date:20210209

RE: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

2021-02-09 Thread Dom Colangelo

In my testing I found that networks saved prior to the patch retained the 
'Don't validate' option. Forgetting and re-configuring the network eliminated 
the option.

[cid:image001.png@01D6FEDE.B1FD2340]Dom Colangelo
Systems Engineer
Omada Technologies
Cell: (617)-446-3945
dcolang...@omadatechnologies.com

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Tuesday, February 9, 2021 12:15
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Screenshot?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Walter Reynolds mailto:wa...@umich.edu>>
Date: Tuesday, February 9, 2021 at 12:03
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

I have a Pixel 3 that I did a factory restet on.  Next I did all the updates 
needed and it is running Android 11.  The build number is RQ1A.210205.004 which 
includes the latest security patch for the phone.

When I go to configure a WPA2 Enterprise network I still have the "Don't 
validate" option.

What am I missing here?


Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Sun, Feb 7, 2021 at 3:29 AM Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:
I would not expect Pixel 2 and earlier to receive this update as they are end 
of support.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richie Penuela 
mailto:richie.penu...@ucf.edu>>
Sent: Friday, February 5, 2021 09:37
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021


Mathieu,



Currently this is affecting Google Pixel 3 and up that have installed the 
Android 11 security patch in December. We have Google Pixel 2A w/ Android 11 
but the last security patch was provided prior to the one in December and we 
are still to select "Do not validate" option. In conversation with some of our 
integrators they believe that other Android platforms will follow suit.



-Respectfully,



[signature_2043038681]

Sr. Wireless Engineer

UCF IT | Telecommunications

University of Central Florida

407.823.4906

richie.penu...@ucf.edu



Please note: Florida has a very broad open records law (F.S. 119). Emails may 
be subject to public disclosure





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, February 5, 2021 at 9:32 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021



Hello all,



I've been testing with 2 devices (Samsung s10 upgraded to android 11 and 
Samsung s20 also upgraded to android 11).

It seems that I'm still able to select "Do not validate" on these devices.



Is this because these devices were upgraded to android 11 and that the newer 
devices which were released with android 11 don't allow the "Do not validate"?

Or are the pixel phones the only ones?



Regards,



Mathieu



Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Hurt,Trenton W.
Verzonden: maandag 1 februari 2021 22:47
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021



FYI



I just received the following from securew2 about some additional security 
changes coming to android 11.







This action will need to take place before the upcoming Android application 
update that is planned for February 15th, 2021.



As you may already be aware, Google mandates server validation to be properly 
configured for WiFi from Android version 11. This means that any 802.1X WiFi 
configuration without the following two settings will fail to connect.



1.  Server Validation

2.  Connect to these server names



For more information about these configurations, please read below.



What is Server Validation in a Network Profile?

This configuration item is for clients to validate a RADIUS server certificate 
chain during an EAP authentication. Clients would forward its requests only 
when the received server

Re: Aruba AP2xx vs. AP5xx apples-to-apples

2021-02-09 Thread Miller, Keith C

Hi David et al.,

I’ve actually done this with Ekahau and on the 5GHz radio with the same EIRP 
value, the 315 is typically 2dB stronger than the 515. Based on real world 
data, I’ve seen somewhere around a 2-4 dB difference on both the SideKick and 
my MBP when using Adrian’s WFE app.

The 515 has close to 1 dB more antenna gain than the 315 does on the 5GHz radio 
which means there’s going to be less conducted power (TX power) out of the 
transmitter when using the same EIRP value. I also wonder if the 315 using a 
Qualcomm chip vs the 515 using Broadcom has anything to do with it and how much.

Regards,
Keith

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Biron, David 

Date: Tuesday, February 9, 2021 at 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples
Hi Jason,

In regards to Ekahau, you can model the AP model before and after in the 
predictive section. Obviously this is based on a computer model, but should 
give an indication.

I can’t comment in regards to going from AP2xx/3xx to the AP515. But we have 
gone from the Cisco 2802i to the AP-515 and in the real world the coverage is a 
lot better with the Aruba in comparison to the Cisco. Modelling this in Ekahau 
shows similar.

We were a really early adopter of AX and chose to turn off that feature due to 
the amount of corporate managed laptops running the affected Intel chipset.

Now AX is more widespread (Lots more client devices) and better information is 
provided to end users in regards to updating drivers, we are looking at turning 
the feature back on.

David Biron

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Trinklein
Sent: 08 February 2021 18:02
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples

In the early days of Aruba's AP5xx series, I heard rumblings in peer 
institutions and on Educause about the AP5xx series having poor RF properties 
compared to the AP2xx and AP3xx series. For example, when replacing an AP315 
with an AP515, signal coverage was worse, sometimes bad enough to cause service 
loss in distant locations.

We are considering our next wifi upgrade to 802.11ax and are thinking about 
performing an apples-to-apples wifi survey by surveying our 2xx APs in-place, 
then performing the same survey with 5xx APs in-place. Has anyone performed 
such an apples-to-apples comparison with Ekahau, measuring RSSI, throughput, 
jitter, and latency? Any comparisons of airtime utilization using EyePA or 
similar?

If anyone has experience they can share to help us make a data-driven and 
informed decision, I'd be appreciative.

In a broader question - for those who have moved from .ac to .ax, have you seen 
measurable increases in quality of service to your community?

Thanks!

--
Jason Trinklein
Information Technology Services - Infrastructure
Clark University | 950 Main Street | Worcester, MA 01610
508-421-3865 (o) | 508-736-4001 (c) | 
jtrinkl...@clarku.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

2021-02-09 Thread Tim Cappalli

Screenshot?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Walter Reynolds 

Date: Tuesday, February 9, 2021 at 12:03
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

I have a Pixel 3 that I did a factory restet on.  Next I did all the updates 
needed and it is running Android 11.  The build number is RQ1A.210205.004 which 
includes the latest security patch for the phone.

When I go to configure a WPA2 Enterprise network I still have the "Don't 
validate" option.

What am I missing here?

Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438

On Sun, Feb 7, 2021 at 3:29 AM Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:
I would not expect Pixel 2 and earlier to receive this update as they are end 
of support.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richie Penuela 
mailto:richie.penu...@ucf.edu>>
Sent: Friday, February 5, 2021 09:37
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Mathieu,

Currently this is affecting Google Pixel 3 and up that have installed the 
Android 11 security patch in December. We have Google Pixel 2A w/ Android 11 
but the last security patch was provided prior to the one in December and we 
are still to select “Do not validate” option. In conversation with some of our 
integrators they believe that other Android platforms will follow suit.

-Respectfully,

[signature_2043038681]

Sr. Wireless Engineer

UCF IT | Telecommunications

University of Central Florida

407.823.4906

richie.penu...@ucf.edu

Please note: Florida has a very broad open records law (F.S. 119). Emails may 
be subject to public disclosure

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, February 5, 2021 at 9:32 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Hello all,

I’ve been testing with 2 devices (Samsung s10 upgraded to android 11 and 
Samsung s20 also upgraded to android 11).

It seems that I’m still able to select “Do not validate” on these devices.

Is this because these devices were upgraded to android 11 and that the newer 
devices which were released with android 11 don’t allow the “Do not validate”?

Or are the pixel phones the only ones?

Regards,

Mathieu

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Hurt,Trenton W.
Verzonden: maandag 1 februari 2021 22:47
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

FYI

I just received the following from securew2 about some additional security 
changes coming to android 11.

This action will need to take place before the upcoming Android application 
update that is planned for February 15th, 2021.

As you may already be aware, Google mandates server validation to be properly 
configured for WiFi from Android version 11. This means that any 802.1X WiFi 
configuration without the following two settings will fail to connect.

1.  Server Validation

2.  Connect to these server names

For more information about these configurations, please read below.

What is Server Validation in a Network Profile?

This configuration item is for clients to validate a RADIUS server certificate 
chain during an EAP authentication. Clients would forward its requests only 
when the received server certificate is signed by the CA that is configured on 
the SecureW2 Network Profile.  It may be required to upload only the Root CA of 
the RADIUS server certificate, however, in some cases, the full chain may need 
to be provided.

What is the Connect to these server names field?

This field is used to specify the name of your RADIUS server certificate using 
its Common Name. If there is only one RADIUS server in your setup, you can 
quickly find this name from the certificate. If there are more than one RADIUS 
servers, or if the RADIUS server Common Name has more than two subdomains, we 
advise to use a wildcard name.

For example:

If the RADIUS server certificate’s Common Name =

Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

2021-02-09 Thread Walter Reynolds

I have a Pixel 3 that I did a factory restet on.  Next I did all the
updates needed and it is running Android 11.  The build number is
RQ1A.210205.004 which includes the latest security patch for the phone.

When I go to configure a WPA2 Enterprise network I still have the "Don't
validate" option.

What am I missing here?


Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Sun, Feb 7, 2021 at 3:29 AM Tim Cappalli <
0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote:

> I would not expect Pixel 2 and earlier to receive this update as they are
> end of support.
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Richie Penuela <
> richie.penu...@ucf.edu>
> *Sent:* Friday, February 5, 2021 09:37
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021
>
>
> Mathieu,
>
>
>
> Currently this is affecting Google Pixel 3 and up that have installed the
> Android 11 security patch in December. We have Google Pixel 2A w/ Android
> 11 but the last security patch was provided prior to the one in December
> and we are still to select “Do not validate” option. In conversation with
> some of our integrators they believe that other Android platforms will
> follow suit.
>
>
>
> -Respectfully,
>
>
>
> *[image: signature_2043038681]*
>
> Sr. Wireless Engineer
>
> *UCF **IT | Telecommunications*
>
> University of Central Florida
>
> 407.823.4906
>
> richie.penu...@ucf.edu
>
>
>
> *Please note:* Florida has a very broad open records law (F.S. 119).
> Emails may be subject to public disclosure
>
>
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Mathieu Sturm <
> mathieu.st...@hogent.be>
> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Friday, February 5, 2021 at 9:32 AM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021
>
>
>
> Hello all,
>
>
>
> I’ve been testing with 2 devices (Samsung s10 upgraded to android 11 and
> Samsung s20 also upgraded to android 11).
>
> It seems that I’m still able to select “Do not validate” on these devices.
>
>
>
> Is this because these devices were upgraded to android 11 and that the
> newer devices which were released with android 11 don’t allow the “Do not
> validate”?
>
> Or are the pixel phones the only ones?
>
>
>
> Regards,
>
>
>
> Mathieu
>
>
>
> *Van:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Namens *Hurt,Trenton W.
> *Verzonden:* maandag 1 februari 2021 22:47
> *Aan:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Onderwerp:* [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021
>
>
>
> FYI
>
>
>
> I just received the following from securew2 about some additional security
> changes coming to android 11.
>
>
>
>
>
>
>
> This action will need to take place before the upcoming Android
> application update that is planned for February 15th, 2021.
>
>
>
> As you may already be aware, Google mandates server validation to be
> properly configured for WiFi from Android version 11. This means that any
> 802.1X WiFi configuration without the following two settings will fail to
> connect.
>
>
>
> 1.  Server Validation
>
> 2.  Connect to these server names
>
>
>
> For more information about these configurations, please read below.
>
>
>
> What is Server Validation in a Network Profile?
>
> This configuration item is for clients to validate a RADIUS server
> certificate chain during an EAP authentication. Clients would forward its
> requests only when the received server certificate is signed by the CA that
> is configured on the SecureW2 Network Profile.  It may be required to
> upload only the Root CA of the RADIUS server certificate, however, in some
> cases, the full chain may need to be provided.
>
>
>
> What is the Connect to these server names field?
>
> This field is used to specify the name of your RADIUS server certificate
> using its Common Name. If there is only one RADIUS server in your setup,
> you can quickly find this name from the certificate. If there are more than
> one RADIUS servers, or if the RADIUS server Common Name has more than two
> subdomains, we advise to use a wildcard name.
>
>
>
> For example:
>
> If the RADIUS server certificate’s Common Name = radius.domain.com
> Connect to these server names should be radius.domain.com
>
>
>
> If the RADIUS server certificate’s Common Name =
> radius.lab.department.domain.com Connect to these server names should be
> *.department.domain.com or *.domain.com
>
>
>
>
>
>
>
>
>
> Thanks
>
> Trent
>
>
>
> Trenton Hurt, CWNE

RE: Aruba AP2xx vs. AP5xx apples-to-apples

2021-02-09 Thread Biron, David

Hi Jason,

In regards to Ekahau, you can model the AP model before and after in the 
predictive section. Obviously this is based on a computer model, but should 
give an indication.

I can't comment in regards to going from AP2xx/3xx to the AP515. But we have 
gone from the Cisco 2802i to the AP-515 and in the real world the coverage is a 
lot better with the Aruba in comparison to the Cisco. Modelling this in Ekahau 
shows similar.

We were a really early adopter of AX and chose to turn off that feature due to 
the amount of corporate managed laptops running the affected Intel chipset.

Now AX is more widespread (Lots more client devices) and better information is 
provided to end users in regards to updating drivers, we are looking at turning 
the feature back on.

David Biron

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Trinklein
Sent: 08 February 2021 18:02
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP2xx vs. AP5xx apples-to-apples

In the early days of Aruba's AP5xx series, I heard rumblings in peer 
institutions and on Educause about the AP5xx series having poor RF properties 
compared to the AP2xx and AP3xx series. For example, when replacing an AP315 
with an AP515, signal coverage was worse, sometimes bad enough to cause service 
loss in distant locations.

We are considering our next wifi upgrade to 802.11ax and are thinking about 
performing an apples-to-apples wifi survey by surveying our 2xx APs in-place, 
then performing the same survey with 5xx APs in-place. Has anyone performed 
such an apples-to-apples comparison with Ekahau, measuring RSSI, throughput, 
jitter, and latency? Any comparisons of airtime utilization using EyePA or 
similar?

If anyone has experience they can share to help us make a data-driven and 
informed decision, I'd be appreciative.

In a broader question - for those who have moved from .ac to .ax, have you seen 
measurable increases in quality of service to your community?

Thanks!

--
Jason Trinklein
Information Technology Services - Infrastructure
Clark University | 950 Main Street | Worcester, MA 01610
508-421-3865 (o) | 508-736-4001 (c) | 
jtrinkl...@clarku.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Re: Aruba AP2xx vs. AP5xx apples-to-apples

Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

RE: Aruba AP2xx vs. AP5xx apples-to-apples

5 matches

Site Navigation

Mail list logo

Footer information