outdoor APs but wall-mounted at about 10'-12' high. Depending
on locations, we used either AP-365 with short arm mount brackets that
extend out (AP hangs horizontally), or AP-367 mounted flat against the wall
or with a slight incline down (we had to get the adjustable brackets cause
the regular ones were out of stock).

These are smaller than the buckets 27x or 37x series. We are still not at
8x so can't use the 37x. And we did take advantage of the buy 3 get 2 free
promotion - Since they all have to be the same type, we got 5 of each.

Since these tents get temporary power, another option was to run data to
them and mount the APs inside the tents or on temporary poles - like it's
done at conventions. But this way, the installation is permanent and the
outdoor area will get coverage in the future regardless.



On Fri, Aug 28, 2020 at 3:51 PM Brian Helman  wrote:

> Hey everyone:
>
>
>
> I hope you’re coping with the chaos and enrollment challenges.
>
>
>
> So we’re rolling out a major wireless upgrade using Aruba gear.  A part of
> this rollout is to provide wireless coverage to a few outdoor spaces.  One
> of these spaces is a quad flanked by 2 relatively tall buildings (about 6
> stories).  One of those buildings has a flat roof with no knee wall or
> parapet.  The other has a parapet that has glass on the outside.  Both are
> rubber-membrane roofs, so mechanical attachment isn’t going to fly.  The
> building with the parapet only has about a 6’ clearance between the wall
> and solar panels, so I only have about 2’ to work with.
>
>
>
> Building 1:
>
> Flat roof
>
> Rubber membrane
>
> Roof has a minimal lip before you drop 6 stories
>
> Has a penthouse that is recessed from the side of the building that I can
> put electronics on/in
>
>
>
> Building 2:
>
> Library
>
> Flat roof
>
> Rubber membrane
>
> ~40” knee wall/parapet
>
> Rubber membrane goes almost to top of knee wall, then is capped with lead
> and a lightning ground
>
> Outside of wall is glass
>
>
>
> Our basic philosophy here is to separate the access points and antennas
> (ie use external antennas).  We can’t attach anything to the face of the
> Library (Building 2) because of the glass and I don’t really want to have
> to maintain electronics over the edge of a building anyway.  So, how are
> people installing antennas on roofs pointed down to cover quads 60+’
> below?  I’ll figure out where to  put the AP’s and dress in the cables.
>
>
>
> Mounting at ground-level isn’t going to work.  There is too much sidewalk
> and landscaping that would have to be disrupted.  It’d be a budget-buster.
>
>
>
> Again, physically attaching anything isn’t going to be acceptable and in
> Building 2’s (Library) case, a large weighted sled will encroach on the
> service area for the solar panels.  There will be several antennae on each
> roof.
>
>
>
> Here are photos.  The photo of Building 1 is a few years old.  The angle
> with the rocks isn’t the side of the building I’m putting the antennae.
> You can see that in the 2nd photo.  I just included the 1st photo because
> it’s a better view of the roof:
>
>
>
>
>
>
>
> VENDORS:  I’m already working with Aruba and an integrator.  If you have
> mounting suggestions, please let me know, but there is no sales opportunity
> here.
>
>
>
> Thanks,
>
> Brian
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>


-- 
°(((=((===°°°(((

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Nadim El-Khoury

Hi Norman,

Thank you for your input and direction.

Best,

Nadim

On Fri, Aug 28, 2020 at 10:49 AM Norman Elton  wrote:

> Ahh yep ... we use EAP-TLS, but continue to advertise an open SSID for
> onboarding (we use SecureW2), and for devices that do not support
> EAP-TLS.
>
> By default, users are required to use eduroam. Students can
> self-enroll their devices (gaming consoles, etc) onto the open SSID.
> Some inevitably self-enroll their laptops for various reasons. But
> getting everyone connected to eduroam while on campus streamlines
> their experience when they travel to another institution.
>
> Norman
>
> On Fri, Aug 28, 2020 at 10:38 AM Tim Cappalli
> <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > Yes, EAP-TLS, EAP-TTLS and PEAPv0/EAP-MSCHAPv2 are the common three EAP
> methods deployed, with TEAP becoming more popular.
> >
> > Great care should be taken when using a legacy method like PEAPv0 with
> user credentials. Ensure the device is under management and the user cannot
> modify the supplicant configuration (same with EAP-TTLS/PAP or
> EAP-TTLS/MSCHAPv2).
> >
> > Ideally these devices should just use what the rest of your students,
> faculty and staff are using.
> >
> > tim
> > 
> > From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Nadim El-Khoury <
> nel-kho...@springfield.edu>
> > Sent: Friday, August 28, 2020 10:35
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> > Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
> >
> > Hi Tim,
> >
> > Thank you for the information and advice.
> > Maybe use EAP-TLS or PEAP with EAP-TLS as the inner authentication
> method.
> > Do you think that would work?
> > Has anyone done that with Freeradius and eduroam?
> >
> > Best,
> >
> > Nadim
> >
> > On Fri, Aug 28, 2020 at 9:57 AM Tim Cappalli <
> 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > eduroam is an 802.1X network. You need to use an EAP-based
> authentication method. MAC address can only be used as authorization
> context (but really shouldn't be).
> >
> > Tim
> > 
> > From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Nadim El-Khoury <
> nel-kho...@springfield.edu>
> > Sent: Friday, August 28, 2020 9:52:08 AM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> > Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
> >
> > Hi Norman,
> >
> > Let me better explain what we trying to do.
> > We used to have an open hidden SSID using a WEP key to connect loaner
> laptops (Windows, Macs), iPads, and Chromebooks.
> > We upgraded our wireless network to MIST and we decided to only
> advertise eduroam.
> > We want to connect the above devices to eduroam using Mac address
> authentication, and it is not working.
> >
> > Best,
> >
> > Nadim
> >
> > On Thu, Aug 27, 2020 at 9:38 PM Norman Elton 
> wrote:
> >
> > Do you mean authenticate non-802.1x clients based on MAC address? Yes.
> > It works fine. We have an Open Access SSID, with "MAC address
> > authentication by RADIUS lookup". We provide our RADIUS server IP &
> > secret. Our FreeRADIUS server takes the request and responds with an
> > Accept/Reject, and the following attributes:
> >
> > Tunnel-Type = "GRE"
> > Tunnel-Medium-Type = "IP"
> > Tunnel-Private-Group-ID = 
> >
> > I don't remember any specific challenges, but if you can post what's
> > not working, I'm happy to help. And/or jump on a call and compare
> > experience with Mist.
> >
> > Norman
> >
> > On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
> >  wrote:
> > >
> > > Hi Everyone,
> > >
> > > Has anyone been able to get MAC authentication bypass to work properly
> with FreeRadius and MIST Wireless?
> > >
> > > Best,
> > >
> > > Nadim
> > >
> > > **
> > > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> >
> > *

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Nadim El-Khoury

Hi Tim,

Thank you for the information. It is very helpful.

Best,

Nadim

On Fri, Aug 28, 2020 at 10:38 AM Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:

> Yes, EAP-TLS, EAP-TTLS and PEAPv0/EAP-MSCHAPv2 are the common three EAP
> methods deployed, with TEAP becoming more popular.
>
> Great care should be taken when using a legacy method like PEAPv0 with
> user credentials. Ensure the device is under management and the user cannot
> modify the supplicant configuration (same with EAP-TTLS/PAP or
> EAP-TTLS/MSCHAPv2).
>
> Ideally these devices should just use what the rest of your students,
> faculty and staff are using.
>
> tim
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Nadim El-Khoury <
> nel-kho...@springfield.edu>
> *Sent:* Friday, August 28, 2020 10:35
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
>
> Hi Tim,
>
> Thank you for the information and advice.
> Maybe use EAP-TLS or PEAP with EAP-TLS as the inner authentication method.
> Do you think that would work?
> Has anyone done that with Freeradius and eduroam?
>
> Best,
>
> Nadim
>
> On Fri, Aug 28, 2020 at 9:57 AM Tim Cappalli <
> 0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
>
> eduroam is an 802.1X network. You need to use an EAP-based authentication
> method. MAC address can only be used as authorization context (but really
> shouldn't be).
>
> Tim
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Nadim El-Khoury <
> nel-kho...@springfield.edu>
> *Sent:* Friday, August 28, 2020 9:52:08 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
>
> Hi Norman,
>
> Let me better explain what we trying to do.
> We used to have an open hidden SSID using a WEP key to connect loaner
> laptops (Windows, Macs), iPads, and Chromebooks.
> We upgraded our wireless network to MIST and we decided to only advertise
> eduroam.
> We want to connect the above devices to eduroam using Mac address
> authentication, and it is not working.
>
> Best,
>
> Nadim
>
> On Thu, Aug 27, 2020 at 9:38 PM Norman Elton  wrote:
>
> Do you mean authenticate non-802.1x clients based on MAC address? Yes.
> It works fine. We have an Open Access SSID, with "MAC address
> authentication by RADIUS lookup". We provide our RADIUS server IP &
> secret. Our FreeRADIUS server takes the request and responds with an
> Accept/Reject, and the following attributes:
>
> Tunnel-Type = "GRE"
> Tunnel-Medium-Type = "IP"
> Tunnel-Private-Group-ID = 
>
> I don't remember any specific challenges, but if you can post what's
> not working, I'm happy to help. And/or jump on a call and compare
> experience with Mist.
>
> Norman
>
> On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
>  wrote:
> >
> > Hi Everyone,
> >
> > Has anyone been able to get MAC authentication bypass to work properly
> with FreeRadius and MIST Wireless?
> >
> > Best,
> >
> > Nadim
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Norman Elton

Ahh yep ... we use EAP-TLS, but continue to advertise an open SSID for
onboarding (we use SecureW2), and for devices that do not support
EAP-TLS.

By default, users are required to use eduroam. Students can
self-enroll their devices (gaming consoles, etc) onto the open SSID.
Some inevitably self-enroll their laptops for various reasons. But
getting everyone connected to eduroam while on campus streamlines
their experience when they travel to another institution.

Norman

On Fri, Aug 28, 2020 at 10:38 AM Tim Cappalli
<0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
>
> Yes, EAP-TLS, EAP-TTLS and PEAPv0/EAP-MSCHAPv2 are the common three EAP 
> methods deployed, with TEAP becoming more popular.
>
> Great care should be taken when using a legacy method like PEAPv0 with user 
> credentials. Ensure the device is under management and the user cannot modify 
> the supplicant configuration (same with EAP-TTLS/PAP or EAP-TTLS/MSCHAPv2).
>
> Ideally these devices should just use what the rest of your students, faculty 
> and staff are using.
>
> tim
> 
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Nadim El-Khoury 
> 
> Sent: Friday, August 28, 2020 10:35
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
>
> Hi Tim,
>
> Thank you for the information and advice.
> Maybe use EAP-TLS or PEAP with EAP-TLS as the inner authentication method.
> Do you think that would work?
> Has anyone done that with Freeradius and eduroam?
>
> Best,
>
> Nadim
>
> On Fri, Aug 28, 2020 at 9:57 AM Tim Cappalli 
> <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:
>
> eduroam is an 802.1X network. You need to use an EAP-based authentication 
> method. MAC address can only be used as authorization context (but really 
> shouldn't be).
>
> Tim
> 
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of Nadim El-Khoury 
> 
> Sent: Friday, August 28, 2020 9:52:08 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
>
> Hi Norman,
>
> Let me better explain what we trying to do.
> We used to have an open hidden SSID using a WEP key to connect loaner laptops 
> (Windows, Macs), iPads, and Chromebooks.
> We upgraded our wireless network to MIST and we decided to only advertise 
> eduroam.
> We want to connect the above devices to eduroam using Mac address 
> authentication, and it is not working.
>
> Best,
>
> Nadim
>
> On Thu, Aug 27, 2020 at 9:38 PM Norman Elton  wrote:
>
> Do you mean authenticate non-802.1x clients based on MAC address? Yes.
> It works fine. We have an Open Access SSID, with "MAC address
> authentication by RADIUS lookup". We provide our RADIUS server IP &
> secret. Our FreeRADIUS server takes the request and responds with an
> Accept/Reject, and the following attributes:
>
> Tunnel-Type = "GRE"
> Tunnel-Medium-Type = "IP"
> Tunnel-Private-Group-ID = 
>
> I don't remember any specific challenges, but if you can post what's
> not working, I'm happy to help. And/or jump on a call and compare
> experience with Mist.
>
> Norman
>
> On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
>  wrote:
> >
> > Hi Everyone,
> >
> > Has anyone been able to get MAC authentication bypass to work properly with 
> > FreeRadius and MIST Wireless?
> >
> > Best,
> >
> > Nadim
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire community 
> > list. If you want to reply only to the person who sent the message, copy 
> > and paste their email address and forward the email reply. Additional 
> > participation and subscription information can be found at 
> > https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, co

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Tim Cappalli

Yes, EAP-TLS, EAP-TTLS and PEAPv0/EAP-MSCHAPv2 are the common three EAP methods 
deployed, with TEAP becoming more popular.

Great care should be taken when using a legacy method like PEAPv0 with user 
credentials. Ensure the device is under management and the user cannot modify 
the supplicant configuration (same with EAP-TTLS/PAP or EAP-TTLS/MSCHAPv2).

Ideally these devices should just use what the rest of your students, faculty 
and staff are using.

tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Nadim El-Khoury 

Sent: Friday, August 28, 2020 10:35
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Hi Tim,

Thank you for the information and advice.
Maybe use EAP-TLS or PEAP with EAP-TLS as the inner authentication method.
Do you think that would work?
Has anyone done that with Freeradius and eduroam?

Best,

Nadim

On Fri, Aug 28, 2020 at 9:57 AM Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:
eduroam is an 802.1X network. You need to use an EAP-based authentication 
method. MAC address can only be used as authorization context (but really 
shouldn't be).

Tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Nadim El-Khoury 
mailto:nel-kho...@springfield.edu>>
Sent: Friday, August 28, 2020 9:52:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Hi Norman,

Let me better explain what we trying to do.
We used to have an open hidden SSID using a WEP key to connect loaner laptops 
(Windows, Macs), iPads, and Chromebooks.
We upgraded our wireless network to MIST and we decided to only advertise 
eduroam.
We want to connect the above devices to eduroam using Mac address 
authentication, and it is not working.

Best,

Nadim

On Thu, Aug 27, 2020 at 9:38 PM Norman Elton 
mailto:normel...@gmail.com>> wrote:
Do you mean authenticate non-802.1x clients based on MAC address? Yes.
It works fine. We have an Open Access SSID, with "MAC address
authentication by RADIUS lookup". We provide our RADIUS server IP &
secret. Our FreeRADIUS server takes the request and responds with an
Accept/Reject, and the following attributes:

Tunnel-Type = "GRE"
Tunnel-Medium-Type = "IP"
Tunnel-Private-Group-ID = 

I don't remember any specific challenges, but if you can post what's
not working, I'm happy to help. And/or jump on a call and compare
experience with Mist.

Norman

On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
mailto:nel-kho...@springfield.edu>> wrote:
>
> Hi Everyone,
>
> Has anyone been able to get MAC authentication bypass to work properly with 
> FreeRadius and MIST Wireless?
>
> Best,
>
> Nadim
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire communit

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Nadim El-Khoury

Hi Tim,

Thank you for the information and advice.
Maybe use EAP-TLS or PEAP with EAP-TLS as the inner authentication method.
Do you think that would work?
Has anyone done that with Freeradius and eduroam?

Best,

Nadim

On Fri, Aug 28, 2020 at 9:57 AM Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:

> eduroam is an 802.1X network. You need to use an EAP-based authentication
> method. MAC address can only be used as authorization context (but really
> shouldn't be).
>
> Tim
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Nadim El-Khoury <
> nel-kho...@springfield.edu>
> *Sent:* Friday, August 28, 2020 9:52:08 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius
>
> Hi Norman,
>
> Let me better explain what we trying to do.
> We used to have an open hidden SSID using a WEP key to connect loaner
> laptops (Windows, Macs), iPads, and Chromebooks.
> We upgraded our wireless network to MIST and we decided to only advertise
> eduroam.
> We want to connect the above devices to eduroam using Mac address
> authentication, and it is not working.
>
> Best,
>
> Nadim
>
> On Thu, Aug 27, 2020 at 9:38 PM Norman Elton  wrote:
>
> Do you mean authenticate non-802.1x clients based on MAC address? Yes.
> It works fine. We have an Open Access SSID, with "MAC address
> authentication by RADIUS lookup". We provide our RADIUS server IP &
> secret. Our FreeRADIUS server takes the request and responds with an
> Accept/Reject, and the following attributes:
>
> Tunnel-Type = "GRE"
> Tunnel-Medium-Type = "IP"
> Tunnel-Private-Group-ID = 
>
> I don't remember any specific challenges, but if you can post what's
> not working, I'm happy to help. And/or jump on a call and compare
> experience with Mist.
>
> Norman
>
> On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
>  wrote:
> >
> > Hi Everyone,
> >
> > Has anyone been able to get MAC authentication bypass to work properly
> with FreeRadius and MIST Wireless?
> >
> > Best,
> >
> > Nadim
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Tim Cappalli

eduroam is an 802.1X network. You need to use an EAP-based authentication 
method. MAC address can only be used as authorization context (but really 
shouldn't be).

Tim

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Nadim El-Khoury 

Sent: Friday, August 28, 2020 9:52:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Hi Norman,

Let me better explain what we trying to do.
We used to have an open hidden SSID using a WEP key to connect loaner laptops 
(Windows, Macs), iPads, and Chromebooks.
We upgraded our wireless network to MIST and we decided to only advertise 
eduroam.
We want to connect the above devices to eduroam using Mac address 
authentication, and it is not working.

Best,

Nadim

On Thu, Aug 27, 2020 at 9:38 PM Norman Elton 
mailto:normel...@gmail.com>> wrote:
Do you mean authenticate non-802.1x clients based on MAC address? Yes.
It works fine. We have an Open Access SSID, with "MAC address
authentication by RADIUS lookup". We provide our RADIUS server IP &
secret. Our FreeRADIUS server takes the request and responds with an
Accept/Reject, and the following attributes:

Tunnel-Type = "GRE"
Tunnel-Medium-Type = "IP"
Tunnel-Private-Group-ID = 

I don't remember any specific challenges, but if you can post what's
not working, I'm happy to help. And/or jump on a call and compare
experience with Mist.

Norman

On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
mailto:nel-kho...@springfield.edu>> wrote:
>
> Hi Everyone,
>
> Has anyone been able to get MAC authentication bypass to work properly with 
> FreeRadius and MIST Wireless?
>
> Best,
>
> Nadim
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

2020-08-28 Thread Nadim El-Khoury

Hi Norman,

Let me better explain what we trying to do.
We used to have an open hidden SSID using a WEP key to connect loaner
laptops (Windows, Macs), iPads, and Chromebooks.
We upgraded our wireless network to MIST and we decided to only advertise
eduroam.
We want to connect the above devices to eduroam using Mac address
authentication, and it is not working.

Best,

Nadim

On Thu, Aug 27, 2020 at 9:38 PM Norman Elton  wrote:

> Do you mean authenticate non-802.1x clients based on MAC address? Yes.
> It works fine. We have an Open Access SSID, with "MAC address
> authentication by RADIUS lookup". We provide our RADIUS server IP &
> secret. Our FreeRADIUS server takes the request and responds with an
> Accept/Reject, and the following attributes:
>
> Tunnel-Type = "GRE"
> Tunnel-Medium-Type = "IP"
> Tunnel-Private-Group-ID = 
>
> I don't remember any specific challenges, but if you can post what's
> not working, I'm happy to help. And/or jump on a call and compare
> experience with Mist.
>
> Norman
>
> On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury
>  wrote:
> >
> > Hi Everyone,
> >
> > Has anyone been able to get MAC authentication bypass to work properly
> with FreeRadius and MIST Wireless?
> >
> > Best,
> >
> > Nadim
> >
> > **
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: WLC 8.10.122 Bug

2020-08-28 Thread Rios, Hector J

Bug ID CSCvu67048 has a much better explanation of the problem than the one I 
mentioned. It's disappointing they don't list it in the release notes of either 
8.10MR2 or MR3. Thank you for sharing!

Hector Rios, Wireless Network Architect
The University of Texas at Austin



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mathieu Sturm
Sent: Friday, August 28, 2020 6:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 8.10.122 Bug

We are experiencing CSCvu67048 and are upgrading to 8.10.130. Also on version 
8.10.122 is this bug CSCvu24770

8.10.122 should be avoided.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be




Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Rios, Hector J
Verzonden: donderdag 27 augustus 2020 18:43
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] WLC 8.10.122 Bug

For those of you on or considering 8.10., be aware of this bug:


CSCvt38486:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt38486

This was actually brought up a couple of months ago on subject "WLC 8.10.121 
Deferred". We did experience the issue with Windows clients. And testing on 
8.10.130 looks to resolve the problem.

Thanks,

Hector Rios, Wireless Network Architect
The University of Texas at Austin


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

This message is from an external sender. Learn more about why this 
matters.


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: WLC 8.10.122 Bug

2020-08-28 Thread Mathieu Sturm

We are experiencing CSCvu67048 and are upgrading to 8.10.130. Also on version 
8.10.122 is this bug CSCvu24770

8.10.122 should be avoided.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be




Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Rios, Hector J
Verzonden: donderdag 27 augustus 2020 18:43
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] WLC 8.10.122 Bug

For those of you on or considering 8.10., be aware of this bug:


CSCvt38486:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt38486

This was actually brought up a couple of months ago on subject "WLC 8.10.121 
Deferred". We did experience the issue with Windows clients. And testing on 
8.10.130 looks to resolve the problem.

Thanks,

Hector Rios, Wireless Network Architect
The University of Texas at Austin


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Antenna mounting suggestions

RE: Antenna mounting suggestions

RE: Antenna mounting suggestions

RE: [EXTERNAL] Re: [WIRELESS-LAN] Antenna mounting suggestions

RE: Antenna mounting suggestions

Re: [WIRELESS-LAN] Antenna mounting suggestions

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius

RE: WLC 8.10.122 Bug

RE: WLC 8.10.122 Bug

15 matches

Site Navigation

Mail list logo

Footer information