[POSSIBLE SPAM] Sonos Google Home and other devices are not working any longer

[Christina Klam]

All, 

In the months between we shutdown for COVID in March 2020 and now we have 
upgraded our WLC5520 to 8.10.151.0, replaced the core routers for campus and 
Resnet, and replaced some APs. Somewhere in all of these changes, users lost 
the ability to connect to their Sonos and Google Home devices. The devices 
connect to the network, get an IP, and try to get to the internet (thank you 
netflow). But, the users cannot connect to the devices via their mobile or 
laptops. When I do a packet capture on the clients, I see SSDP discovers to 
239.255.255.250 and the broadcast 255.255.255.255. 
Any ideas? 

* ip multicast-routing is enabled on the core switch 
VLAN: 


* ip pim sparse-mode 
* ip igmp version 3 
* ip igmp explicit-tracking 

WLC 
* mDNS is enabled 
* mDNS service strings exist 


Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[Christina Klam]

All, 

There is a common theme in this thread, cost. Has someone suggested to I2 that 
they add NetAlly/Ekahau to its consortium purchasing plans? 
Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Jeffrey D. Sessler"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Tuesday, July 20, 2021 10:30:00 AM 
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives 



I think it is reasonable for Ekahau to enforce their license, especially when 
licensing it for multiple team members may be cheaper than using a third party. 
Then again, if pushing the envelope of the licensing is what made it less money 
than using a third party, perhaps shifting that work back out to a third party 
is a good idea? 



Unless the college’s strategic plan includes wireless surveying, this could be 
an opportunity to get out of the business and have those FTE’s focused on 
something that is strategically important to the college’s goals. It’s like 
“running servers” not being part of the organization’s strategic plan and 
shifting that infrastructure work toward SaaS/IaaS, focusing those FTE 
resources elsewhere. 



Jeff 




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Cook 
Sent: Monday, July 19, 2021 5:12 PM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives 




We’ve always had it attached to a team name (e.g. wifiteam@) which is clearly 
generic. 

Our license didn’t get cancelled, but they did email and ring to state we were 
out of compliance and wanted to chat and resolve the situation instead of 
cutting off access. Perhaps they changed their process  



It’s still the best product and we have a external group we sometimes use to do 
surveys who also have their own copy(I’ll have to see how they have fared with 
the licensing). After some staff changes I’m the only one who knows the 
software, so right now this isn’t a huge issue but that will change. 



It’s not unreasonable for them to ensure their product is licensed and used 
correctly, it would be great if they could consider our use cases and provide a 
more reasonable solution. 







-- 

Jason Cook 

Information Technology and Digital Services 

The University of Adelaide, AUSTRALIA 5005 

--- 

This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright. If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 
notify the sender by reply email and delete this email and any copies or links 
to this email completely and immediately from your system. No representation is 
made that this email is free of viruses. Virus scanning is recommended and is 
the responsibility of the recipient. 




From: The EDUCAUSE Wireless Issues Community Group Listserv < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > On Behalf Of James Helzerman 
Sent: Monday, 19 July 2021 11:46 PM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] 
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives 





Hi, how did they know it was a generic account? Are they sending back 
information about the device it's on and mapping the login? Or they just using 
some heuristic that looks to see if it may be a generic account such as sending 
emails to thT user account and getting no response. 





Jimmy 





On Sun, Jul 18, 2021, 10:56 PM Jason Cook < [ mailto:jason.c...@adelaide.edu.au 
| jason.c...@adelaide.edu.au ] > wrote: 





This frustrated us a bit too. Their licensing seems to be aimed primarily at 
Wifi professionals who use this all the time/profit from it as part of their 
business. Doesn’t really fit our environments at all. 



Over the course of a year lets say at best we’d use this at .5 of an FTE (I’m 
probably overstating that, would prefer to use it more but we just don’t have 
time) 

There’s 5 people in our team. We aren’t going to pay for 5 licenses for 
something that is use so little… not at the license cost they have anyway. 



Oh well.. what’s the difference in a generic email versus personal email for 
them anyway.. 



-- 

Jason Cook 

Information Technology and Digital Services 

The University of Adelaide, AUSTRALIA 5005 

--- 

This email message is intended only for the addressee(s) and contains 
information which may be confidential and/or copyright. If you are not the 
intended recipient please do not read, save, forward, disclose, or copy the 
contents of this email. If this email has been sent to you in error, please 

Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs

[Christina Klam]

Frank, 

That reminds me of a failed project I gave our summer students a few years 
back. I asked the students take reference photos of the APs so that we can an 
idea of where exactly in a room an AP was located. At the end of the summer, I 
had 400 photos of APs. Not photos of area/rooms with the APs. Just the APs. 
LOL. That project was a wash. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Sweetser, Frank E."  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Thursday, June 24, 2021 12:22:43 PM 
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs 



Having someone go out and put eyes on all of the hardware is also a great 
chance to check for physical damage – broken mounts, evidence of water leaks, 
and so on. For extra points, have them take a couple of pictures of each AP for 
future reference, and to help find any of the more hidden ones. 




Frank Sweetser 
Director of Network Operations 
Worcester Polytechnic Institute 
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken 





From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Smith, Nayef 
Sent: Thursday, June 24, 2021 10:06 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs 





To the point of "hours of remapping everything", we were very successful 
leveraging intern/work study for this type of work several years ago. When we 
have to do this again, i'll be running the same playbook. 4-6 student workers 
knocked it out over the summer. You can do something similar over the school 
year, but it will likely take a little longer. They enjoyed the work including 
the opportunity to visit locations and do site surveys as needed. 





Nayef Z. Smith | Network Services | Voice: 404-727-6019 











From: The EDUCAUSE Wireless Issues Community Group Listserv < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > on behalf of Christina Klam < [ mailto:ck...@ias.edu | ck...@ias.edu ] > 
Sent: Wednesday, June 16, 2021 2:52 PM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > 
Subject: [External] [WIRELESS-LAN] Placement mapping of APs 





All, 


For the upteenth time, we will need to re-map all of our access points in a 
Cisco GUI. Originally they were in Prime. Then we got DNAC and were told to 
migrate them there. But, just found out that you cannot export the mappings 
(blank maps yes, mappings no) from DNACv1 to DNACv2. And as the sync is only 
one way, Prime to DNAC, we cannot seamlessly return to Prime. 





Until Cisco gets their act together, we will do the re-mapping in Prime and 
have that be our source of truth. My question to the community is this. How do 
you handle the AP placement mappings? If there is a better way that manually 
dragging the images to the proper location, I would love to hear it. I see that 
you can use GPS coordinates but how can you get accurate coordinates inside a 
building? Ideally, I would like to create a spreadsheet of AP and locations and 
then upload it to said system. This way if Prime database gets corrupted (which 
has happened) or DNACv2-v3 also is not seamless, we do not have to spend the 
hours remapping everything ... again. 





Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cfs%40WPI.EDU%7C28e571c105224e974f3208d937192707%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637601403706598258%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000=76chVN%2BN29KQ8NuqdGTamz7eIw5EAk2Jr72kOYXimys%3D=0
 | 
https://www.educause.edu/community ] 







This e-mail message (including any attachments) is for the sole use of 
the intended recipient(s) and may contain confidential and privileged 
information. If the reader of this message is not the intended 
recipient, you are hereby notified that any dissemination, distribution 
or copying of this message (including any attachments) is strictly 
prohibited. 

If you have received this message in error, please contact 
the sender by reply e-mail message and destroy 

Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs

[Christina Klam]

My complaint about DNAC migration limitation was incorrect. The specialist at 
Cisco was wrong. The Cisco Developer team for this part of DNAC set us 
straight. The latest version of DNAC does, in fact, allow the export of 
populate maps into either Prime or Ekahau using the x/y coordinates mentioned 
below. I tested this out and it worked for all but one of our sites (The 
largest academic site is the one it failed on. The Cisco developers were 
notified and are on the case). I am so relieved. I will have the students 
finish the mappings and then run the export. 

Thank you everyone for the discussion. I am looking now into adding Ekahau if 
we can find the money. 
Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Curtis K. Larsen"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Thursday, June 24, 2021 10:59:46 AM 
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs 

We do AP placements, (and more) in Ekahau. It imports nicely into DNAC (with a 
rare horizontal to vertical map flipping problem that we are working on with 
Cisco). Since Cisco has done the work to map from ekahau .json files with x,y 
coordinates and AP names and model numbers - it seems logical that they can 
also go the other way (export from DNAC to Ekahau). We are working with some 
programming resources from Cisco on this right now. Our goal is to be able to 
use Ekahau reports for cable installers, and AP name configuration then import 
to DNAC and then export at anytime from DNAC to Ekahau to generate a new 
installation report complete with x,y coordinates, AP Names and model numbers. 
I think we will achieve this goal soon. Once that happens - only adjustments to 
existing buildings require moving APs on any maps -never one for one placements 
again. 

Thanks, 





-- 
Curtis K. Larsen 
Wireless Network Engineer III 
Infrastructure Ops 
The University of Utah 
Office 801-587-1313 
Mobile 801-425-7528 


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Smith, Nayef 
 
Sent: Thursday, June 24, 2021 8:05 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
Subject: Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Placement mapping of APs 
To the point of "hours of remapping everything", we were very successful 
leveraging intern/work study for this type of work several years ago. When we 
have to do this again, i'll be running the same playbook. 4-6 student workers 
knocked it out over the summer. You can do something similar over the school 
year, but it will likely take a little longer. They enjoyed the work including 
the opportunity to visit locations and do site surveys as needed. 

Nayef Z. Smith | Network Services | Voice: 404-727-6019 



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Christina Klam 
 
Sent: Wednesday, June 16, 2021 2:52 PM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
Subject: [External] [WIRELESS-LAN] Placement mapping of APs 
All, 
For the upteenth time, we will need to re-map all of our access points in a 
Cisco GUI. Originally they were in Prime. Then we got DNAC and were told to 
migrate them there. But, just found out that you cannot export the mappings 
(blank maps yes, mappings no) from DNACv1 to DNACv2. And as the sync is only 
one way, Prime to DNAC, we cannot seamlessly return to Prime. 

Until Cisco gets their act together, we will do the re-mapping in Prime and 
have that be our source of truth. My question to the community is this. How do 
you handle the AP placement mappings? If there is a better way that manually 
dragging the images to the proper location, I would love to hear it. I see that 
you can use GPS coordinates but how can you get accurate coordinates inside a 
building? Ideally, I would like to create a spreadsheet of AP and locations and 
then upload it to said system. This way if Prime database gets corrupted (which 
has happened) or DNACv2-v3 also is not seamless, we do not have to spend the 
hours remapping everything ... again. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cnayef.z.smith%40EMORY.EDU%7C0f68dd04e9f34486b7ac08d930f7e5d1%7Ce004fb9cb0a4424fbcd0322606d5df38%7C0%7C0%7C637594663534825532%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=FDFa3WLv1gMi%2FBulJtUY12fIcpzhFf

Placement mapping of APs

[Christina Klam]

All, 
For the upteenth time, we will need to re-map all of our access points in a 
Cisco GUI. Originally they were in Prime. Then we got DNAC and were told to 
migrate them there. But, just found out that you cannot export the mappings 
(blank maps yes, mappings no) from DNACv1 to DNACv2. And as the sync is only 
one way, Prime to DNAC, we cannot seamlessly return to Prime. 

Until Cisco gets their act together, we will do the re-mapping in Prime and 
have that be our source of truth. My question to the community is this. How do 
you handle the AP placement mappings? If there is a better way that manually 
dragging the images to the proper location, I would love to hear it. I see that 
you can use GPS coordinates but how can you get accurate coordinates inside a 
building? Ideally, I would like to create a spreadsheet of AP and locations and 
then upload it to said system. This way if Prime database gets corrupted (which 
has happened) or DNACv2-v3 also is not seamless, we do not have to spend the 
hours remapping everything ... again. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Apple product antenna strength vs other?

[Christina Klam]

On the Mac OS front, I recommend the app AirTool as it allows for captures from 
the client itself. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Enfield, Chuck"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, June 4, 2021 11:14:00 AM 
Subject: Re: [WIRELESS-LAN] Apple product antenna strength vs other? 



Along the same lines as what Lee said, you need to make sure all the client 
devices are connecting to the same AP and radio. I also don’t recommend relying 
on bars for anything. Perhaps there’s a standard for them now, but if there is 
I’m not aware of it. To see the connection details: 



* On Mac, Hold the option key while clicking the wireless icon. 
* On Android, download any of the myriad apps which provide network 
connection details. You can also enable developer options (Google the steps), 
then enable Wi-Fi verbose logging to see more connection details right in the 
wi-fi menu on your device. 
* On Windows, the OS reports Wi-Fi strength in % instead of dB, so I 
recommend an app. If you haven’t purchased any Wi-Fi diagnostic apps for 
Windows, then there’s a free one in the app store called Wi-Fi Analyzer that 
will give you the basic info. I wouldn’t trust everything in the app (it seems 
to think all channels are 20Mhz) but I’ve found the other basic info (channel, 
rssi, protocol, bssid) reliable. 
* Sadly, I’m not aware of how to get any useful network information from 
iOS devices. 







From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Tyler 
Sent: Friday, June 4, 2021 10:43 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Apple product antenna strength vs other? 




Chuck, 

We checked bar strength. Macs were in the 2 nd out of 3 bars. PC’s were getting 
4 out of 5. I didn’t check the phones. We did bandwidth testing and Macs were 
below 10Mb while PC’s were averaging around 150Mb. I did check Airwave for 
possible issues. It suggested a poor SNR value for at least one of the Macs. I 
didn’t know what to make of that since the PC’s were not having that issue. 
Health was not good. 

Also, the Macs would drop connections and sometimes have random difficulty in 
connecting. No issues with the PC’s or droids. 

It was basic testing at this point, but there was no doubt that Macs struggled 
performance wise while PC’s didn’t. I do need to go back and make sure they are 
all using the same AP. I did check on one Mac, but I didn’t verify it for all 
of them. 

Tim 




From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto: [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] ] On Behalf Of Enfield, Chuck 
Sent: Friday, June 4, 2021 9:28 AM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] 
Subject: Re: [WIRELESS-LAN] Apple product antenna strength vs other? 




Tim, 



If you don’t mind my asking, how are you assessing the performance? 



Chuck Enfield 

Manager, Wireless & Cellular 

Penn State IT 

814-863-8715 




From: The EDUCAUSE Wireless Issues Community Group Listserv < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > On Behalf Of Tim Tyler 
Sent: Friday, June 4, 2021 10:18 AM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] 
Subject: [WIRELESS-LAN] Apple product antenna strength vs other? 




Wifi experts, 



We are running Aruba MM with two controllers on 8.7.3. Our AP’s are mostly 
AP-225’s. 

I have had complaints from one of our tech rooms that they were getting a poor 
signal. I finally got around to testing that room out. The location of the AP 
to this room is in an adjacent room. When I test with Windows PC’s and Droid 
phones, the signal and performance is just fine. When we tested with Macs and 
iphones, the signal strength was amazingly weak for all of them. We tested with 
two Macs and two iphones as well as multiple PC’s and Android phones. Only the 
Apple devices had weak signals. Have any of you experienced a weaker antenna 
performance with your Apple devices on your campuses? 



If I put an AP in the room, the Apple devices are fine. But I am surprised I 
would have to do this. I would not have expected Apple devices to have weaker 
antennas. 



I did check in Airwave to make sure at least one of the Macs was still 
connecting to the same AP. Any thoughts from anyone? 





Tim Tyler 

Network Engineer 

Beloit College 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://nam10.safelinks.protec

Re: [WIRELESS-LAN] Cisco Catalyst 9800-CL

[Christina Klam]

Jimmy, 
You are right. The wifi stats for all of the SSIDs together are less than 
500Mbps. So, 2Gbps will suit us fine. And the interface uplinks to the WLC have 
not hit 1Gbps in the last year. 

Thanks for the that direction. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "James Helzerman"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Monday, March 8, 2021 9:34:08 AM 
Subject: Re: [WIRELESS-LAN] Cisco Catalyst 9800-CL 

Hi. Do you currently have wifi or any stats from the past (during normal times) 
to see what your use was before? Without knowing your use trends it's hard to 
say. Looking at my campus usage and taking a 400 AP subsection I would be 
hardpress to go over 2Gbps. YMMV 
-Jimmy 

On Fri, Mar 5, 2021 at 9:31 PM Christina Klam < [ mailto:ck...@ias.edu | 
ck...@ias.edu ] > wrote: 



* Private cloud 
* Central for now but SD-Fabric (as soon as I have time to work on it) 

Thanks, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 



From: "James Helzerman" < [ mailto:jarh...@umich.edu | jarh...@umich.edu ] > 
To: "The EDUCAUSE Wireless Issues Community Group Listserv" < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > 
Sent: Friday, March 5, 2021 10:51:34 AM 
Subject: Re: [WIRELESS-LAN] Cisco Catalyst 9800-CL 

Hi, we do not have these but in a cursory look led me to some questions that 
would be very deterministic if you should be concerned. 


* Will you be using a public or private cloud solution? 
* Will you be using Flex-connect, SD-Fabric or central for the data 
traffic? 

-Jimmy 

On Thu, Mar 4, 2021 at 10:22 AM Christina Klam < [ mailto:ck...@ias.edu | 
ck...@ias.edu ] > wrote: 

BQ_BEGIN

Good Morning, 

Is anyone running Cisco Catalyst 9800-CL? I am concerned about the 2.1/5Gbps 
limitations but do not know if I should be as we have less than 400 APs -- 95% 
of which are in non-conference/classrooms. 

Thank you, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 




-- 
James Helzerman 
Wireless Network Engineer 
University of Michigan - ITS 
Phone: 734-615-9541 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 
BQ_END



-- 
James Helzerman 
Wireless Network Engineer 
University of Michigan - ITS 
Phone: 734-615-9541 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Cisco Catalyst 9800-CL

[Christina Klam]

* Private cloud 
* Central for now but SD-Fabric (as soon as I have time to work on it) 

Thanks, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "James Helzerman"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, March 5, 2021 10:51:34 AM 
Subject: Re: [WIRELESS-LAN] Cisco Catalyst 9800-CL 

Hi, we do not have these but in a cursory look led me to some questions that 
would be very deterministic if you should be concerned. 


* Will you be using a public or private cloud solution? 
* Will you be using Flex-connect, SD-Fabric or central for the data 
traffic? 

-Jimmy 

On Thu, Mar 4, 2021 at 10:22 AM Christina Klam < [ mailto:ck...@ias.edu | 
ck...@ias.edu ] > wrote: 



Good Morning, 

Is anyone running Cisco Catalyst 9800-CL? I am concerned about the 2.1/5Gbps 
limitations but do not know if I should be as we have less than 400 APs -- 95% 
of which are in non-conference/classrooms. 

Thank you, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 




-- 
James Helzerman 
Wireless Network Engineer 
University of Michigan - ITS 
Phone: 734-615-9541 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco Catalyst 9800-CL

[Christina Klam]

Good Morning, 

Is anyone running Cisco Catalyst 9800-CL? I am concerned about the 2.1/5Gbps 
limitations but do not know if I should be as we have less than 400 APs -- 95% 
of which are in non-conference/classrooms. 

Thank you, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco Trainings on converting WLC Air-OS to IOS-XE

[Christina Klam]

All, 
Cisco must have heard our concerns. I just got an email about a set of 
trainings for transitioning to 9800s. 
https://web.cvent.com/event/bcba04b5-6a9b-4a17-ac1e-ae718fd184bd/websitePage:53f5a941-4c4c-4a6f-8787-38f44a092bb4
 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] ISE version

[Christina Klam]

Thanks. I have already postponed the upgrade from September to December. I can 
wait some more. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Heavrin, Lynn"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Thursday, December 10, 2020 1:27:21 PM 
Subject: Re: [WIRELESS-LAN] ISE version 



Wait for 2.7 patch 3 at least. There’s a few major bugs that are being fixed. 
It’s “supposed” to be released in December…but we’re 10 days in already and 
nothing so far. 




From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Craig Eyre  
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
 
Date: Thursday, December 10, 2020 at 11:53 AM 
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  
Subject: Re: [WIRELESS-LAN] ISE version 





ISE 3.0 is a major licensing change so I'd talk to your SE for the details. I 
believe your current base licenses "which are owned" will expire after a 
certain period of time and you are forced to buy new ones. 





I'd stick with 2.7 for the awhile as it seems to be stable 





Craig 





On Thu, Dec 10, 2020 at 10:27 AM Ethan Grinnell < [ mailto:grinn...@pdx.edu | 
grinn...@pdx.edu ] > wrote: 





I asked one of our Cisco reps if he had any idea when we should consider 
upgrading to 3.0. He'd been told that 2.7 is supposed to be a long lived 
release. I think we'll be safe there for a while. He also said that they like 
to only have 3 release trains in development. 





I havent tried 3.0 yet, but 2.7 has been good so far. 


Ethan Grinnell 
CCIE R #39723, BS CmpE 
Network Engineer 
Office of Information Technology, Technology Infrastructure, Networking 
Portland State University 
503-725-3205 





On Thu, Dec 10, 2020, 8:33 AM Christina Klam < [ mailto:ck...@ias.edu | 
ck...@ias.edu ] > wrote: 

BQ_BEGIN



All, 


We are running 2.6.0.156 version of ISE. We are scheduled to upgrade it over 
the Winter Break. 






I see that 3.0 is out. The demos of it look great. But it is not Safe Harbor 
yet. 2.7 is still the preferred version in [ http://cisco.com/ | cisco.com ] . 
We do not want to upgrade to 2.7 to only have to do it again in a month or so. 
But we also cannot risk to go bleeding edge and have eduroam stop working. 





Has anyone upgrade to 3.0 and can share their experience? 





Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 




** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 
BQ_END









-- 


Craig Eyre 
Network Analyst 
IT Services Department 
Mount Royal University 
4825 Mount Royal Gate SW 
Calgary AB T2P 3T5 

P. 403.440.5199 
E. [ mailto:ce...@mtroyal.ca | ce...@mtroyal.ca ] 

"The difference between a successful person and others is not a lack of 
strength, not a lack of knowledge, but rather in a lack of will." Vincent T. 
Lombardi" 





MRU IT Services will NEVER ask you for your password or to update or verify 
your email account through an email. DO NOT click any links in an email asking 
you to update or verify your email account. 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 








The materials in this message are private and may contain Protected Healthcare 
Information or other information of a sensitive nature. If you are not the 
intended recipient, be advised that any unauthorized use, disclosure, copying 
or the taking of any action in reliance on the contents of this information is 
strictly prohibited. If you have received this email in error, please 
immediately notify the sender via telephone or return mail. 

** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the messa

Re: [WIRELESS-LAN] ISE version

[Christina Klam]

Ethan, 
Thank you for that. I will plan to upgrade to 2.7 then. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Ethan Grinnell"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Thursday, December 10, 2020 12:27:08 PM 
Subject: Re: [WIRELESS-LAN] ISE version 

I asked one of our Cisco reps if he had any idea when we should consider 
upgrading to 3.0. He'd been told that 2.7 is supposed to be a long lived 
release. I think we'll be safe there for a while. He also said that they like 
to only have 3 release trains in development. 

I havent tried 3.0 yet, but 2.7 has been good so far. 

Ethan Grinnell 
CCIE R #39723, BS CmpE 
Network Engineer 
Office of Information Technology, Technology Infrastructure, Networking 
Portland State University 
503-725-3205 

On Thu, Dec 10, 2020, 8:33 AM Christina Klam < [ mailto:ck...@ias.edu | 
ck...@ias.edu ] > wrote: 



All, 
We are running 2.6.0.156 version of ISE. We are scheduled to upgrade it over 
the Winter Break. 

I see that 3.0 is out. The demos of it look great. But it is not Safe Harbor 
yet. 2.7 is still the preferred version in [ http://cisco.com/ | cisco.com ] . 
We do not want to upgrade to 2.7 to only have to do it again in a month or so. 
But we also cannot risk to go bleeding edge and have eduroam stop working. 
Has anyone upgrade to 3.0 and can share their experience? 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
[ mailto:ck...@ias.edu | ck...@ias.edu ] 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 




** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

ISE version

[Christina Klam]

All, 
We are running 2.6.0.156 version of ISE. We are scheduled to upgrade it over 
the Winter Break. 

I see that 3.0 is out. The demos of it look great. But it is not Safe Harbor 
yet. 2.7 is still the preferred version in cisco.com. We do not want to upgrade 
to 2.7 to only have to do it again in a month or so. But we also cannot risk to 
go bleeding edge and have eduroam stop working. 

Has anyone upgrade to 3.0 and can share their experience? 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Cisco ISE radius proxy service for eduroam?

[Christina Klam]

All, 
Do we know if this bug has been addressed to ISE 3.0? 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Madden, James" <020a55f6eda9-dmarc-requ...@listserv.educause.edu> 
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Tuesday, December 8, 2020 4:58:10 PM 
Subject: Re: [WIRELESS-LAN] Cisco ISE radius proxy service for eduroam? 




On Dec 8, 2020, at 07:20, Drew Ratliff < [ mailto:djrat...@unca.edu | 
djrat...@unca.edu ] > wrote: 

Hello all! 

Here at UNCA we just received and starting using Cisco ISE for our tacacs and 
radius services. However, we started running into issues using ISE as a radius 
proxy service for Eduroam. 

Currently, our certificates are managed through another service, XpressConnect, 
used for onboarding and certificate management. When attempting to use the 
radius proxy service to push authentication requests to XpressConnect we are 
encountering problems similar to a known bug with ISE 2.7 (Bug info here: [ 
https://urldefense.com/v3/__https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu67106/__;!!Mih3wA!RGVAdat78tGeULRoXdwYa9bRvqB-uMbr_QTsiyupHwrng4wYH-eHJFxzAiMxSQM$
 | https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu67106/ ] ). We have 
explored a workaround using the radius token service but this limits the use of 
eduroam to only UNCA domain as the token decrypts and uses certificates to 
trust the authentication request. 

Cisco has told us that a patch for this bug should be released around mid 
January, so we are standing by for that. But I was wondering what other 
universities using ISE were doing for eduroam, and specifically using it as a 
radius proxy service. Is there a work around that we haven't explored yet? Or 
are they running a version of ISE where this bug is not an issue? 

Really any information or experience would be helpful... thanks everyone! 





If the problem really is like the DUO one in that bug ID, we solved it by 
changing the timeouts that our ISE servers use for proxied DUO sessions to a 
few seconds longer than the DUO push timeout so that ISE doesn’t drop the 
rejects. That might not be practical for the general eduroam proxies I suppose. 

We do use ISE successfully with eduroam proxies in the usual way to allow 
visitors to authenticate against their home authentication systems. We use 15 
second timeouts for those activities and haven’t had problems (that we know 
about.) 


BQ_BEGIN

BQ_END



BQ_BEGIN

Drew 

-- 
Drew Ratliff 
Network Administrator 
UNC Asheville ITS 
828-251-6624 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://urldefense.com/v3/__https://www.educause.edu/community__;!!Mih3wA!RGVAdat78tGeULRoXdwYa9bRvqB-uMbr_QTsiyupHwrng4wYH-eHJFxzjfCxuhU$
 | 
https://www.educause.edu/community ] 

BQ_END




** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Transitioning from older controller to new controller

[Christina Klam]

I want in. 

Thank you, 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Brahim Bouchaiba"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, October 9, 2020 12:07:12 PM 
Subject: Re: [WIRELESS-LAN] Transitioning from older controller to new 
controller 

I like to be added also. 
Thanks. 

On Fri, Oct 9, 2020 at 11:27 AM Jesse Thomas < [ mailto:jtho...@hamilton.edu | 
jtho...@hamilton.edu ] > wrote: 



Same here - we're moving from WiSM2 to 9840. 
Thanks, 


-- 
Jesse Thomas 
Network & Systems Administrator 
Hamilton College 
315-859-4211 


On Fri, Oct 9, 2020 at 10:44 AM Slone, Kelly < [ 
mailto:kelly.sl...@marshall.edu | kelly.sl...@marshall.edu ] > wrote: 

BQ_BEGIN



I would also like to be included. 



Thank you, 




Kelly Slone, B.S., MCP 

IT Infrastructure Engineer 

Marshall University Information Technology 

Drinko Library DL 436 

Office: 304-696-6109 

Helpdesk: 304-696-3200 

[ mailto:slon...@marshall.edu | slon...@marshall.edu ] 







From: The EDUCAUSE Wireless Issues Community Group Listserv < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > 
Date: Friday, October 9, 2020 at 10:30 AM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > 
Subject: Re: [WIRELESS-LAN] Transitioning from older controller to new 
controller 


Sounds like I might need to set up a general session. I'll catch Don and Abbas 
early next week, but if there's other interest, I'm happy to do a wider 
discussion after a bit of preparation. I'll send out an invite for signups when 
I'm ready next week. 





On Fri, Oct 9, 2020 at 7:27 AM Floyd, Brad < [ mailto:bfl...@mail.smu.edu | 
bfl...@mail.smu.edu ] > wrote: 

BQ_BEGIN



Mike, 

Per our recent conversation about this topic, yes please add me to the invite 
list. 

Thanks, 

Brad 




From: The EDUCAUSE Wireless Issues Community Group Listserv [mailto: [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] ] On Behalf Of Mike Atkins 
Sent: Friday, October 09, 2020 9:08 AM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] 
Subject: Re: [WIRELESS-LAN] Transitioning from older controller to new 
controller 





[EXTERNAL SENDER] 





I’ve reached out to a few schools individually on this very topic. Would the 
group want to do a Zoom session on this? 












Mike Atkins 

Network Engineer 

Office of Information Technology 

University of Notre Dame 





From: The EDUCAUSE Wireless Issues Community Group Listserv < [ 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
] > On Behalf Of Sullivan, Don 
Sent: Friday, October 9, 2020 9:01 AM 
To: [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU | 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] 
Subject: [WIRELESS-LAN] Transitioning from older controller to new controller 




We are in the process of upgrading our wireless from a Cisco 8510 to a Cisco 
9800-80. I wanted to query those on this list who have already gone through 
this process about any lessons learned that would have been nice to know before 
transitioning your existing AP inventory that is compliant with the new 
hardware. I am building the configuration for the 9800 from scratch and it has 
been a challenge learning the new concepts for configuring this type of 
controller, so I was hoping to see what others have learned from the 
experience. Any thoughts would be appreciated. 




Don Sullivan 

Network Administrator 

Technology Services 



205-726-2111 | office 

[ mailto:dsulli...@samford.edu | dsulli...@samford.edu ] 

[ http://linkedin.com/in/donaldasullivan | LinkedIn ] 

[ 
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.samford.edu=E,1,I2ogcaEWhyAWbSyyzh5EvDozbcmyAre1BmFhiV8jVJb4kuysGbQDi0kuk8CkMVqZwzdVsZu9mCfNX51eDp_ssxegOMX0QNi6Dg3nOVrobw0,=1
 | www.samford.edu ] 

[ https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US 
| 800 Lakeshore Drive
Birmingham, AL 35229 ] 






** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.educause.edu%2fcommunity=E,1,Ujs475imC45JeiZtd2yqAwzgLBLzGRGkwLueAC793nI7GqYiltcEjSNWjam6cDyLyhu0StFV6vwogjGMcZ0_jzOwX3RZNBnfDnFsU6IalBZsops,=1
 | 
https://www.educause.edu/community ] 

** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the messag

Re: [WIRELESS-LAN] WLC 8.10.121 Deferred

[Christina Klam]

All, 

FYI: I noticed that "over-the-ds" setting changed when we upgraded from 8.5 to 
8.10.121.0. There may be other settings that changed as well. 


Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Mallon, Jason"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, June 26, 2020 10:24:20 AM 
Subject: Re: [WIRELESS-LAN] WLC 8.10.121 Deferred 

Paul, 
Are you by any chance running WPA2 + WPA3 Enterprise with both the WPA2 and 
WPA3 boxes checked? We are currently on 8.10.121 and seeing this issue as well 
primarily with Windows devices. I have not seen any issues with Macs and 
authentication. 



Jason Mallon 

Network Engineer III, OIT 

[ https://www.ua.edu/ | The University of Alabama 
 ] [ mailto:jemal...@ua.edu | jemal...@ua.edu ] 


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Paul Smith 
 
Sent: Friday, June 26, 2020 9:44 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  
Subject: [EXTERNAL] Re: [WIRELESS-LAN] WLC 8.10.121 Deferred 
We were running 8.10.121 on our 5520 and began having authentication issues. It 
is weird because radius isn't even seeing the attempts (or weren't logging 
rejections). The behavior persists even using local authentication. Eventually 
we can get the clients to connect, but it takes a number of attempts. It's very 
frustrating. 

Cisco had us upgrade to 8.10.122, but the problem still persists. We would roll 
back, but we have 9130's on the campus now and we need 8.10.122 to manage them. 

Such a headache right now. 

Paul Smith 
Network Administrator 
Marian University 
psmi...@marian.edu 
317.955.6069 

** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC 8.10.121 Deferred

[Christina Klam]

We had the EXACT same issue in April. TAC was useless. We just rolled back to 
the earlier train, 8.5.161 in order to get everyone connecting again. 

As we are hoping to move back to the 8.10.X train this summer to get the DNAC 
benefits again, I will continue to watch this thread. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
(m) +1 609-751-7899 
(o) +1 609-734-8154 
ck...@ias.edu 



From: "Paul Smith"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, June 26, 2020 9:44:32 AM 
Subject: Re: [WIRELESS-LAN] WLC 8.10.121 Deferred 

We were running 8.10.121 on our 5520 and began having authentication issues. It 
is weird because radius isn't even seeing the attempts (or weren't logging 
rejections). The behavior persists even using local authentication. Eventually 
we can get the clients to connect, but it takes a number of attempts. It's very 
frustrating. 

Cisco had us upgrade to 8.10.122, but the problem still persists. We would roll 
back, but we have 9130's on the campus now and we need 8.10.122 to manage them. 

Such a headache right now. 

Paul Smith 
Network Administrator 
Marian University 
psmi...@marian.edu 
317.955.6069 

** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] model 2800 AP with (Radio Role Assignment = Auto), 5Ghz on same channel ?

[Christina Klam]

+1 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



From: "Hurdle, Chris"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Tuesday, March 3, 2020 3:00:19 PM 
Subject: Re: [WIRELESS-LAN] model 2800 AP with (Radio Role Assignment = Auto), 
5Ghz on same channel ? 



We are experiencing similar issues, but with other models and 2.4GHz as well. 
We just upgraded to version 8.5.161.0 and it didn’t resolve the issue. We 
currently have a TAC case open to see if it is a bug or can be resolved. 



___ 

Chris Hurdle 

Network Administrator 

ECU | Information Technology & Computing Services (ITCS) 

Greenville, NC 27858-1125 



[ mailto:hurd...@ecu.edu | hurd...@ecu.edu ] | [ 
https://mail.ias.edu/zimbra/ecu.edu/itcs | ecu.edu/itcs ] 



___ 








From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Will Dawes 
Sent: Tuesday, March 3, 2020 11:46 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] model 2800 AP with (Radio Role Assignment = Auto), 5Ghz 
on same channel ? 




This email originated from outside ECU. 




If this is a known reported bug already, then pardon me, otherwise this is a 
poll to see it anyone else has this issue … 



Anyone using the 2802i AP, and on the “slot 0” XOR interface, if you have it 
set to (Radio Role Assignment = Auto) … can you check to see if the controller 
is setting the 5GHz channel of these APs, to all the same channel ? (Sometimes 
they are all set to 36, sometimes it’s 149.) Our 8540 WLC is at release 
8.5.160.0. 



It's as easy workaround to change the Radio Role Assignment to Manual/(Client 
Serving) and then decide what band (2.4Ghz/5Ghz) is more appropriate. After 
doing so, the controller usually makes better channel assignment decisions. 



In some cases, one may want to make this judgement call (to do a Manual role 
assignment), based on design factors such as “we already have enough 2.4Ghz 
radios in this space.” However, the use of the Auto Assignment role (letting 
the controller do the “driving”, with FRA – Flexible Radio Assignment), may 
also be desirable. 



-- 

Will Dawes 

Wireless Network Engineer 

Louisiana State University 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Churdlec%40ECU.EDU%7Cded2367daae04315695a08d7bf925a03%7C17143cbb385c4c45a36ac65b72e3eae8%7C1%7C0%7C637188507616113377=bnlWBzMDPbPy94Wa6JFbJ3iBY%2FF%2Fm4Gx4zwsikOx%2BDM%3D=0
 | 
https://www.educause.edu/community ] 


** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wireless Instability issues?

[Christina Klam]

Carlo

Can you send more information on the Apple ARP issue you are referring to?  We 
may be hitting it to on our Meraki network. 

Thanks 
Christina 

Sent from my iPhone

> On Jan 13, 2020, at 05:09, Carlo Terminiello  wrote:
> 
> 
> Hi,
>  
> Sounds similar to the Apple ARP spoofing problem from the summer that hit a 
> few manufacturers that use local switching models, I’d start with checking 
> ARP tables on client, AP, switch, router to make sure everything is as it 
> should be.
>  
> Rgds
>  
> Carlo
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  on behalf of "Glassman, Stephen" 
> 
> Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
> 
> Date: Saturday, 11 January 2020 at 15:18
> To: 
> Subject: Re: [WIRELESS-LAN] Wireless Instability issues?
>  
> Hi John,
>  
> We’ve experienced intermittent issues with our AP230’s since around 
> Thanksgiving but are only hearing about it from others-we have not witnessed 
> the issue first hand.  The symptom seems to be that the client is connected 
> but cannot get to the internet or if they can it’s really slow but the issue 
> seems to come and go and it’s certainly not affecting everyone….
> 
> 
> On Jan 11, 2020, at 1:01 AM, John Rodkey  wrote:
>  
> Are others who are  using Aerohive 650 experiencing instability issues?  We 
> have experienced a rather extensive problem that came with sudden onset about 
> 1/4/2020 .
> Clients appear to be able to connect to the AP, get an IP and are able to 
> ping the default gateway, but not beyond.  The ethernet network is 
> unaffected, and the gateway is able to ping the rest of the network and the 
> AP, but not the client.
>  
> John
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community
> 
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Joining Sonos to a campus network

[Christina Klam]

All, 

Over the last few years, we have had to get a number of Sonos devices 
connected. Each version of Sonos has its own special onboarding charm. I am 
clearly not a fan. Here is what we have on our website: [ 
https://www.ias.edu/wireless-resources | https://www.ias.edu/wireless-resources 
] On our Cisco WLC, we have had to add the service type _sonos.tcp.local. to 
mDNS. 



Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



From: "Paul Reimer"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Wednesday, November 27, 2019 11:34:25 AM 
Subject: [WIRELESS-LAN] Joining Sonos to a campus network 



Hi everyone, 



I was wondering how you’re managing actually joining Sonos products to your 
network. If you’ve had the pleasure of setting some of these up you may know 
why I need to ask. 



They don’t really like to individually be directed to join a network and they 
don’t really have a UI that just lets you log in a manage a units network 
connection. 



The best I’ve come up with is a kind of convoluted process that requires 
setting them up wired first and then directing the set you want to manage with 
a given (newly required) user account to join the network at the same time. 



I think there’s also differences between product lines. So far my experience is 
with Play:1’s, Play:5’s, and Connects which our process works with. 



Thanks, 



Paul Reimer 

UW-IT | Network Design and Architecture 

Wi-Fi Engineer 

4545 15 th AVE NE Seattle, WA 98105 
Office 206.543.8902 | Mobile 850.408.0747 

[ mailto:prei...@uw.edu | prei...@uw.edu ] 






** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13

[Christina Klam]

I agree.   We tried the scalpel approach but gave up and moved to the hatchet.  
  

Sent from my iPhone

> On Nov 14, 2019, at 10:23, Coehoorn, Joel  wrote:
> 
> 
> Bypassing icloud.com and gstatic.com open up some pretty big holes  :/
> 
> 
> 
> Joel Coehoorn
> Director of Information Technology
> 402.363.5603
> jcoeho...@york.edu
> Please contact helpd...@york.edu for technical assistance.
> 
> The mission of York College is to transform lives through Christ-centered 
> education and to equip students for lifelong service to God, family, and 
> society
> 
> 
>> On Thu, Nov 14, 2019 at 9:02 AM Christina Klam  wrote:
>> All,
>> 
>> We were able to resolve this issue by NOT sending the following domains 
>> through our web proxy servers.  
>> 
>> *.icloud.com
>> *.apple.com
>> *.google.com
>> *.gmail.com
>> *.googleapis.com
>> *.gstatic.com
>> *.yahoo.com
>> 
>> 
>> Christina Klam
>> Network Engineer
>> Institute for Advanced Study
>> 1 Einstein Dr
>> Princeton, NJ 08540
>> +1 609-734-8154
>> ck...@ias.edu
>> 
>> 
>> From: "C. Klam" 
>> To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
>> 
>> Sent: Wednesday, November 13, 2019 4:23:22 PM
>> Subject: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13
>> 
>> All,
>> 
>> Has anyone experienced this issue and have a solution?  With IOS 13, people 
>> are no longer able to send or receive emails from google or yahoo through 
>> the Mail app.  If they try accessing gmail or yahoo mail through the 
>> specifically branded app or a web browser, everything is fine.We have 
>> narrowed down the issue even further.  The problem only happens when the 
>> iPhone is using a proxy server.   We even tried bypassing the proxy all 
>> together for p*-mailws.icloud.com, but that has not helped.
>> 
>> Christina Klam
>> Network Engineer
>> Institute for Advanced Study
>> 1 Einstein Dr
>> Princeton, NJ 08540
>> +1 609-734-8154
>> ck...@ias.edu
>> 
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire community 
>> list. If you want to reply only to the person who sent the message, copy and 
>> paste their email address and forward the email reply. Additional 
>> participation and subscription information can be found at 
>> https://www.educause.edu/community
>> 
>> 
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire community 
>> list. If you want to reply only to the person who sent the message, copy and 
>> paste their email address and forward the email reply. Additional 
>> participation and subscription information can be found at 
>> https://www.educause.edu/community
>> 
> 
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire community 
> list. If you want to reply only to the person who sent the message, copy and 
> paste their email address and forward the email reply. Additional 
> participation and subscription information can be found at 
> https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13

[Christina Klam]

All, 

We were able to resolve this issue by NOT sending the following domains through 
our web proxy servers. 

*.icloud.com 
*.apple.com 
*.google.com 
*.gmail.com 
*.googleapis.com 
*.gstatic.com 
*.yahoo.com 


Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



From: "C. Klam"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Wednesday, November 13, 2019 4:23:22 PM 
Subject: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13 

All, 

Has anyone experienced this issue and have a solution? With IOS 13, people are 
no longer able to send or receive emails from google or yahoo through the Mail 
app. If they try accessing gmail or yahoo mail through the specifically branded 
app or a web browser, everything is fine. We have narrowed down the issue even 
further. The problem only happens when the iPhone is using a proxy server. We 
even tried bypassing the proxy all together for p*-mailws.icloud.com, but that 
has not helped. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Mail to gmail and yahoo stopped working after IOS 13

[Christina Klam]

All, 

Has anyone experienced this issue and have a solution? With IOS 13, people are 
no longer able to send or receive emails from google or yahoo through the Mail 
app. If they try accessing gmail or yahoo mail through the specifically branded 
app or a web browser, everything is fine. We have narrowed down the issue even 
further. The problem only happens when the iPhone is using a proxy server. We 
even tried bypassing the proxy all together for p*-mailws.icloud.com, but that 
has not helped. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

ISE errors 5440 for guests using eduroam

[Christina Klam]

As many of you have mentioned, the following message is very common in the ISE 
logs, "5440 Endpoint abandoned EAP session and started new." Our logs are full 
of that message for an clients that eventually joins one second later. I have 
noticed that it is far more common for guests using eduroam on our campus -- 
where their IDP is another university. Is there a setting we can make to 
improve or stop these messages? 

Thank you, 
Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WLC & ISE combo issues

[Christina Klam]

Mathieu, 

What version of ISE and WLC are you running? We had a memory leak in ISE 2.6 
which was causing latency. About a month ago, we patched and then had TAC do a 
manual cleanup of the db. So far so good. 

Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



From: "Mathieu Sturm"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Tuesday, October 8, 2019 2:50:13 PM 
Subject: [WIRELESS-LAN] WLC & ISE combo issues 



Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes). 



We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations. 



The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher). 

I can see the following worrying log message in the wlc: 



RADIUS auth-server X.X.X.X unavailable 



Or 



These logs in the ISE 



5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session. 

12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message 





It looks like there is some sort of bottleneck between WLC and ISE. 



Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total). 



Any ideas? 



Mathieu Sturm 
Hoofdmedewerker Netwerkbeheer 



Directie Financiën, Infrastructuur en IT 

Afdeling Netwerkbeheer 

Campus Schoonmeerssen - Gebouw B Lokaal B0.75 

Valentin Vaerwyckweg 1 - 9000 Gent 

+32 9 243 35 23 

[ 
https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0
 | www.hogent.be ] 




** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at [ 
https://www.educause.edu/community | https://www.educause.edu/community ] 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] WiFi failures due to eduroam profiles

[Christina Klam]

As a tangent "answer" to the original question: We have found that ONE eduroam 
profile per device is the best (and many times the only) solution. And, how 
they onboard is immaterial. 

If someone keeps their home institution's eduroam profile, it will work fine 
and dandy but they will not get the extra privileges and resources associated 
with using our eduroam profile. 


Christina Klam 
Network Engineer 
Institute for Advanced Study 
1 Einstein Dr 
Princeton, NJ 08540 
+1 609-734-8154 
ck...@ias.edu 



From: "Anderson, Charles R"  
To: "The EDUCAUSE Wireless Issues Community Group Listserv" 
 
Sent: Friday, September 20, 2019 5:57:36 PM 
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] WiFi failures due to 
eduroam profiles 

I'm not following either. We onboard both profiles with the same EAP-TLS certs, 
although we are using SecureW2 (just moved from CloudPath). It matters not 
which one the user's device connects to locally--they both drop the user on the 
same network. If we were to eventually drop our branded SSID, we'd just 
reconfigure the onboarding tool to configure only eduroam, but still use the 
same configuration/certs otherwise. 

On Fri, Sep 20, 2019 at 04:01:32PM -0400, Michael Davis wrote: 
> We onboard EAP-TLS to eduroam. I'm not following this progression of 
> events. 
> 
> On 9/20/19 3:47 PM, Aaron Abitia wrote: 
> > 
> > Hello all, Aaron from Cal Poly, San Luis Obispo here... 
> > 
> > 
> > We just went all eduroam and turned off our primary branded dot1x 
> > SSID, which featured Aruba Clearpass EAP-TLS Onboarding of devices. 
> > Because Onboarding is now gone, my question is about the eduroam CAT 
> > tool…I believe reasons for using it would be to mitigate 
> > man-in-the-middle attacks, to get rid of the red “Not Verified” iOS 
> > message and to otherwise insulate the user from manually accepting our 
> > RADIUS certificate. 
> > 
> > 
> > However, I’m wondering about usability once our users leave our 
> > campus. We have seen users here from other universities who are 
> > unable to connect to eduroam, and we find that they are running a 
> > profile from their home university, though we’re not sure if its the 
> > eduroam CAT tool or another installer. Once we remove their profile, 
> > they are able to get on eduroam. I believe that if an organization is 
> > using a profile and that profile lists the RADIUS server(s) from that 
> > organization for the eduroam connection, the user may or may not be 
> > dead until that profile is removed, depending on what’s in the 
> > profile; if all that’s in the profile is the organization’s RADIUS 
> > servers, the user should still work here, but if there’s other 
> > elements in that profile, the user could fail, which we’ve seen, but 
> > I’m trying to identify what precisely in the profile could cause the 
> > failure to connect. Would anyone have any insight into this? 
> > 
> > 
> > We have many other eduroam users from other organizations that work 
> > fine here, presumably because no profile is being used and the user 
> > has just manually connected at home and here at our school. I would 
> > also be interested in hearing about the eduroam CAT tool from anyone 
> > using it, or other config tools used by anyone and the reasons for it, 
> > beyond what I’ve mentioned above. 
> > 
> > 
> > Many thanks. 

** 
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] 802.11R

[Christina Klam]

Another question, has anyone installed 8.3.143.0 yet?  It seems to have a 
number of fixes for 2800/3800.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu

- Original Message -
From: "C. Klam" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, August 28, 2018 4:45:56 PM
Subject: Re: [WIRELESS-LAN] 802.11R

Jamie,

Can you describe more the IPV6 issue with 8.3.133.0?  For about a year we have 
been running that code.  And strangely enough, we have had issues with iOS not 
staying connected when roaming.  As all modern systems try IPv6 before IPv4, if 
there is an issue with IPv6, this would explain the delay.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu

- Original Message -
From: "Price, Jamie G" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, August 28, 2018 4:34:18 PM
Subject: Re: [WIRELESS-LAN] 802.11R

We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0.

We are running 802.11k/v/r and it has made a tremendous difference in our 
roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with 
IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a 
production network- but it will be once we can find code without this bug. 
Otherwise 8.3.133.0 has been great.

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Joseph Bernard
Sent: Tuesday, August 28, 2018 1:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11R

Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today’s class changes.  While this isn’t answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is “config radius ext-source-ports enable”.

On 8540’s, you should see this if it’s on:

(Cisco Controller) >show radius queue

Max Radius Queues Per Server. 16
…[snip]…


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Phillips, Rick" 
mailto:rick.phill...@uky.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, August 28, 2018 at 3:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 802.11R

We recently promoted eduroam to the primary network at the University of 
Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) 
and Cisco ISE for portals, authentication and authorization. We were seeing the 
ISE authentication service jump up in latency and we would get calls that users 
could not connect to eduroam. We have determined that our size and number of 
authentications, particularly at each class change event, are such that we 
should be using hardware load balancing. We are in process of setting that up 
but each class transition results in a short period where authentication 
latency can get to be a problem and users have a less than desirable 
experience. During the time we are building this out our engineers are wanting 
to enable 802.11R (Fast Transition) on our controllers. We currently do not 
support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and 
we have heard other have issues with this code release. While we are not 
experiencing the same results or hitting the same bugs, I am concerned that 
turning on this feature might have ramifications related to the code release we 
are running.

My question to the group is who has used 802.11R and would you be willing to 
shoot me a private message with configuration and/or your results?

Thanks in advance,

Rick

Rick Phillips
Executive Director, Networking & Infrastructure
Information Technology Services
University of Kentucky
301 Rose St. Hardymon Building Rm 102
Lexington, KY 40506-0496
(859) 257-4106 (Office)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Const

Re: [WIRELESS-LAN] 802.11R

[Christina Klam]

Jamie,

Can you describe more the IPV6 issue with 8.3.133.0?  For about a year we have 
been running that code.  And strangely enough, we have had issues with iOS not 
staying connected when roaming.  As all modern systems try IPv6 before IPv4, if 
there is an issue with IPv6, this would explain the delay.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu

- Original Message -
From: "Price, Jamie G" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, August 28, 2018 4:34:18 PM
Subject: Re: [WIRELESS-LAN] 802.11R

We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0.

We are running 802.11k/v/r and it has made a tremendous difference in our 
roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with 
IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a 
production network- but it will be once we can find code without this bug. 
Otherwise 8.3.133.0 has been great.

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Joseph Bernard
Sent: Tuesday, August 28, 2018 1:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11R

Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today’s class changes.  While this isn’t answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is “config radius ext-source-ports enable”.

On 8540’s, you should see this if it’s on:

(Cisco Controller) >show radius queue

Max Radius Queues Per Server. 16
…[snip]…


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Phillips, Rick" 
mailto:rick.phill...@uky.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, August 28, 2018 at 3:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 802.11R

We recently promoted eduroam to the primary network at the University of 
Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) 
and Cisco ISE for portals, authentication and authorization. We were seeing the 
ISE authentication service jump up in latency and we would get calls that users 
could not connect to eduroam. We have determined that our size and number of 
authentications, particularly at each class change event, are such that we 
should be using hardware load balancing. We are in process of setting that up 
but each class transition results in a short period where authentication 
latency can get to be a problem and users have a less than desirable 
experience. During the time we are building this out our engineers are wanting 
to enable 802.11R (Fast Transition) on our controllers. We currently do not 
support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and 
we have heard other have issues with this code release. While we are not 
experiencing the same results or hitting the same bugs, I am concerned that 
turning on this feature might have ramifications related to the code release we 
are running.

My question to the group is who has used 802.11R and would you be willing to 
shoot me a private message with configuration and/or your results?

Thanks in advance,

Rick

Rick Phillips
Executive Director, Networking & Infrastructure
Information Technology Services
University of Kentucky
301 Rose St. Hardymon Building Rm 102
Lexington, KY 40506-0496
(859) 257-4106 (Office)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

PaperCut with Cisco 5508 issues

[Christina Klam]

I am hitting my head here trying to figure out why we cannot access the 
PaperCut printers on our eduroam SSID or our other open SSID.  We only see the 
printers on the SSID which is our multicast-interface in the WLC.  However, 
when I use a mDNS browser, I do not see our DNS sub zone, 
pc-printer-discovery.[domain] which has ipps._tcp, b._dns-sd._udp, 
lb._dns-sd._udp defined.   I am using the same mdns profile and multicast 
interface on all of the WLANs/interfaces.

Any guidance would be greatly appreciated,

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Meraki AP connectivity to eduroam

[Christina Klam]

Listening with great anticipation.  

We are hoping to get eduroam up and running at our remote sites — which both 
use Meraki.As we are not using the wireless concentrator option in Meraki, 
we have listed every AP in our clients file.  This may be fine for now but will 
be  burdensome if we expand our use Meraki. 

Regards
Christina

Sent from my iPhone

> On Jul 27, 2018, at 05:16, Mike Atkins  wrote:
> 
> Our radius admin would define the management subnet of the Meraki APs in our 
> radius server configuration.
> 
> 
> 
> 
> 
> 
> 
> ---Mike Atkins
> sent from phone
> 
>> On Jul 27, 2018, at 3:21 AM, Mark McNeil [Staff]  wrote:
>> 
>> Hi everyone,
>>  I'm wondering if someone can provide a little clarity on configuring 
>> Meraki to connect to eduroam. The documentation states that 
>> 
>> " The MR's will need to be defined on the RADIUS server as RADIUS clients 
>> (consult RADIUS server documentation to complete this step). "
>> 
>> I take this to mean that I will need to define all my AP's, in my case 
>> MR42's, in my local RADIUS. Is this correct or is there another way around 
>> this on the Meraki. I only have 33 AP's but seems there should be another 
>> way. 
>> 
>> Any help is appreciated.
>> 
>> Thanks
>> 
>> Mark
>> 
>> -- 
>>  
>> Mark McNeil   
>> Director, Network Engineering and Operations 
>> Fordham University | Fordham IT 
>> Tel: 718-817-3763 
>> Business Office: 718-817-3750 
>> Fax: 718-817-5775 
>> email: mcn...@fordham.edu 
>> http://www.fordham.edu 
>> _  
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/discuss.
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Looking for vendor in Park City, UT area to setup wireless for a conference

[Christina Klam]

All,

One of our departments will be having a large conference in Park City, UH in 
July.  From their past experience at the site, they know the quality of the 
wireless networking is very poor.  Fortunately, the conference center says we 
can setup our own wireless for the event.  However, as we are in NJ and the 
conference is in UT, we would much prefer to hire a company to do this.   Does 
anyone have a vendor in the Park City area that they like?


Thank you,
Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Photos of outdoor APs on building

[Christina Klam]

Hector,

Thank you for the laugh!

--Christina

- Original Message -
From: "Hector J Rios" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, May 15, 2018 4:30:38 PM
Subject: Re: [WIRELESS-LAN] Photos of outdoor APs on building

Ok guys, enough of these super professional examples of amazing outdoor 
installations (they are truly amazing). Here is an example of what not to use. 
A local company doing work for one of our departments, just could not come up 
with a solution to mount a Ubiquiti radio. So what did they do? They bought a 
bathtub grab bar. Yep.
Hector Rios
Louisiana State University


On Tue, May 8, 2018 at 6:25 AM Blasingame, Bob 
> wrote:
Greetings,

We are upgrading our outdoor wireless APs to Cisco 1562s and want to move the 
mount locations from roof top down to ground level; approx. 10-15 feet up on 
walls.

Unfortunately, we are getting pushback that, aesthetically, this is not going 
to be allowed, even with camouflaging of the AP.

We have now ben tasked with providing photos of outdoor APs in use on other 
campuses.  Thirty minutes on Google showed that this was not an easy thing to 
find, so we are wondering if anyone has photos of outdoor APs on their campus 
buildings that they would be willing to share. Preferably, Cisco 1562s, but 
anything to show that other universities are willing to bend a little on looks 
to gain wireless coverage.

If you have any information on how you handled this dilemma, that would be 
appreciated as well.

Thanks for your time,

Bob


Bob Blasingame
Network and Communications Engineer
IT Infrastructure
Xavier University
513-745-4899
Get Technical HELP anytime!
[cid:image001.gif@01D3E6AD.E3279870]




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Need help

[Christina Klam]

Hector,

Are the port-channels split between the two physical 6500s or is one controller 
connected to one switch and the other controller on the second?  When you are 
having the issue, have you looked at the traffic across the VSS or compared 
what is coming into the 6500s vs what is leaving it?  In other words, have you 
been able to isolate the issue as being on  the controllers and not the VSS?  

--Christina

Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
+1 609-734-8154
ck...@ias.edu


From: "Hector J Rios" <hr...@lsu.edu>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Monday, April 23, 2018 11:54:42 AM
Subject: Re: [WIRELESS-LAN] Need help

Our controllers connect to a pair of 6500s (SUP2Ts) in VSS mode. Each 
controller pair has two 10G interfaces in a port-channel.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, April 23, 2018 9:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help


Hector- do the controllers connect to Nexus boxes, and with what kind of cable?


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Sent: Monday, April 23, 2018 10:09:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Need help

All,

Last fall we all shared our experiences with the beginning of the semester. 
Ours was not great, and what we thought had been resolved, came back to bite 
us, again. If you want more info, search for subject "Re: [WIRELESS-LAN] Move 
In/Opening Week- Any Problems?"

My question to all of you is the following: If you have Cisco 8540s and over 
3000 APs, have you ever moved APs from one controller to another with no 
issues? i.e. You move 3000 APs from one controller to another at once.  Please 
respond and let me know your basic setup.

Here is our problem. Last year we moved all of our APs to an HA pair of 8540. 
We experienced no issues until the beginning of the fall, when all students 
came back. Last week, we moved all the APs from one HA pair to another, and 
right away we started experiencing issues.

What is the issue? When the issue starts happening, it appears that a good 
portion of our APs cannot associate to our controllers. It seems like the 
controllers run out of resources to be able to establish CAPWAP tunnels (memory 
leak?).

Our configuration:

Two HA pairs of 8540s, AP/Client SSO
AVC turned on, only on eduroam
IPv4/IPv6 dual stack support
Our oldest AP model is 1140
Software 8.2.161 (yes, we know it is deferred)
3900 APs
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Eduroam - 3 questions

[Christina Klam]

Like many of you, we started with three campus wide SSIDs: a vanity/branded 
WPA2-Enterprise, a branded open guest, and eduroam.  At the end of the first 
year, we reduced to just eduroam and our guest.  By using the domain portion in 
the username (use...@domain.edu), radius assigns users to specific VLANs.  If 
they are not from @ias.edu, they get assigned to a "guest permission leveled" 
VLAN which only has access to the Internet and some specific campus devices 
(like projectors).  If they are from @ias.edu, they are given greater 
privileges on campus like access to library resources.  


In terms of help desk calls, we received fewer once we de-cluttered our SSID 
space.   If we were to do this again, we would just start with just eduroam and 
guest.  

BTW:  Everyone should use the same spelling of eduroam.  There are no capital 
letters in the SSID.  

--Christina Klam

- Original Message -
From: "Alexandre Adao" <alexandre.a...@morgan.edu>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, April 18, 2018 11:42:04 PM
Subject: Re: [WIRELESS-LAN] Eduroam - 3 questions

1- Currently, we have SSID's MSU-Secure, Guest-Users and EduRoam. We may
move forward to one or two SSID's later one.  Our Radius are not configured
as connector.

2. The EduRoam deployment is not that difficulty. It depends what type of
Radius Server you are using.

3. To minimize the Help Desk calls, ensure that the student/Faculty
authenticate EduRoam with their full e-mail address (account
xxx@domain.edu), locally. Because it will be the same credentials
format when they are visiting other educational entities.

--Alex Adao



On Wed, Apr 18, 2018 at 9:19 PM, Davis, Kevin <keda...@davidson.edu> wrote:

> I just wanted to say “ditto” to what Chuck said, but with an underscore: I
> would recommend you consider the value of making eduroam your primary
> campus SSID.  Just having it on campus doesn’t ensure anyone will use it or
> understand what it means.  (“If I have DavidsonSecure or eduroam, why would
> I ever want ‘roaming’ if I could be on the Davidson network?”). OTOH, if
> it’s the network they use daily, they’re always ready to use it.
>
> A number of colleges have moved away from vanity-named SSIDs to having
> eduroam as their main or only wifi network on campus. Davidson is moving in
> that direction this summer, retiring our legacy SSID, and we are by no
> means an early mover on this.
>
> Kevin
>
> --
> Kevin Davis
> Deputy CIO & Director, Core Services
> Davidson College Technology & Innovation (T)
>
>
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Enfield III, Charles
> Albert" <cae...@psu.edu>
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Date: Wednesday, April 18, 2018 at 7:25 PM
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <WIRELESS-LAN@LISTSERV.
> EDUCAUSE.EDU>
>
> Subject: Re: [WIRELESS-LAN] Eduroam - 3 questions
>
> Hi Rita,
>
>
> I too would encourage you to provide the eduroam SSID at your institution,
> but I'll give you a selfish reason to do it.  Supporting your users once
> they're already at another campus ranges from difficult to impossible.  If
> you want eduroam to be easy to support, then you want your users to test it
> before they travel.  If it works when they're on your campus you're
> basically home free.
>
>
> Chuck
>
>
> --
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Hunter Fuller <
> hf0...@uah.edu>
> *Sent:* Wednesday, April 18, 2018 7:05 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Eduroam - 3 questions
>
> 1. I'm not sure if this is permitted by their policy, but if so, could I
> convince you not to do it? I'd love it if my constituents' connections
> worked with no setup at your institution, just like your constituents'
> connections will do at mine, once you join eduroam as an IdP.
> Also, there's another gotcha. If you don't have eduroam as an SP locally,
> your users have no way to test before they travel.
>
> 2. Yes. For sure.
>
> 3. It would be great if one of your tiers of troubleshooting knew how to
> access the eduroam portal to make sure authentications are reaching your
> institution when your constituents travel. If they are, you just
> troubleshoot it like any other RADIUS auth.
> You also need to know to direct your campus visitors to their home
> institution for assistance, assuming their auth is making it out of your
> campus already.
>
> Mostly it's just RADIUS, but with that extra bonus func

Re: [WIRELESS-LAN] Printing to a wired printer from wireless

[Christina Klam]

Max,

I will add that to our list of things to test!  Looking at their website, it 
appears that it can use DNS (and not just mDNS). If so, that would solve one of 
key issues I foresee.

Thank you,
Christina

- Original Message -
From: "Max McGrath" <mmcgr...@carthage.edu>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Thursday, February 1, 2018 1:03:55 PM
Subject: Re: [WIRELESS-LAN] Printing to a wired printer from wireless

We use Papercut MF at Carthage.

Max

--
Max McGrath  <http://www.linkedin.com/in/max-mcgrath-a299124b>
Infrastructure and Security Manager
Carthage College
262-551-
mmcgr...@carthage.edu

On Thu, Feb 1, 2018 at 12:02 PM, Christina Klam <ck...@ias.edu> wrote:

> All,
>
> I knew this day would come...  People want to print to our network
> printers from their mobile devices.  We have enable mDNS on our wireless
> network so that anyone on the wireless SSIDs can print to any printer on
> the wireless network.  For us, this means people can register their printer
> on one of the SSIDs and print to it.  This works fine in our ResNET
> environment.  Now, people want to print to the enterprise wired network
> printers while on campus.
>
> What is everyone using to allow mobile devices printing capabilities to
> the enterprise printers or print servers?  One of the schools is looking at
> PrinterLogic.  Another Presto.  I will be guiding everyone towards agreeing
> to a single idea, whatever that may be.
>
> Thank you for your help,
> Christina Klam
> Network Engineer
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Printing to a wired printer from wireless

[Christina Klam]

All,

I knew this day would come...  People want to print to our network printers 
from their mobile devices.  We have enable mDNS on our wireless network so that 
anyone on the wireless SSIDs can print to any printer on the wireless network.  
For us, this means people can register their printer on one of the SSIDs and 
print to it.  This works fine in our ResNET environment.  Now, people want to 
print to the enterprise wired network printers while on campus. 

What is everyone using to allow mobile devices printing capabilities to the 
enterprise printers or print servers?  One of the schools is looking at 
PrinterLogic.  Another Presto.  I will be guiding everyone towards agreeing to 
a single idea, whatever that may be.

Thank you for your help,
Christina Klam
Network Engineer

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] More client weirdness

[Christina Klam]

You may be running into the same Windows 10 "feature" that we did a few months 
ago.  Here is the document we wrote up:  https://www.ias.edu/wireless-resources

RE: 
https://www.intel.com/content/www/us/en/support/network-and-i-o/wireless-networking/05544.html

Good luck,
Christina



- Original Message -
From: "Brahim Bouchaiba" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, January 31, 2018 1:41:15 PM
Subject: Re: [WIRELESS-LAN] More client weirdness

Hi,

Can you run debug client < mac address> then parse it here:
https://cway.cisco.com/tools/WirelessDebugAnalyzer/



On Wed, Jan 31, 2018 at 1:34 PM, Gray, Sean  wrote:

> Hi Craig,
>
>
>
> Sorry I should have mentioned that, our WLC is a 5520 running 8.3.133.0
> code
>
>
>
> Sean
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Craig Eyre
> *Sent:* January-31-18 11:30 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] More client weirdness
>
>
>
> Sean,
>
>
>
>
>
> What version of controller software are you running?
>
>
>
>
>
> Craig Eyre
>
>
>
> On Wed, Jan 31, 2018 at 11:17 AM, Gray, Sean  wrote:
>
> Hi Everyone,
>
>
>
> I just wanted to throw this weirdness out to the group to see if anyone
> has experienced the same issue and has found a solution or work around.
>
>
>
> We have a student on campus who intermittently cannot connect to our
> 802.1x Student WLAN when trying to connect to a Cisco 702w access point
> installed nearby. They can connect to our open Guest WLAN. I should say
> that they are fail to connect to Student more times than they succeed when
> in their Student Residence. On campus they are able to connect to Student.
>
>
>
> I recently brought them down to my office to have them try and connect to
> a 702w that I had set up specially for the purpose of this test.
>
>
>
> *Client Details:*
>
>
>
> · Acer Aspire F5-571T Laptop
>
> · NIC: Qualcomm Atheros QCA9377
>
> · Driver Version 12.0.0.309
>
> · O/S: Windows 10 Home
>
>
>
> Client has Symantec Anti-virus installed
>
>
>
> Windows updates and driver versions were all validated.
>
>
>
>
>
> During testing I noticed that the client completes the AUTH phase and
> enters RUN state. At this point it frequently seems to stall and doesn’t
> make it into the DHCP Socket Task portion of the client/WLC/DHCP exchange.
>
>
>
> The only thing that the testing proved to me is that the client doesn’t
> like Cisco 702w APs, as I saw the same results in my office as I saw from
> them in Student Residence. Of note is that the problem seems to become
> particular pronounce when they roam from Guest to Student or vice versa.
> Disabling the Symantec firewall seemed to improve, but not fully resolve
> the issue.
>
>
>
> I should also point out that due to the unique way that our Residence
> townhomes were constructed wall mount APs are our only option.
>
>
>
> So this one has me beat!
>
>
>
> Thanks
>
>
>
> Sean
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
>
>
>
> --
>
> Craig Eyre
> Network Analyst
> IT Services Department
> Mount Royal University
> 4825 Mount Royal Gate SW
> 
> Calgary AB T2P 3T5
>
> P. 403.440.5199 <(403)%20440-5199>
> E. ce...@mtroyal.ca
>
> "The difference between a successful person and others is not a lack of
> strength, not a lack of knowledge, but rather in a lack of will." Vincent
> T. Lombardi"
>
>
>
> *MRU IT Services will NEVER ask you for your password or to update or
> verify your email account through an email. DO NOT click any links in an
> email asking you to update or verify your email account.*
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Cisco Prime Switch Port Trace

[Christina Klam]

All,

I have been asked to prioritize rogue AP detection.  We already have Auto 
Switch Port Trace feature enabled, but I discovered today why it hasn't been 
working.  According to the Cisco documentation,  "Switch port 
configuration—Trunking switch ports must be correctly configured. Switch port 
security must be disabled."  So, as we have port-security enabled on all switch 
ports (so that we can control/monitor the personal switches on campus and 
ResNet), switch port trace is NOT working.   

My question to you guys is WHY is there this dependency?  My google-foo is 
coming up with no explanation.

Thank you,
Christina

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

[Christina Klam]

For years, Windows and Apple devices automatically prefer IPv6.  Moreover, we 
have found issues with BonJour and other functionality, when we disable IPv6.   
Instead we suppress ipv6 nd ra.  This will, at the minimum, limit the 
auto-networking functionality of ipv6.  

--Christina Klam
Network Engineer



- Original Message -
From: "Mike King" <m...@mpking.com>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Friday, October 6, 2017 8:32:54 AM
Subject: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

So I saw this on Reddit this morning. What do you guys think of this?


https://www.reddit.com/r/LifeProTips/comments/74jt7s/lpt_if_youre_in_student_halls_campus_or_hotel/

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco 3800 Series APs

[Christina Klam]

Bryan,

We have been using 3800s for about a year and we do use Prime to manage them.  
The only issues we have had was their power consumption requirements.  They 
require more power over POE than our 3750E and 4500E could provide.  We are now 
rolling them out in conjunction with our switch upgrade (to 3850s) project.

Best Regards,
Christina Klam
Network Engineer
Institute for Advanced Study
609-734-8154

- Original Message -
From: "Bryan Ward" <bryan.w...@dartmouth.edu>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, July 5, 2017 12:07:18 PM
Subject: [WIRELESS-LAN] Cisco 3800 Series APs

Couldn't find a recent discussion on the list archives, so I'll ask my question.

For those of you that have Cisco 3800 series APs in production, how have they 
been working for you recently?
We currently purchase 3700 series APs as our standard for new installs and 
replacement of our 3500 series APs, but are now considering switching to the 
3800 series.
I heard there were a lot of issues with them at first, but was wondering if 
they're still troublesome now that they've been out in the wild for some time.
Also, does anyone currently have issues using Prime to manage them?

Thanks all,

--
Bryan Ward
Network Engineer
Dartmouth College Network Services
603-646-2245
bryan.w...@dartmouth.edu<mailto:bryan.w...@dartmouth.edu>


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

mDNS Containment with Meraki or WLC

[Christina Klam]

All,

We are building housing for our emeritus faculty members.  These will be 
private townhouses on our campus that will be networked by us. We are now 
discussing whether the switches and AP should be Cisco or Meraki (I realize 
Meraki is now Cisco).  The decision point lies in how the two product lines 
handle BonJour/mDNS.  

GOAL:   Residents in one townhouse can only connect to the mDNS devices located 
in their homes or devices associated with their userid.  Ideally, we want to 
broadcast the same SSIDs as on campus to reduce confusion. 

Proposed Way of Doing This:  One way we are thinking this can be done is to use 
the info already in our self-registeration portal.  In that database, we have 
user name and mac address; so we will know which devices belong to whom.  Using 
this information, we hope to limit mDNS access to devices within the private 
homes to just the devices registered to that home.    


Questions:  Are there better ways of accomplishing the goal? Can this be done 
by either product?  I will be testing mDNS Service Groups on our WLC running 
8.2.121.0 this week.  Should we just create a SSID per home (thus containing 
the mDNS to each home.  Note:  This doesn't work on the WLCs as you are forced 
to use a single multicast VLAN used by ALL SSIDs) and broadcast a shared 
"guest" SSID among the townhouses so that people can visit each other?  How 
have you addressed this issue on your Residence Halls?

Thank you,
Christina Klam
Network Engineer
Institute for Advanced Study
609-734-8154
ck...@ias.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] MAC OSX Duplicate IP's

[Christina Klam]

All,

Would DHCP Snooping and Dynamic arp inspection address this issue?

Regards,

Christina Klam


-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Clients unable to obtain an IP address via DHCP

[Christina Klam]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Roger,

We do not have the log files from the last time this happened, but we
have had periodic DHCP issues for years.  This has happened on 5508 and
its predecessor WLC.   For some reason, clients on a SSID stop being
able to get an IP from dhcp.  The "solution" has been to disable the
SSID, wait a minute or so, and then re-enable the SSID.   This happened
more frequently with the open SSID and more frequently in the past.  We
opened a ticket with Cisco twice but they were never able to determine why.

If anyone else has seen this behavior and discovered the reason, we
would love to hear it.

- --Christina


- -- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQErBAEBCAAVBQJYgNSqDhxja2xhbUBpYXMuZWR1AAoJEN9pUgshfvqBBRwH/3Dq
BDS/embfhWZ5N4btLBlUEhmOjl+63DrdC+cFHYZM0TQpBEAx/GruF2b8NsMlIKur
MTc4p4oXcVkIo79uMB2bJDgC6/IIVKnkZk3rSY2qfbXnENPjoARgZqFOUOQaKKw6
deZnPmbxKNEFSFHNPh6ablEDbOBIDEvJqC5akck5Bx0/SrhzgJCJV63U1aUNFoBx
aO5VyHPJ9Lg/2atPueb1Be4hyRVdDv9v91KkX2mM8M6nbVTOyNlB/F6zznXEKXy+
riiVsVcJCUzF98rOlmV9Ai8tKrEjdU7QuE/st+lwE2ENi733ioKMG6cOe0SKLYP8
0oFX5d+q8ND98bQsr2A=
=izev
-END PGP SIGNATURE-

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Disabling LEDs on APs

[Christina Klam]

On the recent version of Cisco APs (2802/3802), lights are disabled by
default.  I am mixed about that.  While it does stop people from
wondering if we are spying on them (which we are not, it is just a LED
light!), it does make it harder to troubleshoot.  We no longer can ask
the user for the color or color sequence of the AP.

In the end, we have decided to stick with the Cisco defaults.

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLC code for Cisco 3802i

[Christina Klam]

Thank you Kevin.

On 08/22/2016 01:31 PM, Mccormick, Kevin wrote:
> We installed 8.2.121.0 on our 5508s and 8510s.
> 
> So far we have not had any issues.
> 
> Kevin McCormick
> Western Illinois University
> 
> On Mon, Aug 22, 2016 at 12:27 PM, Christina Klam <ck...@ias.edu
> <mailto:ck...@ias.edu>> wrote:
> 
> All,
> 
> We have to upgrade the code on our 5508 to accommodate the 3802i that we
> just got in.  What are people's experiences with either 8.2.121.0 or
>     8.3.102.0?
> 
> Thank you,
> --
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> Email:  ck...@ias.edu <mailto:ck...@ias.edu>
> 
> Einstein Drive  Telephone: 609-734-8154 
> Princeton, NJ 08540 Fax:  609-951-4418 
> 
> **
> Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/ <http://www.educause.edu/groups/>.
> 
> 
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> 

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WLC code for Cisco 3802i

[Christina Klam]

All,

We have to upgrade the code on our 5508 to accommodate the 3802i that we
just got in.  What are people's experiences with either 8.2.121.0 or
8.3.102.0?

Thank you,
-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Minimum Standards

[Christina Klam]

We disabled 80211b rates a few years ago.  If someone's device needs to
join wireless, we have them purchase a wireless or wired dongle.  We
keep a few in stock too for those who need proof that this is a viable
solution.

In terms of g & a, we are only seeing a handful this term.  We are
hoping to turn off those within a year.   But, as each term brings a new
set of devices, that could change.  We turned on r/k in Spring and had
few issues.  Then a different group arrive in September.  As too many
devices couldn't connect, we had to disable r.

Regards,
Christina



On 11/05/2015 07:47 AM, Osborne, Bruce W (Network Services) wrote:
> I wish we could turn down 802.11b.
> 
> We strongly recommend 802.11ac compatibility, but since we have residences 
> with game consoles (Xbox 360) & some clueless TVs (Vizio) we needed to turn 
> on 1 & 2 mbps so those devices would associate to our mac-auth SSID for 
> non-802.1X devices.
> 
>  
> Bruce Osborne
> Wireless Engineer
> IT Infrastructure & Media Solutions
>  
> (434) 592-4229
>  
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
> 
> -Original Message-
> From: Smith, Todd [mailto:todd.sm...@camc.org] 
> Sent: Wednesday, November 4, 2015 5:41 PM
> Subject: Re: Minimum Standards
> 
> We are starting to move away from 802.11a since it doesn't support DFS 
> channels with with our new 802.11ac Wave 2 rollout coming soon will be 
> needed.  Turning 802.11b down has helped quite a bit but we still see a large 
> about of 802.11g traffic.
> 
> Todd
> 
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P 
> [matthew.hin...@vikings.berry.edu]
> Sent: Wednesday, November 04, 2015 4:42 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Minimum Standards
> 
> Just wondering what everyone's minimum standards look like for supported 
> Wi-Fi devices. Or if your department has any defined.
> 
> We don't enforce any sort of minimum bar aside from
> 
> -Your device needs to support 802.11a, g, n, or ac. 802.11b devices cannot 
> successfully authenticate -Consistent 2.4GHz-only connectivity usually cannot 
> be guaranteed in residence halls.
> 
> At a glance, we're usually only at about 0.3% 802.11g clients. Everyone else 
> is a, n, or ac.
> 
> Thank you!
> Matthew Hinson
> Supervisor, Network Operations
> "Have I not commanded you? Be strong and courageous. Do not be afraid. Do not 
> be discouraged. For the LORD your God will be with you wherever you go." 
> (Joshua 1:9)
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=CQMFAg=2GaipCMI-4CXTl0y2l8grQS3faC7QKiDQZYpyUtD00M=uvxIRDMxwssmr2VjVNRe6I_MeNT0SmtowN9dpqcMAFc=VanKeK1AoUUDR1mjsz3-DKjqo7S0sHw9UuV31RXPXhI=7SOOucS3y4c8v2RQTxdGiP8BqiEvoxzsnBG2EXW_rq8=>.
> 
> ==
> 
> CONFIDENTIALITY NOTICE: The information contained in this message may be 
> privileged and confidential. If this e-mail contains protected health 
> information, you are hereby notified that any dissemination, distribution or 
> copying of this communication is strictly prohibited, except as permitted by 
> law. If you have received this communication in error, please notify the 
> sender immediately by replying to this message and deleting it from your 
> computer. Thank you.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.11r

[Christina Klam]

In May, we turned it on for most our SSIDs.  We have only seen issues
with older laptops and tablets.  When this happens, we tell those few
users to either use the non 802.11r SSID or upgrade their device/OS.

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

[Christina Klam]

We are in the process of re-cabling some of our CAT5 only buildings.  We
have decided to run two Cat6A cables for each AP.   The cost of running
an additional cable is negligible compared to the labor of replacing a
bad cable later on.


-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418



On 03/24/2015 04:02 PM, Kevin McCormick wrote:
 We have a big roll out of new .11ac APs this summer and we have
 decided to run one CAT6a cable to the APs for future capacity. I
 expect that 10G switches and APs will be common place before the next
 refresh. I can understand running a second wire only if you are doing
 a refresh and dual 2.5G was common place. Even then I would be running
 a CAT6a as the second cable.

 Kevin McCormick
 uTech Network Services
 Western Illinois University

 On 3/24/2015 11:58 AM, Deshong, Kenneth wrote:
With the advance in Cisco's new Multigigabit technology you can
 use existing CAT5e\CAT6 cables and run speeds 5GB/10GB respectively
 over copper. No need to run multiple cables to your Access Points. I
 saw a presentation by Cisco where the new 3850's coming out this year
 will already support this technology.  I'm assuming their Wave 2
 Access Points will also support this and you can effectively run
 5gbps over your older CAT5e cables. While I do agree, 20-40 users on
 an access points doesn't make it necessary to run 10GB to that access
 point, I would rather have it and not need it. Any Cisco shops can
 attest, most of the time when they roll out a new AP/Switch, the
 price point is usually pretty close or the same as the older model so
 it only makes sense to roll out the new technology.

 http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/catalyst-multigigabit-switching/multigigabit-ethernet-technology.pdf




 Ken DeShong
 Network Engineer
 USF Health Information Systems
 Desk: 813-396-9472
 Fax: 813-974-5198


   Amazing Things Happen When You Connect the Unconnected

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic,
 Thomas
 Sent: Tuesday, March 24, 2015 11:45 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

 For now mgig doesn't seem necessary from a wireless perspective. I
 think new installations may justify multiple drops if you know
 funding for some areas comes and goes. Like a slow refresh on switch
 gear, but the ability to upgrade to full AC Aps. Mgig will most
 likely be driven from our research departments as they upgrade
 machines with newer NICs and expect to take advantage of it. We try
 to anticipate the needs and so far we see very little need for mgig
 on the wireless front.

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
 Sent: Tuesday, March 24, 2015 10:24 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

 I'd add to Frank's list:

 - Wave 2 won't increase spectral efficiency as much as initially
 projected.  Expect 2x once most of the client radios are wave-2 11ac
 rather than the 4x that was being tossed around a year ago.

 - Most, if not all, ac client devices will be 2-stream.

 - There's insufficient spectrum available to leverage 80MHz channels.
 Even if more spectrum becomes available in the next couple years, it
 will be years after that before a large enough percentage of client
 devices support those new channels for them to be useful.

 Add all this up and it is likely to be at least 5 years before you
 achieve Gbit on the wire to 802.11ac APs, and it may never happen. 
 If you agree with this assessment, then there's no reason to rush
 into proprietary multi-gig edge switching.  It seems wise to wait for
 an IEEE standard.

 Chuck Enfield
 Manager, Wireless Systems  Engineering
 Telecommunications  Networking Services The Pennsylvania State
 University 110H, USB2, UP, PA 16802
 ph: 814.863.8715
 fx: 814.865.3988

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
 Sent: Tuesday, March 24, 2015 11:06 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

 Personally, I'm not too worried about it.

 While naively adding up the wireless marketing sheets gets you to 
 1Gb numbers, especially when treated with Wave 2 pixie dust, I think
 there are a few factors which make this a low concern.

- The wireless numbers are half duplex, while that 1Gb wired
 connection is full duplex.  This means that while your client
 bandwidth is probably going to be biased download more than upload,
 the upload and download

Re: [WIRELESS-LAN] Sporadic slow page loads/stalling pages on Apple machines

[Christina Klam]

Britton,

A couple of us NJ EDUs started seeing issues with CDN traffic around Dec 
17th.  It only got addressed last week after our web developer tweeted 
about the issue.  Once everyone got involved, the problem got quickly 
pinpointed to a routing issue within the intermediate ISP, Zayo, 
environment.


 
--Christina

Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

[Christina Klam]

Thank you for the laugh, Lee.

On 12/23/2014 12:31 PM, Lee H Badman wrote:

hey now... Cisco says it's good.   what could go wrong?






From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Alan Klein 
akl...@osisecure.com
Sent: Tuesday, December 23, 2014 12:17 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

Sort of reminds me of the Mission Impossible opening theme. How long will you 
all let that fuse burn before you pull the trigger?



On Dec 23, 2014, at 12:08 PM, Lee H Badman lhbad...@syr.edu wrote:

So far, so good on my end.

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stefan Kronawithleitner
Sent: Tuesday, December 23, 2014 9:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

MR1 landed…

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1.html

If there are no mayor complaints from early adopters, this is the release I 
will move my controllers to at the end of the holiday break...

--
Stefan Kronawithleitner
Johannes Kepler University, InformationManagement (IM) - Network and Telephony
stefan.kronawithleit...@jku.at +43 732 2468 3923 SK3112-RIPE

On 15. Dezember 2014 at 15:00:18, Lee H Badman (lhbad...@syr.edu) wrote:

I'm told that MR1 hits 12/22, and am counting on it...

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Eriks Rugelis
Sent: Monday, December 15, 2014 8:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

We have been running 8.0.100.0 across 5 WLC 5508's for all of our undergrad 
Resnet buildings
(mix of AP702W's, AP3602's) since 2014 September. The rate of user complaints 
about
WLAN service in Resnet has been low.

As a result of this positive experience, we plan to move the rest of the campus 
to this version
of code at the end of 2014 December.

I have not seen 8.0MR1 yet and have no opinion about it.

Eriks

In God we trust; all others must bring data. - attributed to W. Edwards Deming
---
Eriks Rugelis | Manager, Network Development | University Information Technology
010 Steacie Science and Engineering Library | York University | 4700 Keele St. 
, Toronto
ON Canada M3J 1P3
T: +1.416.736.5756 | F: +1.416.736.5830 | er...@yorku.ca
| www.yorku.ca

York UIT will NEVER send unsolicited requests for passwords or other personal 
information
via email. Messages requesting such information are fraudulent and should be 
deleted.
** Participation and subscription information for this EDUCAUSE 
Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion
list can be found at http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


--
--
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] flex connect

[Christina Klam]

John,

We are thinking of doing something like this as a way of corralling the mDNS 
into multiple local areas.   The question we have is how to keep clients from 
flipping frequently between IP addresses when they are between buildings.  The 
distance between some our buildings is small so a client in bldg A could be 
connected to an AP in building B. 

-- Christina

Sent from my iPhone

On Nov 12, 2014, at 6:12 PM, Watters, John john.watt...@ua.edu wrote:

I am investigating doing this. Some success, but still a ways from completing 
the puzzle.
 
What I would like to do with my WPA2 Enterprise SSID is drop my two major 
classes of users (faculty/staff and students) into a FlexConnect local VLAN 
based on the building they are in and their status. I can easily return the 
proper VLAN from my Radius server (back-ended by LDAP) for the building they 
are in since all my APs have a three character building abbreviation as the 
first part of their name which is passed to Radius along with their UserID for 
authentication. I am not having any problems getting the proper VLAN returned 
by Radius. What I can’t do is get the controller to actually drop these two 
major groups of folks into a local (to them) VLAN on the switch that their AP 
is attached to. Part of the problem is caused by the controller caching the 
user's credentials, which doesn't allow him to switch buildings since the 
cached VLAN is not in his new building. My next try is to get the controller 
not to cache the users credentials, and thus also caching his VLAN, IP address, 
etc., along with it.
 
If we can get these two major groups dropped into local VLANs (and the special 
cases centrally switched), it will help a number or problems, e.g., (1) huge 
broadcast domains, (2) users will get access to local resources just like they 
would if they had a wired connection (e.g., AppleTV, printers, ChromeCast), and 
(3) lack of big blocks of IP address space for wireless users which cause us to 
have to use many secondary subnets in our wireless address space (a 
non-supported config the last I heard).
 
My local Cisco SE has been very helpful, but we haven't solved the riddle quite 
yet. I'm hoping someone out there has done this. This looks very close to an 
optimal way to distribute users in a manner that is beneficial to both them and 
to us.
 
 
 
 
-jcw
  image002.jpg

  
John Watters   The University of Alabama
Office of Information Technology
205-348-3992
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stooksberry, Tom
Sent: Wednesday, November 12, 2014 3:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] flex connect
 
Would anyone who has change their Cisco WiFi from the controller base to the 
flex connect give a review of their experience. 
We are thinking of doing this to ease congestion of our WiFi traffic.
 
Thanks,
 
Tom S.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Controller stops sending DHCPREQUESTS for just one WLAN

[Christina Klam]

Mark,

Thank you for the suggestion.  I just looked and DHCP Proxy is NOT
enabled.

So far today, we have had no repeat misbehavior.  I am hoping the
problem is related to the DHCP server override setting.  That would make
the most sense.  I like when there is a logical answer.

Regards,
Christina

On 08/21/2014 05:35 PM, Mark Duling wrote:
 Is the DHCP proxy feature of WLC unchecked?  Controller - Advanced - DHCP
 
 We had a case where it was enabled (perhaps the default in early
 versions) and it never seemed to matter until some years later due to
 reasons I don't even remember.  It probably is off, but you might check
 it.  At the time we had our problems a TAC engineer said something like
 some dhcp servers with firewalls won't work with this setting.
 
 Just a thought.
 
 
 On Thu, Aug 21, 2014 at 2:27 PM, Christina Klam ck...@ias.edu
 mailto:ck...@ias.edu wrote:
 
 I am hoping someone can point me in the correct direction.  Two days in
 a row, our wireless controllers (4404 and wism2) have stopped sending
 the DHCP requests for clients for just one of our WLAN.  This WLAN is
 open and is used as the Multicast VLAN for our two 802.1X WLANs.
 
 Recent Changes:
 1.  Tuesday morning, we replaced our ISC DHCP servers with Infoblox.
 2.  As part of that change, we had to change the dhcp server settings on
 all of the dynamic interfaces.  In classic mode of Prime, you are not
 allowed to enter just one dhcp address.  So, on the controllers
 themselves, I manually updated the list of dhcp servers  for all of the
 dynamic interfaces except the open one, ias-144.  I was not allowed to
 change the dhcp settings on ias-144 because it was in use.  As we were
 getting near the end of our window, I setup the dhcp override in the
 corresponding WLAN.  (I later remembered it was in use as the
 Multicast VLAN.))
 3.  Wednesday, about 25 hours after the dhcp server change, clients were
 unable to get an ip address.  We fixed this issue by disabling the
 WLAN, removing it as the Multicast VLAN, and replacing its dynamic
 interface using a Prime's Lifecycle Theme template.
 4.  Today at 13:21, the problem reoccurred.  I removed the dhcp override
 option as it was no longer needed.  That didn't help.  We then disabled
 and re-enabled the WLAN.  After doing so, clients were able to get their
 dhcp addresses.
 
 
 Has anyone else seen this behavior?  The ip helper-address is the same
 for all of the WLANs on the 6509 and on the controllers.  All of the
 dynamic interfaces look the same on the controllers.
 
 Thank you for your help,
 --
 Christina Klam
 Network Engineer
 Institute for Advanced Study
 Email:  ck...@ias.edu mailto:ck...@ias.edu
 
 Einstein Drive  Telephone: 609-734-8154 tel:609-734-8154
 Princeton, NJ 08540 Fax:  609-951-4418 tel:609-951-4418
 
 **
 Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 
 
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Controller stops sending DHCPREQUESTS for just one WLAN

[Christina Klam]

I am hoping someone can point me in the correct direction.  Two days in
a row, our wireless controllers (4404 and wism2) have stopped sending
the DHCP requests for clients for just one of our WLAN.  This WLAN is
open and is used as the Multicast VLAN for our two 802.1X WLANs.

Recent Changes:
1.  Tuesday morning, we replaced our ISC DHCP servers with Infoblox.
2.  As part of that change, we had to change the dhcp server settings on
all of the dynamic interfaces.  In classic mode of Prime, you are not
allowed to enter just one dhcp address.  So, on the controllers
themselves, I manually updated the list of dhcp servers  for all of the
dynamic interfaces except the open one, ias-144.  I was not allowed to
change the dhcp settings on ias-144 because it was in use.  As we were
getting near the end of our window, I setup the dhcp override in the
corresponding WLAN.  (I later remembered it was in use as the
Multicast VLAN.))
3.  Wednesday, about 25 hours after the dhcp server change, clients were
unable to get an ip address.  We fixed this issue by disabling the
WLAN, removing it as the Multicast VLAN, and replacing its dynamic
interface using a Prime's Lifecycle Theme template.
4.  Today at 13:21, the problem reoccurred.  I removed the dhcp override
option as it was no longer needed.  That didn't help.  We then disabled
and re-enabled the WLAN.  After doing so, clients were able to get their
dhcp addresses.


Has anyone else seen this behavior?  The ip helper-address is the same
for all of the WLANs on the 6509 and on the controllers.  All of the
dynamic interfaces look the same on the controllers.

Thank you for your help,
--
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

5508 or 3850

[Christina Klam]

All,

I am trying to put together a large purchase.  Cisco has some nice
bundles but we are trying to determine if they are right for us.  A big
issue is the divergent paths Cisco is taking on wireless.  Should we
invest in a pair of 5508 which may be good for a 3-4 years?  Or, should
we jump into the Converged world of 3850s and 5760s?  What will I be
losing by moving off of the 5508/WiSM2s?

I have read that clients cannot seamlessly roam between APs on different
platforms.  Is that still true?  We have a layer 2 design so clients
will be keeping their IP addresses.  But, what happens to the 802.1X
authentication?  If clients have to re-authenticate as they move from
AP-converged to AP-AireOS, that can be a problem for the areas where the
two overlap.

Thank you for your help,

-- Christina
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 5508 or 3850

[Christina Klam]

Thank you everyone.  The bundle includes both 3850s and 5508.  For now,
we will only use the 3850 licenses on at our remote site.  In four
years, we will revisit the wireless design and go with either the IOS or
AireOS products.  Hopefully, Cisco will have a clearer plan by then.

On 05/16/2014 10:09 AM, McClintic, Thomas wrote:
 You must also upgrade to 7.5 or later to enable 'New mobility'. If you can't 
 do this yet, avoid mixed environments to prevent mobility issues.
 
 http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_010010101.html
 
 TJ McClintic
 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
 Sent: Friday, May 16, 2014 9:00 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 5508 or 3850
 
 Until the 5760s can be fully managed by PI and achieve feature parity with 
 the 5508s, I'd stay away. They still feel half-baked to me...
 
 Lee H. Badman
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003
 
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Christina Klam 
 ck...@ias.edu
 Sent: Friday, May 16, 2014 9:31 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] 5508 or 3850
 
 All,
 
 I am trying to put together a large purchase.  Cisco has some nice bundles 
 but we are trying to determine if they are right for us.  A big issue is the 
 divergent paths Cisco is taking on wireless.  Should we invest in a pair of 
 5508 which may be good for a 3-4 years?  Or, should we jump into the 
 Converged world of 3850s and 5760s?  What will I be losing by moving off of 
 the 5508/WiSM2s?
 
 I have read that clients cannot seamlessly roam between APs on different 
 platforms.  Is that still true?  We have a layer 2 design so clients will be 
 keeping their IP addresses.  But, what happens to the 802.1X authentication?  
 If clients have to re-authenticate as they move from AP-converged to 
 AP-AireOS, that can be a problem for the areas where the two overlap.
 
 Thank you for your help,
 
 -- Christina
 Christina Klam
 Network Engineer
 Institute for Advanced Study
 Email:  ck...@ias.edu
 
 Einstein Drive  Telephone: 609-734-8154
 Princeton, NJ 08540 Fax:  609-951-4418
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at 
 https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=sG3uQ9Qp45lo%2FR8nM0N4tnD9m03Xb%2Bo8e7rwBOFG4zc%3D%0As=9fc99574c67b2247e2f2d9497b0af5c821ab1997917ea17dfb76c6670b7f166c.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at 
 https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=sG3uQ9Qp45lo%2FR8nM0N4tnD9m03Xb%2Bo8e7rwBOFG4zc%3D%0As=9fc99574c67b2247e2f2d9497b0af5c821ab1997917ea17dfb76c6670b7f166c.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] time for the annual wifi will kill us response

[Christina Klam]

When people have concerns, we point them to the following:

http://www.who.int/mediacentre/factsheets/fs193/en/index.html
http://web.princeton.edu/sites/ehs/radiation/nirad.htm#WiFi

Regards,
Christina

On 04/09/2014 01:47 PM, Gogan, James P wrote:
 Well, it's that time of year again, wherein we get the following contact
 from one faculty member or staff member (out of tens of thousands of
 students, faculty and staff):
 
  
 
  I am an adjunct faculty member and I would like to have a meeting with
 someone that is charge of the WiFi system on the UNC-CH campus. I
 believe that there is a significant health risk to all students and
 faculty around this type of radiation. I would like the opportunity to
 bring solid research and professionals before you to present the
 materials.  This cannot be ignored. The liability is too great to all of
 the students and faculty.
 
  
 
 And just like folks that come up with scientific studies that there's
 no climate change and the Earth is 7,000 years old, of course he has
 research links to back his claims.
 
  
 
 Before I go digging out what studies and replies we've used in past
 years when this has come up, I was wondering (a) how many of you also
 have to deal with this and (b) has there been anything more recent in
 terms of research we can point to than what I dug up years ago?
 
  
 
 Thanks in advance
 
  
 
 -- Jim Gogan / ITS Comm Tech
 
 Univ of North Carolina at Chapel Hill
 
  
 
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] How many drops 802.11ac phase 2

[Christina Klam]

Brian,

While we are not planning to move to 802.11ac for a couple of years, we
are indeed running 2 drops per access point in preparation.

Regards,
Christina


-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

[Christina Klam]

All,

We are seeing the exact same issue on some Samsung Galaxy S4 running 4.3.1

Here are the settings on the phone:
CyanogenMod 10.2
Advanced Wifi settings:
Keep Wifi on during sleep: Always
Scanning always available: unchecked
Avoid poor connections: checked
Wifi frequency: auto
Wifi optimization: checked

So the problem is not isolated to IOS nor on 7.6.  We are running 7.3.112.

-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418


On 01/23/2014 10:52 AM, Spurgeon, Charles E wrote:
 An indicator of a failing connection is that once the client is
 associated and gets an IP addr, then it cannot ping the gw addr, but it
 can ping past the gw addr to the Internet.
 
  
 
 When the connection eventually fails, packet capture shows that the
 client loses the ARP entry for the gw addr. Connections may fail in 5 to
 10 minutes and always fail by 20 minutes. As it happens, the ARP cache
 timeout in MacOS is 20 minutes. If you wait another 20 minutes or so,
 the ARP request will succeed and the connection will start working again.
 
  
 
 A TAC case is open, and the wireless BU is working on replicating. One
 possibility is that it might be an issue with how the link aggregated
 channel behaves between the controller and its connection to the router.
 
  
 
 Backing down the WLC code from 7.6 to 7.5 appears to clear up the issue
 in my tests.
 
  
 
 -Charles
 
  
 
 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Mike Albano
 *Sent:* Tuesday, January 21, 2014 2:56 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco
 WLC 7.6.100.0
 
  
 
 Can you perform a packet capture and identify exactly when the failure
 is occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS
 macbook via airport utilities...see
 here: 
 http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os-x
 http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os-x
  ).
 
  
 
 Taking a closer look at the packets, while time consuming, should help
 you get closer to the root cause. TAC will likely want this as well.
 
 -The EDUCAUSE Wireless Issues Constituent Group Listserv
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU wrote: -
 
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 From: Spurgeon, Charles E
 Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
 Date: 01/21/2014 12:13PM
 Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco
 WLC 7.6.100.0
 
 After getting complaints about connectivity drops on both Mabook Pro and
 Macbook Air laptops, I was able to replicate the issue on the 5 GHz
 radio, in either a model 3700 AP or a model 3600 with ac module. No
 issues are seen (connection stays up for 30 minutes of testing) on 5 GHz
 in a model 3500 or on a model 3600 with no ac module.
 
  
 
 To make a stable testbed I created an SSID that was identical to our
 production SSID with the exception of a radio policy of 5GHz only. Next,
 I created an AP group for testing with that SSID, and put the 3600 or
 3700 AP into that group. So the test AP only has one SSID and only on
 the 5GHz radio.
 
  
 
 Once associated with this SSID, the laptop is able to ping its own IP
 addr, but not the gw addr. The laptop will be able to ping an addr on
 the campus or Internet until it stops working, which will happen
 anywhere from 10 to 20 minutes into the test.
 
  
 
 This result also occurs on an MBA with IPv6 disabled.
 
  
 
 So far the test connection eventually fails on a mid-2013 MBA running
 10.9.1 and a mid-2010 MBPro, running either 10.9 or 10.8.5.
 
  
 
 -Charles
 
  
 
 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Tristan Gulyas
 *Sent:* Sunday, January 19, 2014 6:13 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco
 WLC 7.6.100.0
 
  
 
 Hi guys,
 
  
 
 We’re about to start piloting 7.6.100.0 with a variety of clients -
  what’s the best way to test/reproduce this issue?
 
  
 
 Cheers,
 
 Tristan
 
  
 
  
 
  
 
 On 17 Jan 2014, at 9:51 am, Luke Jenkins ljenk...@weber.edu
 mailto:ljenk...@weber.edu wrote:
 
  
 
 We provide native dual stack access for our wireless clients, so
 that could be why we aren't seeing the issue.
 
  
 
 -Luke
 
  
 
 On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman lhbad...@syr.edu
 mailto:lhbad...@syr.edu wrote:
 
 We have found that disabling client-side IPv6  (we also are not
 set up for it) puts an end to most OS X issues. Sometimes is the
 fix for random Win

Eduroam rollout- one more time

[Christina Klam]

Lee,

Option#3

We are just about to broadcast eduroam throughout our campus too.  For
now, we are going with our own branded WPA-2K SSID and eduroam.  With
the cat.eduroam.org's tool, we are able to create a single WPA2K
supplicant profile on all but the Android devices.  So, there should be
little of an inconvenience for our users.  And, as we will only have 3
SSIDs broadcasted in most areas, I am less concerned about management
traffic.


-- 
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

HP and BonJour Part II

[Christina Klam]

All,

The Engine Communication Error for the HP printers re-appeared on
Monday.  HP customer support basically says this is a network issue and
thus we cannot help you.

According to the printer's Wireless Network Test Report, the printer
sees more than one AP with the same SSID which may cause network
issues.  But, this is not really a problem, it is by design.

Any ideas?  For testing, I have one of the printers wired to the same
VLAN as the wireless users.  I am trying to determine if it is a
wireless problem or a density issue on the Bonjour domain. If it is
wireless issue, wiring all the printers will not be a fix as some of the
printers are in areas without jacks.  Does anyone know of an Enterprise
level printer with AirPrint?

On a related note, is there a way to control BonJour domains?  While I
could use VLANs to reduce the number of BonJour devices in a domain, I
am concerned that this will inhibit mobility.  For example, if I create
a VLAN per building or building area, then devices would have to get a
new IP when they move out of the area.  If I create VLANs based upon
user groups, then I will have problems with Bonjour devices that
households share. Within a single apartment, we could have one person
who is Faculty in department X, another a spouse from department Y, and
kids who just want to stream their music to the speakers. While I could
create a Bonjour gateway (avahi) to assist Bonjour to cross VLANs,  I
foresee that becoming a logistical nightmare if I would have to use ACLs
to control who can get to X device but not Y.

Thank you,

Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

On 03/23/2013 12:00 AM, WIRELESS-LAN automatic digest system wrote:
 There is 1 message totalling 34 lines in this issue.
 
 Topics of the day:
 
   1. AirPrint Printing to HP LaserJet 100
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 
 --
 
 Date:Fri, 22 Mar 2013 08:44:12 -0400
 From:Christina Klam ck...@ias.edu
 Subject: AirPrint Printing to HP LaserJet 100
 
 Lee,
 
 Thank you for the url.  However, it does not answer why iPads and
 laptops are not having problems with AirPrinting to the LaserJets but
 iPhones consistently do.  That being said, since writing to the
 listserv, the AirPrint issue on the iPhones has seem to have
 mysteriously disappeared.  : -)
 
 --Christina
 
 Date:Thu, 21 Mar 2013 00:45:06 +
 From:Lee H Badman lhbad...@syr.edu
 Subject: Re: AirPrint Printing to HP LaserJet 100

 http://support.apple.com/kb/ht4356. In case you've not seen it.

 Lee H. Badman
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003

 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 --
 
 End of WIRELESS-LAN Digest - 21 Mar 2013 to 22 Mar 2013 (#2013-54)
 **
 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

[WIRELESS-LAN] AirPrint Printing to HP LaserJet 100

[Christina Klam]

Lee,

Thank you for the url.  However, it does not answer why iPads and
laptops are not having problems with AirPrinting to the LaserJets but
iPhones consistently do.  That being said, since writing to the
listserv, the AirPrint issue on the iPhones has seem to have
mysteriously disappeared.  : -)

--Christina

 Date:Thu, 21 Mar 2013 00:45:06 +
 From:Lee H Badman lhbad...@syr.edu
 Subject: Re: AirPrint Printing to HP LaserJet 100
 
 http://support.apple.com/kb/ht4356. In case you've not seen it.
 
 Lee H. Badman
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003
 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

AirPrint Printing to HP LaserJet 100

[Christina Klam]

Good Evening,

We are having issues with HP LaserJet 100 M175nw printers which we
installed so that people can AirPrint from their iDevices.

Issue 1:  Engine Communication Error
A couple of months ago, the printers started reporting Engine
communication error.  Our initial thought was to remove all unused IPv6
features [SLP, DHCPv6, LLMR] and re-add them one by one to determine the
cause. When we removed all three, the problem went away.  But, after
re-adding all three, the problem still has not re-occurred.  Has anyone
else had seen engine communication errors?  It is hard to tell the
faculty that the problem is fixed, when we do not know what caused it
in the first place. As HP believes this is a network issue, they will
not provide any assistance.

Issue 2:  No AirPrint Printers Found
On iPads and Mac laptops, we can always see and print to the HP LaserJet
100 printers.  However from iPhones, the printers often cannot be found.
 Sometimes, we can see one of the printers but not the other even though
they are connected to the same SSID and on the same AP.  We have tested
with both iOS 6.1.2 and 6.1.3 (the same versions on the iPads).  To
isolate a bluetooth or carrier conflict, we have also tested in Airplane
mode and have gotten the same results.

Thank you for your help,
-- Christina
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless and health issues

[Christina Klam]

As we get requests every semester to remove wireless access points from
apartments and office due to a fear of radiation, I have added this link
to our general computing website:
http://web.princeton.edu/sites/ehs/radiation/nirad.htm

The link is from Princeton University.  We found it to be well
researched and written.
Hope this helps,

http://web.princeton.edu/sites/ehs/radiation/nirad.htm

-- Christina 
Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Point to Point or Point to Multipoint Radio Solutions

[Christina Klam]

Hello,

We are looking into PtP or PtMP solutions to connect our main campus to
a guest house that is less than 1 mile away and another test site that
is 3.7 mi away .  Because of trees, we cannot do a direct line of sight,
but believe we can use a NLOS (near-line-of-sight).  Does anyone have a
recommendation on vendors?  Any caveats? Any first hand data on
reliability when it is snowing or raining?

Thank you in advance for your help,
Christina

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: WiFi Quality Monitoring

[Christina Klam]

 I am glad we are not alone in our experience with performance
degradation over time.I will definitely take a look at 7Signal.  It
appears to do everything I requested.

--Christina


On Fri, Oct 19, 2012 at 8:49 AM, Caston Thomas
ctho...@iworkstech.comwrote:
 Www.7signal.com

 Caston Thomas
 InterWorks
 Sent from my iPhone
 586.530.4981 mobile
 248.608. office



 --

 Date:Fri, 19 Oct 2012 14:32:32 +
 From:Oakes, Carl W oake...@csus.edu
 Subject: Re: WiFi Quality Monitoring

 --_000_D6F8B3141AD63643AF3FA09430CAB5190C0675C6e2k10mbx03sacli_
 Content-Type: text/plain; charset=us-ascii
 Content-Transfer-Encoding: quoted-printable

 We use 7Signal (www.7signal.com) to continually test and compare performanc=
 e against areas of campus.  Neat product, it's been good at detecting issue=
 s, but even more useful in providing good feedback when we make changes to =
 the wireless environment, such as dropping B support, etc.They can do a=
  lot (spectrum analysis, wifi monitoring, etc), but one of the basic featur=
 es is that they act as clients, target specific AP's and test attaching, lo=
 gin in, DHCP and then file and VOIP performance tests.

 (Don't let their Health Care centric web page discourage you... :) )

 - Carl


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiFi Quality Monitoring

[Christina Klam]

Good Morning,

We have noticed that after ~4 months the quality of our Cisco wireless
network sours.  We will get reports of poor wireless quality from users
sitting directly under an access point.  Often the WCS will report users
on the access points with good dBm, but in reality the users can barely
search the web.  (I cannot remember if the average client SNR was looked
at).  The solution is to reboot the access point.  So, we now are now
talking about scheduling a reboot of all access points and controllers
(4400s) every 3 months.  While this may work to keep the problem at bay,
it does not address two related questions.

1.  Why is this happening?  When I mentioned this behavior to a Cisco
TAC, they said they had never heard of this before.   As this has been
our norm through multiple code  and access point upgrades, I cannot
believe this.

2.  What are other schools using to monitor the quality of the wifi?  I
do not mean the rf interference quailty but instead a way to monitor of
how well the access points are passing traffic, signal strength, average
client SNR, etc?

Thank you,

-- Christina
Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

DHCP address assignment required

[Christina Klam]

I have been working with Cisco on an intermittent issue with some
Android devices not being able to get a DHCP address or keep their
connection once they get an IP. At their suggestion, I changed the QoS
to Silver from Gold. That helped. But, as the debugs I sent them show,
some Androids are slow at requesting a new DHCP address. (This is
similar to the problem defined by Princeton University. ) Cisco TAC now
is suggesting I enable, “DHCP address assignment required”. While I like
that it would stop wireless devices from statically assigning themselves
addresses, I am concerned about the caveats to the feature. The
documentation suggests that it can have problems with non-Windows device
(which means most of my clients) and can cause delays when roaming.

Do you have the feature enabled? If so, do you have problems with gaming
systems or mobile phones?

Thank you,

-- Christina
Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Mac wireless USB adapters (5)

[Christina Klam]

Mike,

We purchased some LG-Ericsson USB-1040 wireless USB dual-band adapter for some 
of our faculty who have Macs.We purchased them so I can push some users 
into the 5GHz range in areas of a lot of interference.  Unlike the software for 
the airports, the software for the adapter allows the users to designated the 
2.4 and/or 5 GHz.   

Hope this helps,

Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Android 2.3.4 wifi connectivity issue

[Christina Klam]

 on AP 
 00:1d:70:99:fa:40 from Disassociated to Associated
 
 *apfMsConnTask_0: Oct 26 16:07:39.350: 00:26:ba:55:4d:55 Stopping deletion of 
 Mobile Station: (callerId: 48)
 *apfMsConnTask_0: Oct 26 16:07:39.350: 00:26:ba:55:4d:55 Sending Assoc 
 Response to station on BSSID 00:1d:70:99:fa:40 (status 0) ApVapId 1 Slot 0
 *apfMsConnTask_0: Oct 26 16:07:39.350: 00:26:ba:55:4d:55 apfProcessAssocReq 
 (apf_80211.c:5241) Changing state for mobile 00:26:ba:55:4d:55 on AP 
 00:1d:70:99:fa:40 from Associated to Associated
 
 *pemReceiveTask: Oct 26 16:07:39.357: 00:26:ba:55:4d:55 0.0.0.0 Removed NPU 
 entry.
 *pemReceiveTask: Oct 26 16:07:39.363: 00:26:ba:55:4d:55 0.0.0.0 Added NPU 
 entry of type 9, dtlFlags 0x0
 *pemReceiveTask: Oct 26 16:07:39.369: 00:26:ba:55:4d:55 0.0.0.0 Added NPU 
 entry of type 9, dtlFlags 0x0
 *apfReceiveTask: Oct 26 16:09:39.333: 00:26:ba:55:4d:55 0.0.0.0 DHCP_REQD (7) 
 DHCP Policy timeout. Number of DHCP request 0 from client
 *apfReceiveTask: Oct 26 16:09:39.333: 00:26:ba:55:4d:55 0.0.0.0 DHCP_REQD (7) 
 Pem timed out, Try to delete client in 10 secs.
 *apfReceiveTask: Oct 26 16:09:39.333: 00:26:ba:55:4d:55 Scheduling deletion 
 of Mobile Station:  (callerId: 12) in 10 seconds
 *osapiBsnTimer: Oct 26 16:09:49.333: 00:26:ba:55:4d:55 apfMsExpireCallback 
 (apf_ms.c:608) Expiring Mobile!
 *apfReceiveTask: Oct 26 16:09:49.333: 00:26:ba:55:4d:55 
 apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 
 00:26:ba:55:4d:55 on AP 00:1d:70:99:fa:40 from Associated to Disassociated
 
 *apfReceiveTask: Oct 26 16:09:49.333: 00:26:ba:55:4d:55 Scheduling deletion 
 of Mobile Station:  (callerId: 45) in 10 seconds
 *osapiBsnTimer: Oct 26 16:09:59.334: 00:26:ba:55:4d:55 apfMsExpireCallback 
 (apf_ms.c:608) Expiring Mobile!
 *apfReceiveTask: Oct 26 16:09:59.336: 00:26:ba:55:4d:55 Sent Deauthenticate 
 to mobile on BSSID 00:1d:70:99:fa:40 slot 0(caller apf_ms.c:5094)
 *apfReceiveTask: Oct 26 16:09:59.336: 00:26:ba:55:4d:55 apfMsAssoStateDec
 *apfReceiveTask: Oct 26 16:09:59.336: 00:26:ba:55:4d:55 
 apfMsExpireMobileStation (apf_ms.c:5132) Changing state for mobile 
 00:26:ba:55:4d:55 on AP 00:1d:70:99:fa:40 from Disassociated to Idle
 
 *apfReceiveTask: Oct 26 16:09:59.336: 00:26:ba:55:4d:55 0.0.0.0 DHCP_REQD (7) 
 Deleted mobile LWAPP rule on AP [00:1d:70:99:fa:40]
 *apfReceiveTask: Oct 26 16:09:59.336: 00:26:ba:55:4d:55 Deleting mobile on AP 
 00:1d:70:99:fa:40(0) 
 *pemReceiveTask: Oct 26 16:09:59.341: 00:26:ba:55:4d:55 0.0.0.0 Removed NPU 
 entry.
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv =
 =5Bmailto:WIRELESS-LAN=40LISTSERV.EDUCAUSE.EDU=5D On Behalf Of Marcelo Lew
 Sent: Thursday, October 27, 2011 6:08 PM
 To: WIRELESS-LAN=40LISTSERV.EDUCAUSE.EDU
 Subject: =5BWIRELESS-LAN=5D Android 2.3.4 wifi connectivity issue
 
 I worked on an issue with an HTC running Android 2.3.4 and was wondering =
 if you guys seen something similar.  Seems this version adds a =93WiFi =
 Proxy=94 setting that I have not seen in previous versions.  It was =
 causing the device to stick to an old IP even after enabling / disabling =
 this setting, restarting the phone, flushing user from controller, etc.  =
 It also did not matter if it was an open or secured ssid.  After some =
 tweaking it is working, but still a bit buggy.
 Thanks,
 
 Marcelo
 
 Marcelo Lew
 Wireless Enterprise Administrator
 University Technology Services
 University of Denver
 Desk: (303) 871-6523
 Cell: (303) 669-4217
 Fax:  (303) 871-5900
 Email: mlew=40du.edumailto:mlew=40du.edu
 
 
 =2E ** Participation and subscription information for this =
 EDUCAUSE Constituent Group discussion list can be found at =
 http://www.educause.edu/groups/.
 ** Participation and subscription information for this EDUCAUSE =
 Constituent Group discussion list can be found at =
 http://www.educause.edu/groups/.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 =2E=
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 --
 
 End of WIRELESS-LAN Digest - 26 Oct 2011 to 27 Oct 2011 (#2011-179)
 ***


Regards,
Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: WIRELESS-LAN Digest - 6 Sep 2011 to 7 Sep 2011 (#2011-142)

[Christina Klam]

I realized when the Coverage Hole Report wasn't working but the WLC logs should 
holes, that the databases were not syncing.  This can also explain why the AP 
Authorization was mismatch-ing between the WCS and WLC.   This is our second 
instance of database mismatch since the upgrade of the WLC, by the way.My 
theory is that many of the problems I am seeing are related to the WCS making 
decisions with incorrect information.
 
 I would try setting them to power level 1 and back to auto and see what hap=
 pens. I'd also be curious as to the number of coverage hole events WCS is r=
 eporting (RRM page), or if you event log shows for the reason for power cha=
 nges (either up or down).=20
Thanks.I will check the WLC logs for the reason.  Many of the APs with 
power level of 2 are in buildings with no additional APs post the upgrade.  
 
 The question comes down to this: Are the trouble tickets complaining becaus=
 e of the number of bars, or because there is an actual performance connecti=
 vity problem?
Actual performance connectivity.  Plus, our DHCP logs show most of the clients 
are requesting an IP every few minutes even though we give out week-long leases 
 I am going through the logs to verify that this behavior began after the 
upgrade.
 
 
I have a ticket open with TAC in case I caught a bug.

Thank you,
Christina

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: WIRELESS-LAN Digest - 2 Sep 2011 to 6 Sep 2011 (#2011-141)

[Christina Klam]

Jeff,

It is interesting that you mention the Coverage Hole Detection.  As soon as I 
upgraded, the report no longer works.   When I run the report, I receive the 
message, The specified criteria did not match any data for the report.  I was 
planning to open a ticket with TAC about this because I already have Enable 
Coverage Hole Detection selected for each of my WLANs.

Regards,
Christina

On Sep 7, 2011, at 12:00 AM, WIRELESS-LAN automatic digest system wrote:

 Date:Tue, 6 Sep 2011 11:19:02 -0700
 From:Jeffrey Sessler j...@scrippscollege.edu
 Subject: Re: Signal variability after upgrade to 7.0.116
 
 Bob,
 
 Is TPC running? That is, set to automatic or fixed?=20
 
 More importantly, under Coverage is Enable Coverage Hole Detection =
 enabled? This is required so that the controllers can detect holes in =
 coverage and boost power levels to compensate.
 
 Jeff
 
 
 Bob Richman robert.b.richma...@nd.edu 9/6/2011 8:53 AM 
 We have been watching this and feel we are in the same boat as everyone =
 else. I did change the power threshold to -50dBm on one of our sample =
 controllers, but have not seen any difference occur. Anyone have any news =
 on this?
 
 Thanks, Bob Richman


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: Signal variability after upgrade to 7.0.116

[Christina Klam]

Upgrade Path:
We upgraded from 4.X to 7.0.116.  

TX power:
As you all mentioned, I went from having 98% of all APs running at power level 
1 before the upgrade to just 55.5% of our b/g and 90% of our a after the 
upgrade.  (We are running a mix of b/g, n, and a.)   I also looked at the APs 
in the areas of the reported connectivity and performance issues and they are 
all using 1131s with TX power of 1.  But, I did notice that the channels 
changing over the course of a week.  This is an anomaly  in our environment.  

As planned this summer, I will continue to rollout new APs in these areas.

As a tangent,  I was hoping to contain a b-only clients in a separate SSID or 
VLAN.  How do  others deal with B clients?  I did a report and found that we 
have at least five b-connections a week.  In our environment, that is small but 
not statistically insignificant.

Thank you everyone.  

Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Signal variability after upgrade to 7.0.116

[Christina Klam]

After we upgraded our WLCs to 7.0.116.0, we received reports that people's 
wireless signal strength has decreased or has been fluctuating.Any ideas as 
to why this may have happened?  While I already planned to add more APs in 
those areas a part of a 802.11n rollout, I would like a better understanding of 
the why the upgrade would have affected the APs in this way.

Thank you,   
Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: WIRELESS-LAN Digest - 3 Dec 2010 to 6 Dec 2010 (#2010-187)

[Christina Klam]

2. Mount hidden or in plain view in dorms? (3)


You might try ceiling tile enclosures.
http://www.terra-wave.com/shop/mimo-ceiling-enclosures-mimo-ceiling-tile-enclosures-c-1_23_24_25.html
 They work with Cisco and Aruba APs.

Christina Klam
Network Administrator
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

On 12/7/2010 12:00 AM, WIRELESS-LAN automatic digest system wrote:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

attachment: cklam.vcf