date:20210609

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

2021-06-09 Thread Jeffrey D. Sessler

I would encourage those with these open cases to join the EFT. Once you join, 
you get to interface directly with the BU, with direct eyes-on from the 
developers.

Jeff

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rios, Hector J
Sent: Wednesday, June 09, 2021 2:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

The log “chatter: lat_client_add(422): Failed to add client” is documented in 
CSCvv78366. The release notes for 8.10.151 say that it is resolved, but it is 
not. From the troubleshooting I’ve done, even on MR5, it appears this bug is 
purely cosmetic. I have not had issues connecting to APs experiencing this bug 
when I have tested. The biggest issue with this bug is all the trash that is 
generating.

Hector Rios, UT Austin

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, June 8, 2021 2:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

Hello all,

We were struggling with this issue as well on version 8.10.130.0. We created a 
tac case (SR 690110031) last year but due to covid and lockdowns we couldn’t 
reproduce the issue. We only saw these issues on places where there was a lot 
of clients/roaming. On these ap’s the logs were filled with “chatter: 
lat_client_add(422): Failed to add client”. Not sure if this was related 
though. We only saw this issue on newer ap’s (2800/3800 and 9120’s).

No fix so far (and apparently not even in 8.10.151). Cisco pointed us to bug id 
CSCvv78719 and we had to disable MU-MIMO.
We weren’t able to verify this fix.

Regards

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Jonathan Oakden
Verzonden: woensdag 2 juni 2021 17:38
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

Not sure as yet as we have been too busy to get this over to TAC at the moment 
since we identified the problem and came across this bug ID at the end of last 
week. It’s certainly the closest match we can find.
We can see that most of our 2801 APs sit at around 30-50% memory utilisation, 
however around 6% of them (about 320) are currently above 60% which is unusual. 
These appear to be climbing steadily at around 3-4% per week as though there is 
a memory leak.
We first spotted this when we got reports from students in a residence saying 
they were connected to wifi but nothing was working. Looking at the AP it was 
sat at 95% memory utilisation. Rebooting the AP restored service. However, we 
then looked at nearby APs and could see them climbing as well. It doesn’t 
appear to be all our APs but some unknown subsection of them.
We only went to 8.10 as we had bought some 9105 APs.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Date: Wednesday, 2 June 2021 at 16:30
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
That one’s interesting because it shows affected code is 8.5(140.0), and only 
one case... is TAC agreeing it’s the same bug? Just curious.
Lee Badman (mobile)

On Jun 2, 2021, at 11:23 AM, Jonathan Oakden 
mailto:j.p.oak...@lboro.ac.uk>> wrote:

We are on 8.10.151 for the last couple of months here at Loughborough 
University in England. We think we are being hit quite badly by this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp31778

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

2021-06-09 Thread Rios, Hector J

The log “chatter: lat_client_add(422): Failed to add client” is documented in 
CSCvv78366. The release notes for 8.10.151 say that it is resolved, but it is 
not. From the troubleshooting I’ve done, even on MR5, it appears this bug is 
purely cosmetic. I have not had issues connecting to APs experiencing this bug 
when I have tested. The biggest issue with this bug is all the trash that is 
generating.

Hector Rios, UT Austin

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Mathieu Sturm
Sent: Tuesday, June 8, 2021 2:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

Hello all,

We were struggling with this issue as well on version 8.10.130.0. We created a 
tac case (SR 690110031) last year but due to covid and lockdowns we couldn’t 
reproduce the issue. We only saw these issues on places where there was a lot 
of clients/roaming. On these ap’s the logs were filled with “chatter: 
lat_client_add(422): Failed to add client”. Not sure if this was related 
though. We only saw this issue on newer ap’s (2800/3800 and 9120’s).

No fix so far (and apparently not even in 8.10.151). Cisco pointed us to bug id 
CSCvv78719 and we had to disable MU-MIMO.
We weren’t able to verify this fix.

Regards


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be






Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Jonathan Oakden
Verzonden: woensdag 2 juni 2021 17:38
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

Not sure as yet as we have been too busy to get this over to TAC at the moment 
since we identified the problem and came across this bug ID at the end of last 
week. It’s certainly the closest match we can find.
We can see that most of our 2801 APs sit at around 30-50% memory utilisation, 
however around 6% of them (about 320) are currently above 60% which is unusual. 
These appear to be climbing steadily at around 3-4% per week as though there is 
a memory leak.
We first spotted this when we got reports from students in a residence saying 
they were connected to wifi but nothing was working. Looking at the AP it was 
sat at 95% memory utilisation. Rebooting the AP restored service. However, we 
then looked at nearby APs and could see them climbing as well. It doesn’t 
appear to be all our APs but some unknown subsection of them.
We only went to 8.10 as we had bought some 9105 APs.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Date: Wednesday, 2 June 2021 at 16:30
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
That one’s interesting because it shows affected code is 8.5(140.0), and only 
one case... is TAC agreeing it’s the same bug? Just curious.
Lee Badman (mobile)

On Jun 2, 2021, at 11:23 AM, Jonathan Oakden 
mailto:j.p.oak...@lboro.ac.uk>> wrote:

We are on 8.10.151 for the last couple of months here at Loughborough 
University in England. We think we are being hit quite badly by this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp31778
with around 6% of our 2802i APs being currently affected.
It’s a really annoying bug too as to the user they appear to be connected to 
Wi-Fi but they have no network activity at all. Also the APs seem fine from a 
monitoring perspective unless you are either carefully monitoring their memory 
usage, or they get so far out of memory that they appear to lose their 
registration with the controller.
As such, I really can’t recommend 8.1

Re: [WIRELESS-LAN] MPSK SSID Names

2021-06-09 Thread Tim Cappalli

Easiest way to prevent user-centric devices from actively using your headless 
device network is to block your identity provider from the headless roles so 
users can't sign in to resources.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Curtis, Bruce 
<01dd2279a597-dmarc-requ...@listserv.educause.edu>
Sent: Wednesday, June 9, 2021 10:23:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] MPSK SSID Names



> On Jun 9, 2021, at 8:59 AM, Michael Dickson  wrote:
>
> I'm curious if anyone is doing anything to prevent/discourage 802.1x capable 
> devices (laptops, tablets, smartphones) from connecting to the IoT network. 
> We would prefer these things stay on eduroam and currently use device 
> fingerprinting to deny access to our "devices/IoT" (MAB) network.

No.  Several IoT devices require that the phone/tablet/computer be on the SSID 
that the IoT device will be configured to use.  (The configuration App looks at 
what SSID the phone/tablet/computer is on and tells the IoT device to join the 
same SSID)

We require the MAC address of all of the devices that join the IoT SSID be 
registered so students have to register the MAC address of the 
phone/tablet/computer before connecting to the IoT SSID.

>
> Mike
> Michael Dickson
> Network Engineer
> Information Technology
> University of Massachusetts Amherst
> 413-545-9639
>
> michael.dick...@umass.edu
>
> PGP: 0x16777D39
>
>
>
> On 6/9/21 8:35 AM, Shoebottom, Bryan wrote:
>> I took over from our previous wireless admin a few years ago and went 
>> through an extensive project to consolidate and clean up our SSIDs.  Every 
>> use case seemed to have their own SSID multiplied by each site – it was a 
>> confusing mess for everyone.  After lots of research and consultation with 
>> our clients, and a mindset of keeping things simple yet accommodating 
>> policy/requirements, it came down to the following configuration:
>>
>>
>>
>> FanshaweCollege802.1x   staff/students via 
>> domain accounts, IoT/non-domain (e.g. shared iPads) items via ISE accounts
>>
>> FanshaweGuestMac auth click-through portal 
>> allows 24hrs access, then the portal comes up again
>>
>> eduroam 802.1x   staff/students 
>> via domain accounts, remote eduroam accounts
>>
>>
>>
>> FanshaweDevicesiPSK   IoT devices that don’t 
>> support 802.1x
>>
>>
>>
>>
>>
>> The top 2 SSIDs are broadcast at all our sites.  Eduroam is broadcast at all 
>> our educational based sites.  We tried to have eduroam and FanshaweCollege 
>> combined, but senior management didn’t want to lose the branded SSID.  As 
>> for the FanshaweDevices, to keep airspace clean, we only broadcast this 
>> where we need it.  We are a Cisco shop and almost exclusively on the WLC9800 
>> now.  We make use of the AP Join profiles and an AP naming standard to 
>> accomplish this.  By changing a character in the AP name, I can have it 
>> pickup different policies for RF, SSID, etc.  Currently we have the iPSK 
>> network only broadcast in 2 locations to support athletic equipment and 
>> Nintendo switches.  The iPSK auth method allows us have a single SSID, yet 
>> provide back-end control depending on the device that is connecting, or 
>> better, the PSK they use.  Our Residence networking is provided by a 3rd 
>> party.
>>
>>
>>
>> So far this has worked really well, and I received compliments the September 
>> following the changes as helpdesk lineups/queues were significantly shorter. 
>>  All SSIDs run on both 5 and 2.4GHz, so if we do decide to split up SSIDs 
>> based on frequency, I could see some changes here, otherwise it’s ticking 
>> all our boxes.
>>
>>
>>
>>
>>
>> --
>>
>> Regards,
>>
>>
>>
>> Bryan Shoebottom
>>
>> Network & Systems Specialist
>>
>>
>>
>> Network Services & Computer Operations
>>
>> 1001 Fanshawe College Blvd. London, ON N5Y 5R6
>>
>> T 519.452.4430 x4904 | F 519.453.3231
>>
>> bshoebot...@fanshawec.ca
>>
>>
>>
>> 
>>
>>
>> From: Patrick McEvilly 
>> Sent: June 8, 2021 4:37 PM
>> Subject: Re: MPSK SSID Names
>>
>>
>>
>> Hi Brian
>>
>>
>>
>> We are struggling with a name that would work for this.  We have “Harvard 
>> Secure” as our 802.1x SSID, “Harvard University” as our legacy MAC 
>> registered SSID and eduroam.  We want to use the MPSK SSID to solve for all 
>> things – IoT, gaming consoles, Alexa, Smart*, AV gear, for both BYOD and for 
>> infrastructure devices.  We are also interested in hearing what others have 
>> named their SSIDs or suggestions that would represent the general-purpose 
>> use of such an SSID.
>>
>>
>>
>> Patrick
>>
>>
>>
>> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>>  on behalf of Brian Helman 
>> 
>> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
>> 
>> Date: Tuesday, June 8, 2021 at 3:04 PM
>> To: "WIRELESS-LAN@LISTSE

Re: [WIRELESS-LAN] MPSK SSID Names

2021-06-09 Thread Curtis, Bruce



> On Jun 9, 2021, at 8:59 AM, Michael Dickson  wrote:
> 
> I'm curious if anyone is doing anything to prevent/discourage 802.1x capable 
> devices (laptops, tablets, smartphones) from connecting to the IoT network. 
> We would prefer these things stay on eduroam and currently use device 
> fingerprinting to deny access to our "devices/IoT" (MAB) network. 

No.  Several IoT devices require that the phone/tablet/computer be on the SSID 
that the IoT device will be configured to use.  (The configuration App looks at 
what SSID the phone/tablet/computer is on and tells the IoT device to join the 
same SSID)

We require the MAC address of all of the devices that join the IoT SSID be 
registered so students have to register the MAC address of the 
phone/tablet/computer before connecting to the IoT SSID.

> 
> Mike
> Michael Dickson
> Network Engineer
> Information Technology
> University of Massachusetts Amherst
> 413-545-9639
> 
> michael.dick...@umass.edu
> 
> PGP: 0x16777D39
> 
> 
> 
> On 6/9/21 8:35 AM, Shoebottom, Bryan wrote:
>> I took over from our previous wireless admin a few years ago and went 
>> through an extensive project to consolidate and clean up our SSIDs.  Every 
>> use case seemed to have their own SSID multiplied by each site – it was a 
>> confusing mess for everyone.  After lots of research and consultation with 
>> our clients, and a mindset of keeping things simple yet accommodating 
>> policy/requirements, it came down to the following configuration:
>> 
>>  
>> 
>> FanshaweCollege802.1x   staff/students via 
>> domain accounts, IoT/non-domain (e.g. shared iPads) items via ISE accounts
>> 
>> FanshaweGuestMac auth click-through portal 
>> allows 24hrs access, then the portal comes up again
>> 
>> eduroam 802.1x   staff/students 
>> via domain accounts, remote eduroam accounts
>> 
>>  
>> 
>> FanshaweDevicesiPSK   IoT devices that don’t 
>> support 802.1x
>> 
>>  
>> 
>>  
>> 
>> The top 2 SSIDs are broadcast at all our sites.  Eduroam is broadcast at all 
>> our educational based sites.  We tried to have eduroam and FanshaweCollege 
>> combined, but senior management didn’t want to lose the branded SSID.  As 
>> for the FanshaweDevices, to keep airspace clean, we only broadcast this 
>> where we need it.  We are a Cisco shop and almost exclusively on the WLC9800 
>> now.  We make use of the AP Join profiles and an AP naming standard to 
>> accomplish this.  By changing a character in the AP name, I can have it 
>> pickup different policies for RF, SSID, etc.  Currently we have the iPSK 
>> network only broadcast in 2 locations to support athletic equipment and 
>> Nintendo switches.  The iPSK auth method allows us have a single SSID, yet 
>> provide back-end control depending on the device that is connecting, or 
>> better, the PSK they use.  Our Residence networking is provided by a 3rd 
>> party.
>> 
>>  
>> 
>> So far this has worked really well, and I received compliments the September 
>> following the changes as helpdesk lineups/queues were significantly shorter. 
>>  All SSIDs run on both 5 and 2.4GHz, so if we do decide to split up SSIDs 
>> based on frequency, I could see some changes here, otherwise it’s ticking 
>> all our boxes.
>> 
>>  
>> 
>>  
>> 
>> --
>> 
>> Regards,
>> 
>>  
>> 
>> Bryan Shoebottom
>> 
>> Network & Systems Specialist
>> 
>>  
>> 
>> Network Services & Computer Operations
>> 
>> 1001 Fanshawe College Blvd. London, ON N5Y 5R6
>> 
>> T 519.452.4430 x4904 | F 519.453.3231
>> 
>> bshoebot...@fanshawec.ca
>> 
>>  
>> 
>> 
>>  
>> 
>> From: Patrick McEvilly  
>> Sent: June 8, 2021 4:37 PM
>> Subject: Re: MPSK SSID Names
>> 
>>  
>> 
>> Hi Brian
>> 
>>  
>> 
>> We are struggling with a name that would work for this.  We have “Harvard 
>> Secure” as our 802.1x SSID, “Harvard University” as our legacy MAC 
>> registered SSID and eduroam.  We want to use the MPSK SSID to solve for all 
>> things – IoT, gaming consoles, Alexa, Smart*, AV gear, for both BYOD and for 
>> infrastructure devices.  We are also interested in hearing what others have 
>> named their SSIDs or suggestions that would represent the general-purpose 
>> use of such an SSID.
>> 
>>  
>> 
>> Patrick
>> 
>>  
>> 
>> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>>  on behalf of Brian Helman 
>> 
>> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
>> 
>> Date: Tuesday, June 8, 2021 at 3:04 PM
>> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
>> Subject: [WIRELESS-LAN] MPSK SSID Names
>> 
>>  
>> 
>> Anyone using Aruba’s (or if other manufacturers have a similar feature) MPSK 
>> service?  What did you use for an SSID – looking for naming ideas.
>> 
>>  
>> 
>> -Brian
>> 
>>  
>> 
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire community 
>> list. If you want to reply only to the person who sent the message

Re: [WIRELESS-LAN] MPSK SSID Names

2021-06-09 Thread Michael Dickson

I'm curious if anyone is doing anything to prevent/discourage 802.1x
capable devices (laptops, tablets, smartphones) from connecting to the
IoT network. We would prefer these things stay on eduroam and currently
use device fingerprinting to deny access to our "devices/IoT" (MAB)
network.

Mike

Michael Dickson
Network Engineer
Information Technology
University of Massachusetts Amherst
413-545-9639
michael.dick...@umass.edu
PGP: 0x16777D39


On 6/9/21 8:35 AM, Shoebottom, Bryan wrote:
>
> I took over from our previous wireless admin a few years ago and went
> through an extensive project to consolidate and clean up our SSIDs. 
> Every use case seemed to have their own SSID multiplied by each site –
> it was a confusing mess for everyone.  After lots of research and
> consultation with our clients, and a mindset of keeping things simple
> yet accommodating policy/requirements, it came down to the following
> configuration:
>
>  
>
> FanshaweCollege    802.1x   staff/students via
> domain accounts, IoT/non-domain (e.g. shared iPads) items via ISE accounts
>
> FanshaweGuest    Mac auth click-through portal
> allows 24hrs access, then the portal comes up again
>
> eduroam     802.1x  
> staff/students via domain accounts, remote eduroam accounts
>
>  
>
> FanshaweDevices    iPSK   IoT devices that
> don’t support 802.1x
>
>  
>
>  
>
> The top 2 SSIDs are broadcast at all our sites.  Eduroam is broadcast
> at all our educational based sites.  We tried to have eduroam and
> FanshaweCollege combined, but senior management didn’t want to lose
> the branded SSID.  As for the FanshaweDevices, to keep airspace clean,
> we only broadcast this where we need it.  We are a Cisco shop and
> almost exclusively on the WLC9800 now.  We make use of the AP Join
> profiles and an AP naming standard to accomplish this.  By changing a
> character in the AP name, I can have it pickup different policies for
> RF, SSID, etc.  Currently we have the iPSK network only broadcast in 2
> locations to support athletic equipment and Nintendo switches.  The
> iPSK auth method allows us have a single SSID, yet provide back-end
> control depending on the device that is connecting, or better, the PSK
> they use.  Our Residence networking is provided by a 3^rd party.
>
>  
>
> So far this has worked really well, and I received compliments the
> September following the changes as helpdesk lineups/queues were
> significantly shorter.  All SSIDs run on both 5 and 2.4GHz, so if we
> do decide to split up SSIDs based on frequency, I could see some
> changes here, otherwise it’s ticking all our boxes.
>
>  
>
>  
>
> --
>
> Regards,
>
>  
>
> *Bryan Shoebottom*
>
> /Network & Systems Specialist/
>
>  
>
> *Network Services & Computer Operations*
>
> 1001 Fanshawe College Blvd. London, ON N5Y 5R6
>
> T 519.452.4430 x4904 | F 519.453.3231
>
> bshoebot...@fanshawec.ca 
>
>  
>
> cid:582C4514-D41F-48FA-94E1-89D38DB527CB
>
>  
>
> *From:*Patrick McEvilly 
> *Sent:* June 8, 2021 4:37 PM
> *Subject:* Re: MPSK SSID Names
>
>  
>
> Hi Brian
>
>  
>
> We are struggling with a name that would work for this.  We have
> “Harvard Secure” as our 802.1x SSID, “Harvard University” as our
> legacy MAC registered SSID and eduroam.  We want to use the MPSK SSID
> to solve for all things – IoT, gaming consoles, Alexa, Smart*, AV
> gear, for both BYOD and for infrastructure devices.  We are also
> interested in hearing what others have named their SSIDs or
> suggestions that would represent the general-purpose use of such an SSID.
>
>  
>
> Patrick
>
>  
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv
>  > on behalf of Brian Helman
> mailto:bhel...@salemstate.edu>>
> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv
>  >
> *Date: *Tuesday, June 8, 2021 at 3:04 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> "
>  >
> *Subject: *[WIRELESS-LAN] MPSK SSID Names
>
>  
>
> Anyone using Aruba’s (or if other manufacturers have a similar
> feature) MPSK service?  What did you use for an SSID – looking for
> naming ideas.
>
>  
>
> -Brian
>
>  
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email
> reply. Additional participation and subscription information can be
> found at https://www.educause.edu/community
> 
>
>

RE: MPSK SSID Names

2021-06-09 Thread Shoebottom, Bryan

I took over from our previous wireless admin a few years ago and went through 
an extensive project to consolidate and clean up our SSIDs.  Every use case 
seemed to have their own SSID multiplied by each site - it was a confusing mess 
for everyone.  After lots of research and consultation with our clients, and a 
mindset of keeping things simple yet accommodating policy/requirements, it came 
down to the following configuration:

FanshaweCollege802.1x   staff/students via domain 
accounts, IoT/non-domain (e.g. shared iPads) items via ISE accounts
FanshaweGuestMac auth click-through portal allows 
24hrs access, then the portal comes up again
eduroam 802.1x   staff/students via 
domain accounts, remote eduroam accounts

FanshaweDevicesiPSK   IoT devices that don't 
support 802.1x


The top 2 SSIDs are broadcast at all our sites.  Eduroam is broadcast at all 
our educational based sites.  We tried to have eduroam and FanshaweCollege 
combined, but senior management didn't want to lose the branded SSID.  As for 
the FanshaweDevices, to keep airspace clean, we only broadcast this where we 
need it.  We are a Cisco shop and almost exclusively on the WLC9800 now.  We 
make use of the AP Join profiles and an AP naming standard to accomplish this.  
By changing a character in the AP name, I can have it pickup different policies 
for RF, SSID, etc.  Currently we have the iPSK network only broadcast in 2 
locations to support athletic equipment and Nintendo switches.  The iPSK auth 
method allows us have a single SSID, yet provide back-end control depending on 
the device that is connecting, or better, the PSK they use.  Our Residence 
networking is provided by a 3rd party.

So far this has worked really well, and I received compliments the September 
following the changes as helpdesk lineups/queues were significantly shorter.  
All SSIDs run on both 5 and 2.4GHz, so if we do decide to split up SSIDs based 
on frequency, I could see some changes here, otherwise it's ticking all our 
boxes.


--
Regards,

Bryan Shoebottom
Network & Systems Specialist

Network Services & Computer Operations
1001 Fanshawe College Blvd. London, ON N5Y 5R6
T 519.452.4430 x4904 | F 519.453.3231
bshoebot...@fanshawec.ca

[cid:582C4514-D41F-48FA-94E1-89D38DB527CB]

From: Patrick McEvilly 
Sent: June 8, 2021 4:37 PM
Subject: Re: MPSK SSID Names

Hi Brian

We are struggling with a name that would work for this.  We have "Harvard 
Secure" as our 802.1x SSID, "Harvard University" as our legacy MAC registered 
SSID and eduroam.  We want to use the MPSK SSID to solve for all things - IoT, 
gaming consoles, Alexa, Smart*, AV gear, for both BYOD and for infrastructure 
devices.  We are also interested in hearing what others have named their SSIDs 
or suggestions that would represent the general-purpose use of such an SSID.

Patrick

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Brian Helman 
mailto:bhel...@salemstate.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, June 8, 2021 at 3:04 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] MPSK SSID Names

Anyone using Aruba's (or if other manufacturers have a similar feature) MPSK 
service?  What did you use for an SSID - looking for naming ideas.

-Brian


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: MPSK SSID Names

2021-06-09 Thread Jason Healy

We haven't spun up MPSK yet, but we do have an SSID for MAC auth.  Our 3 
broadcasts right now are:

 Auth
 Gear
 Visitor 

The "Gear" network is for MAC auth, IoT, game consoles, etc.  Users still don't 
really know what "IoT" means, so we tell them its for all their "wireless gear".

Auth is 802.1x, and Visitor is PSK.  We rotate the password regularly, and when 
we do we change the datestamp on the SSID so we don't deal with devices trying 
to autoconnect with bad credentials.

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

Re: [WIRELESS-LAN] MPSK SSID Names

Re: [WIRELESS-LAN] MPSK SSID Names

Re: [WIRELESS-LAN] MPSK SSID Names

RE: MPSK SSID Names

Re: MPSK SSID Names

7 matches

Site Navigation

Mail list logo

Footer information