Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and validation

[Coehoorn, Joel]

In the recent past, I've defined good (at least: acceptable) wifi as when a
single device can maintain sustained throughput of 25Mbps downstream under
typical conditions with no undue additional latency: enough for a Netflix
to serve 4K Ultra HDR video. Less than that and other services like game
downloads and FaceTime can start to suffer as well, and more than that
isn't really useful... even a person watching the video and doing something
else on the same device is either no longer paying enough attention to the
movie to notice when Netflix downgrades the video quality or doesn't mind
that whatever they downloaded in the background took a little longer,
because they were watching a movie. A device can multitask effectively, but
a person's attention is finite.

I like thinking this way rather than in terms of things like signal
strength because it helps keep me focused on results. Obviously signal
strength has a lot to do meeting that goal everywhere, as does radio
placement and configuration, etc. But this also gives me permission to miss
a goal at the end of a hallway, if I can see connections are still good
enough for functional use. Obviously we can meet this goal without
provisioning 25Mbps of bandwidth for every device, and in most places
meeting this objective everywhere means the vast majority of locations you
can do **MUCH** better most of the time.

One challenge here is the "typical conditions" part of the definition,
because that changes every year. Going forward, I also need to think more
about this in terms of upstream bandwidth, too, as covid has taken the
already-common two-way video chat services and kicked it up a notch or
three.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Sep 23, 2021 at 6:17 PM Oliver, Jeff  wrote:

> Hey Dave,
>
>
>
> And a follow up question would be ‘what makes it bad?’
>
>
>
> We have had wifi blues during semester startup a number of times over the
> years. Some have been coverage related, some have been throughput related,
> some have been router/DHCP related, and we have even had some that were
> protocol related. Really depends on what your complaints are and what
> they point to…
>
>
>
> Having the right tools to validate or invalidate concerns are important
> whether they be vendor supplied or 3rd party.
>
>
>
>
>
> Cheers,
>
> Jeff
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Kushner, Jeff
> *Sent:* September 23, 2021 3:13 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> Caution: This email was sent from someone *outside of the University of
> Lethbridge*. Do not click on links or open attachments unless you know
> they are safe. Suspicious emails should be forwarded to phish...@uleth.ca.
>
>
>
> It is interesting, when I started doing wireless almost 20 years ago,
> before lightweight really existed, wireless was always positioned as a best
> effort and wired was definitely the way to go if a reliable connection was
> required. Today, wireless has become a replacement for wired in many
> locations, but our success is almost our downfall, the proliferation of
> wireless devices and interferers makes the delivery of quality wireless
> connections a constant battle. Not to mention the wide variety of client
> devices. And lets not even mention the manufacturers and issues with the
> firmware and software. I guess we can call all the aggravation a form of
> job security.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Thursday, September 23, 2021 5:02 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wi-Fi expectations/service levels and
> validation
>
>
>
> *Message sent from a system outside of UConn.*
>
>
>
> The jury is still out on whether there is such a thing as good WI-Fi..
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *LaPorte, David
> *Sent:* Thursday, September 23, 2021 4:33 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Wi-Fi expectations/service levels and validation
>
>
>
> Hi All,
>
>
>
> Coming out of a very rough fall semester start that left many of our users
> suffering with “bad” Wi-Fi, we’ve since (understandably) been asked what
> constitutes “good” Wi-Fi.  We have not previously published information to
> our community on what they should expect or on how they can validate those
> expectations.  Does anyone have any knowledge articles or links they could
> share?
>
>
>
> Thanks!
> Dave
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward 

Re: [WIRELESS-LAN] [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

[Coehoorn, Joel]

I remember a lot of us had to do this when Disney+ first launched, as well.
If you're using NAT to put many students behind the same IP (as I suspect
most of us are on the IPv4 range, at least), they'll see too many accounts
coming from the same IP and assume some form of foul play.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 17, 2021 at 10:41 AM Muraca, Peppino P. 
wrote:

> Hi Jon, thank you for this info I will be sending them an email!
>
>
>
> Again Thank you very much !
>
>
>
> Pino
>
>
>
> Peppino Muraca
>
> Manager of Network Services
>
> Stonehill College
>
> W:508-565-1193
>
> C:508-243-5910
>
> pmur...@stonehill.edu
>
>
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jon Young
> *Sent:* Friday, September 17, 2021 10:37 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXT]: Re: [WIRELESS-LAN] Amazon prime video error (Your
> device is connected to the internet using a VPN or proxy service)
>
>
>
> There have been several threads over this on the NANOG list with a sudden
> uptick in this issue for several of the streaming services.  My takeaway
> from the posts is that amazon has been easier to deal with than some other
> others (.e.g., Disney+) and that the best contact to resolve this for
> amazon prime is n...@geoguard.com as geoguard is apparently the prime
> (sorry, couldn't resist) source for amazon.  The website
> https://thebrotherswisp.com/index.php/geo-and-vpn/
> 
> was also referenced as a good source of contacts for several of the
> providers.
>
>
>
> Jon Young
>
> Vantage TCG
>
>
>
> On Fri, Sep 17, 2021 at 10:06 AM Jeffrey D. Sessler <
> j...@scrippscollege.edu> wrote:
>
> If you aren’t blocking P2P anonymizer clients, where user devices are
> endpoints for folks in other regions, Amazon and others may blacklist your
> IP range.  These clients may show up with students from other countries, or
> students who have returned from being abroad.
>
>
>
> If you have something like Cisco’s Umbrella, they have an entire
> anonymizer category you can block, but to be 100% effective, you need to
> block external DNS access so that is harder to circumvent.
>
>
>
> Jeff
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Date: *Friday, September 17, 2021 at 6:17 AM
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
> You don't often get email from pmur...@stonehill.edu. Learn why this is
> important 
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.)
> we have called Amazon and they told us to contact our ISP . We only see
> this on our wireless networks. Talking with our ISP it seems this is
> happening more and more and what basically has happened is out NAT ip’s for
> out wireless have been black listed and now we have to remove our selves
> from these lists. Has anyone else come across this yet ? if so how
> successful has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Wireless Scanning Apps

[Coehoorn, Joel]

You used to be able to do this via iOS, but Apple locked those apps out
sometime around 2011/2012 for using "undocumented APIs".

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Sep 3, 2021 at 1:54 PM Turpin, Max  wrote:

> Aruba Utilities is great. I wish they had it for iOS.
>
> On Sep 3, 2021, at 2:53 PM, Tim Cantin  wrote:
>
> 
> WiFi Analyzer, which also has an inexpensive pro version (totally worth it)
>
> On Fri, Sep 3, 2021 at 2:51 PM Hales, David  wrote:
>
>> I was wondering if anyone had any free wireless scanning apps for Android
>> that they currently like?  Just something free and simple you can use to
>> check signal strength, SSIDs and BSSIDs around you when out in the field?
>> I always end up with a different one each time I replace my phone and was
>> about to poke around the Play store again.
>>
>>
>>
>> *David Hales*
>>
>> *Network Systems Administrator*
>>
>>
>>
>> Information Technology Services
>>
>> Tennessee Tech University
>>
>> 1010 N. Peachtree Av., CLEM117
>>
>> Cookeville, TN 38505
>>
>> *P:* 931-372-3983
>>
>> *E: *dha...@tntech.edu
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WPA3/OWE as campus solution?

[Coehoorn, Joel]

One other thing to keep in mind when considering an open access environment
is it's only the default and doesn't have to be the final word. If you see
a suspicious or malicious device, you can still force it back behind a
captive portal to get or re-up whatever user info you want before granting
(or not) access again, even on an otherwise open network.

Making people register a device or authenticate a captive portal doesn't
stop bad people, infected devices, stolen credentials, etc, from coming to
your network, so we need to be prepared to do this anyway.

The *only* place an open network leaves us hanging is the one-time event,
where someone does a Bad Thing™ and then never comes back. Even then, for
lesser events if they never come back it's not so much of a problem. But
for those greater events we hope never happen, not being able to say, "It
was him, and here are the logs to prove it." can be pretty scary.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Apr 22, 2021 at 2:47 PM Floyd, Brad  wrote:

> We as IT people can discuss the merits of captive portal / no captive
> portal, authentication / reasonably knowing if a device is doing something
> bad, etc. We are asked all of the time what our recommendations are in
> these circumstances and we should weigh in with our opinions. However, it
> seems like this discussion comes down to two questions that we should be
> asking our organization’s legal team / advisors:
>
>
>
>1. If I make this “XYZ decision in providing / maintaining our
>infrastructure”, am I considered to have legally exercised “due diligence”?
>2. If I implement the decision in #1, are you (as the legal team) able
>to reasonably defend the organization against likely legal challenges?
>
>
>
> Every organization has different pain levels and will likely make a
> decision based on those factors. Just my 2 cents.
>
> Thanks,
>
> Brad
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Thursday, April 22, 2021 2:04 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution?
>
>
>
> *[EXTERNAL SENDER]*
>
> For sure, my lens is based on California law, however, the federal Fair
> Labor Standards Act and state overtime and wage payment laws also come into
> play here.  Since nonexempt (hourly) workers have ready access to the
> technology, they will be in a position to respond to e-mails and text
> messages or to otherwise engage in work activities outside their scheduled
> work hours. Even if you don’t reimburse for the use of the personal device,
> there is the wage exposure of having to compensate those nonexempt
> employees because checking their work email is – well – working.   When we
> rolled out DUO, we had to offer all employees a token, and they signed a
> waiver if they wanted to use the DUO app on their personal phone for their
> convenience.
>
>
>
> On the eDiscovery/litigation front, it can be difficult/impossible to
> ensure that business records stored on an employee’s personal device are
> retained long enough to satisfy discovery requests.  There are also risks
> should that data not be available, and presents a whole other quagmire in
> the BYOD movement that is beyond this conversation.
>
>
>
> Jeff
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Thursday, April 22, 2021 10:54 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] WPA3/OWE as campus solution?
>
>
>
> Jeff,
>
>
>
> It makes sense that you think this is settled law, because in California
> it is settled law.  I don’t recall all the details, but I was on a team
> involved with considering mobile device policies for Penn State, and we
> discussed a case in California around 2014/2015 that clarified California
> labor law.  The law required that employers reimburse employees for
> expenses, but said nothing about how those expenses should be calculated.
> Some employers decided they only needed to reimburse marginal expenses, but
> the court decision said that’s not the case.  So if you’re required to use
> your device for work in California you’re entitled to reimbursement of some
> kind.  As I recall, no specific reimbursement formula was recommended by
> the court in that case.  I assume there’s been some standardization since,
> even if only de facto.
>
>
>
> That, however, was a California court interpreting California law.  Our
> institution considered that ruling and concluded that Pennsylvania law was
> different and that we could discontinue our stipend and require certain
> employees to provide and use their own phones for work communications.  In
> the end, we stopped the stipend, but never implemented the mandate.  I was
> never informed precisely why we stopped short of the 

Re: [WIRELESS-LAN] [Ext] Re: [WIRELESS-LAN] Papercut Mobility-print and Enterprise mDNS

[Coehoorn, Joel]

Another DNS zone here.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Fri, Mar 19, 2021 at 2:49 PM Biggs, Nathanael 
wrote:

> We use DNS (not mDNS) for this as well. It was a bit of a pain to set up
> if my memory serves, but it has been solid since then. There is a lot of
> good documentation available from PaperCut to help you confirm the DNS
> records are correct, too.
>
> On Fri, Mar 19, 2021, 3:14 PM Tony Skalski <
> 0057dcfe0332-dmarc-requ...@listserv.educause.edu> wrote:
>
>> We've had it running since it was released. We don't use mDNS however.
>> The DNS config was not quite working for the few weeks of its life, but
>> this was straightened out quickly and has been solid since. We run BIND on
>> our name servers with a zone that forwards the discovery requests to our
>> mobility print server. This works on all networks, wired and wireless.
>> Personally I have never had much luck with enterprise mDNS (I'm looking at
>> you AirGroup).
>>
>> ajs
>>
>> On Fri, Mar 19, 2021 at 2:04 PM Michael Davis  wrote:
>>
>>> We are an Aruba shop, but I'm curious about any campus WiFi deployments
>>> using
>>> Papercut Mobility-print.
>>>
>>> We've recently started looking at the mobility-print feature of
>>> Papercut.  We have it
>>> working in some small and testing deployments, but we're having
>>> difficulty getting
>>> Android and Windows clients (using the papercut app) to see the Papercut
>>> server.
>>> Those same clients can see other mDNS printers on the wireless network,
>>> but not
>>> the Papercut server.
>>>
>>> If anyone has it working with Android/Windows and maybe added any
>>> service types
>>> to make it happen, I'd love to hear from you.
>>>
>>> https://www.papercut.com/products/free-software/mobility-print/
>>>
>>> thanks
>>> mike
>>>
>>> **
>>> Replies to EDUCAUSE Community Group emails are sent to the entire
>>> community list. If you want to reply only to the person who sent the
>>> message, copy and paste their email address and forward the email reply.
>>> Additional participation and subscription information can be found at
>>> https://www.educause.edu/community
>>>
>>
>>
>> --
>> *Tony Skalski*
>> System Administrator | IT
>>
>> *Office: *507-786-3227 <(507)786-3227>
>> 1510 St. Olaf Avenue Northfield, MN 55057
>> stolaf.edu
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Outdoor WLANs?

[Coehoorn, Joel]

We don't have dedicated outdoor APs, but purposefully designed our indoor
coverage to be less-efficient than was needful, placing APs to deliberately
cover outdoor spaces near building entrances and common gathering areas via
bleed-through. It's worked well, but we're a small campus in place that
gets pretty cold for much of the school year. If we were larger, or had
more outdoor activities for more of the year, we might have done this
differently. We also only have a single .1x SSID and a single open guest
SSID. The .1x network spans several vlans, but vlan assignment is sticky to
the individual, so it's the same network for all their devices as they move
around campus.

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Thu, Feb 18, 2021 at 6:02 PM Michael Usher <
010ef28e43bf-dmarc-requ...@listserv.educause.edu> wrote:

> We broadcast the same SSIDs outdoors as indoors but we have different RF
> Profiles outdoors (allows lower data rates).
>
> For campus buildings, it's eduroam (our main service) plus Guest.
>
> For dorms, we have a ResWiFi and Guest.
>
> We keep eduroam and Guest in one IP range, but we do segment our Dorm
> networks by college area.
>
> One big reason for using the same SSID indoors / outdoors is to keep the
> outdoor clients separated so as not to burn airtime on indoor APs,
> degrading service for indoor users.
>
> On Thu, Feb 18, 2021 at 3:38 PM Richie Penuela 
> wrote:
>
>> Our standard WLANs in our University are secured network, guest, and
>> eduroam. We broadcast the same SSIDS both indoors and outdoors for the
>> mentioned reason of a seamless experience and there will be times that both
>> will bleed over the other. We have specific WLANs and SSIDs for outside
>> vendors since we wanted to segment those outside our secured/academic
>> network.
>>
>>
>>
>> -Respectfully,
>>
>>
>>
>> *[image: signature_1584035786]*
>>
>> Wireless Network Architect
>>
>> *UCF **IT Telecommunications*
>>
>> University of Central Florida
>>
>> *richie.penu...@ucf.edu *
>>
>> *it.ucf.edu *
>>
>>
>>
>> *Please note:* Florida has a very broad open records law (F.S. 119).
>> Emails may be subject to public disclosure.
>>
>>
>>
>> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Mike Atkins <
>> matk...@nd.edu>
>> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Date: *Thursday, February 18, 2021 at 5:54 PM
>> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Subject: *[WIRELESS-LAN] Outdoor WLANs?
>>
>>
>>
>> For those of you running outdoor Wi-Fi covering public space, do you
>> broadcast the same WLANs as in building?  Do you have a specific strategy
>> for why or why not?
>>
>>
>>
>>
>>
>>
>>
>> TLDR:
>>
>> Being a Northern Indiana campus, the demand for outdoor Wi-Fi during the
>> school year has been fairly low.  Last year has changed this for all of
>> us.  We face the same challenges as everyone else with cost/aesthetics vs
>> return on investment.  We are looking to provide some legit coverage this
>> year and get out of the "temporary" outdoor setups.  We are a two SSID
>> campus with eduroam being our dot1X secure network and ND-guest being open
>> unauthenticated Internet access only "guest" network. The question came up
>> out of a discussion related to ensuring performance for
>> faculty/staff/students in the public outdoor spaces but my other concern is
>> for our Information Security group.  An open guest network might be okay in
>> a building where we can track your device down fairly quickly but outdoors
>> might complicate this.  I think the campus user expectation is both
>> SSID's everywhere.  Trying to get some thoughts from around the block.
>>
>>
>>
>>
>>
>> --
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *Mike Atkins *
>>
>> Infrastructure Architect
>>
>> Office of Information Technology
>>
>> University of Notre Dame
>>
>> Phone: 574-631-7210
>>
>>
>>
>>
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>> 
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and 

Re: [WIRELESS-LAN] Issues with Zoom in Res Halls

[Coehoorn, Joel]

One thing to remember is Zoom is bi-directional hi-def streaming video.
Literally NOTHING is harder on your wifi and WAN connection, except maybe
certain low-latency online games (these tend to need more bi-directional
packets, but less bandwidth)

Back last Spring, when the whole remote thing really got started, I had the
discussion with our leadership about whether our network could handle such
traffic. I considered three scenarios: 1) Around 10% of students still on
campus, but attending virtually due to self isolation or quarantine. 2) At
most 50% on campus attending virtually if we had to do an alternating days
type model (this never actually happened).  And  3) 100% remote, where
students are NOT generally on campus, so it's faculty using the network
resources. Given those scenarios, I was confident we would be okay for 1
and 3, and made a few calls about #2 in case we needed to quickly adjust
bandwidth or coverage.

Today, we've so far received the first 5 inches of snow out of an expected
12, and last night the provost declared classes would be 100% virtual for
the storm. This goes beyond any of those scenarios, and our network is
being tested. I'm seeing more drops/retries, but not to the level things
are being disrupted. Crossing my fingers it holds up, but I won't be
surprised to hear complaints later, either. This isn't bad; it's the
natural result of pushing the edge of what the network is designed for. It
means I did my job well. The network can handle normal to large loads, and
for the truly exceptional events provides basic service for the 90%. Of
course 100% would be better, but spending those resources for a once a
century event seems wasteful (until you're sitting in the middle of one).

Joel Coehoorn
Director of Information Technology
York College of Nebraska


On Mon, Jan 25, 2021 at 11:13 AM Jeffrey D. Sessler 
wrote:

> There was mention of a bug in one of the code bases (maybe 8.5) that could
> cause this, but there was updated code for it.
>
> Also, go have a look at the events for the AP's in question.  We had a few
> reports of call pauses/lags, and with the Zoom diagnostic data from the
> meeting details in-hand, we correlated it to the client's connected AP
> switching channels because of RRM/Interference.
>
> If you're not familiar with the Zoom client/meeting data, ask your Zoom
> admin to give you access to the dashboard. For live and past meetings you
> can see a wealth of information on what the client is up to and how it is
> performing.
>
> Jeff
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Charles Rumford
> Sent: Friday, January 22, 2021 7:22 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] Issues with Zoom in Res Halls
>
> Hey -
>
> We have started getting reports of issues with Zoom calls in our Res
> Halls. Most of the complaints have been around multiple drops during calls
> or lagging calls.
> Our res halls are currently only at 40-50% capacity if that.
>
> I was curious if anyone else has been seeing any issues with an increase
> of Zoom calls from on campus students.
>
>
> --
> Charles Rumford (he/his/him)
> IT Architect
> ISC Tech Services
> University of Pennsylvania
> OpenPGP Key ID: 0xF3D8215A
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] XPS 15 Laptop - Killer Networking NIC Experience

[Coehoorn, Joel]

IIRC, Killer is owned by Intel now, and it's supposed to be a high-end
consumer line. The issue is, because it's more of a boutique product, the
drivers aren't just there already in Windows.

On Fri, Jul 17, 2020, 12:49 PM Johnson, Christopher 
wrote:

> Good Afternoon everyone,
>
>
>
> Curious what everyone’s experience has been with the “Killer Networking  -
> https://support.killernetworking.com/” NICs – probably not the best name
> for a product? Which seemed to have been included with the Dell XPS 15
> laptop? If they’re as “stay far away from” as a couple forum posts I’ve
> seen – where Dell was just flat out been replacing them under warranty with
> Intel 8265 NICs -
> https://www.dell.com/community/Laptops-General-Read-Only/XPS-15-9560-Killer-Wireless-killing-my-network/td-p/5095933
>
> I’m not looking at replacing them. One of the staff members on campus
> mentioned this issue to me (issues at home and on-campus) – latest drivers,
> etc. Trying to determine if recommending an alternate card preferable – or
> tweaking some of the driver sets might be best.
>
> *Christopher Johnson*
> Wireless Network Engineer
> Office of Technology Solutions | Illinois State University
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Pod-style Residence Halls

[Coehoorn, Joel]

I did not recommend continuing port-per-pillow deployments the last time I
reviewed a residence. However, in addition to wireless coverage, I did push
to provide wired ports for common/TV spaces in the residences. This
provides flexibility for future changes, as well as a way to help offload
some of what tend to be the heaviest-use devices from the wireless spectrum
and thereby improve wifi performance. So a pod community for, say, 16
students might still need several APs to ensure consistent 5Ghz coverage,
depending on construction and wall placements, but might only have 2 wired
network drops for use by students.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Tue, Feb 25, 2020 at 1:10 PM Mallon, Jason  wrote:

> Chintan,
> All of our older dorms are wired currently wired, and are both pod-style
> and apartment.  These all have wires in them.  The newer dorms all of which
> have been pod-style are wireless only.  New construction we are using
> ceiling mount APs like the 1815i or 2802.  In the older dorms that we have
> to upgrade, we will be using the hospitality units (1815w).  We have them
> deployed in a couple dorms now and the coverage has been great.  We are
> also removing the hard lines in the older dorms and going to wireless
> only.
>
> Thanks,
> Jason Mallon | Network Engineer III
>
> OIT
> The University of Alabama  jemal...@ua.edu
>
>
> On 2/25/20, 10:46 AM, "The EDUCAUSE Wireless Issues Community Group
> Listserv on behalf of Chintan Patel"  on behalf of chintan.pa...@colostate.edu> wrote:
>
> Morning,
>
> We are in process of building new residence halls (3 buildings) with
> Pod-style rooms. Pod-style concept is new to us and I wanted some feedback
> from anyone who currently has these living spaces. I will be leading the
> Network and Wireless planning for the residence halls.
>
> Below are couple of my questions:
>
> 1. In Pod-style rooms - are you providing hard-wired data?
> 2. Wireless planning - any issues and/or challenges in wireless
> coverage? We currently use Aruba. Are you using "H" style hospitality WAPs?
>
> If you have any additional feedback and/or are willing to share the
> good, bad.. etc - please send me an email.
>
> Thanks,
>
> Chintan Patel
> Network/Systems Team
> Colorado State University - Housing and Dining Services
> Ph:970-491-1041
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Ex: Re: [WIRELESS-LAN] neighbors 'jamming' 2.4GHz spectrum

[Coehoorn, Joel]

>  "legal to prohibit the use of interfering devices ... by campus
community members who are contractually bound to campus policy."

I don't know about that. The enforcement example that stands out to me is
Marriott was not allowed to use the fine print when you get a room to
prohibit hot spots, interfering or not, and they paid a hefty fine because
of it.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Wed, Jan 29, 2020 at 8:33 AM Hall, Rand  wrote:

> I am not a lawyer nor a law enforcement officer so I encourage people to
> consult one for situations like this.
>
> That said, experience suggests to me that it would indeed be legal to
> prohibit the use of interfering devices on campus (network connected or
> not) by campus community members who are contractually bound to campus
> policy. Similar examples on most campuses would include tobacco and
> marijuana use and possessing weapons of various sorts.
>
> Rand
>
> Rand P. Hall
> Director, Network Services askIT!
> Merrimack College
> 978-837-3532
> rand.h...@merrimack.edu
>
> If I had an hour to save the world, I would spend 55 minutes defining the
> problem and five minutes finding solutions. – Einstein
>
>
> On Tue, Jan 28, 2020 at 7:08 PM Paul B. Henson  wrote:
>
>> On Tue, Jan 28, 2020 at 06:02:01PM +, David Pifer wrote:
>> > We have a standard as follows “Personal wireless access points,
>> > network switches, and routers are not permitted on campus as they can
>> > interfere with the functioning of the campus network.”
>>
>> Hmm... By this do you mean "are not permitted to be connected to the
>> campus network"? Cause if somebody's got a wifi router connected to a
>> cell phone data network you can't legally tell them they can't use it...
>> Whether it's on the same channel as your wifi or not.
>>
>> --
>> Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
>> Operating Systems and Network Analyst  |  hen...@cpp.edu
>> California State Polytechnic University  |  Pomona CA 91768
>>
>> **
>> Replies to EDUCAUSE Community Group emails are sent to the entire
>> community list. If you want to reply only to the person who sent the
>> message, copy and paste their email address and forward the email reply.
>> Additional participation and subscription information can be found at
>> https://www.educause.edu/community
>>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Coehoorn, Joel]

> "To me, 11ax APs shouldn't even be on the Enterprise market yet."

I 100% agree with that sentiment.

At the same time, I can imagine the response an Aruba or Cisco would get
for waiting to offer those access points. Even offering the AP alongside
official guidance to disable the feature would leave them in a bad place.

The problem is our network teams are now the ones left holding the potato.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Fri, Jan 10, 2020 at 10:16 AM Lee H Badman <
00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:

> Hi Norman,
>
> To me, 11ax APs shouldn't even be on the Enterprise market yet. I know
> that doesn't touch your question, and we all have our own "you do what you
> gotta do" realities.
>
> Thanks for reading through that long post.
>
> -Lee
>
> Lee Badman | Network Architect (CWNE#200)
> Information Technology Services
> (NDD Group)
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
> SYRACUSE UNIVERSITY
> syr.edu
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Norman Elton
> Sent: Friday, January 10, 2020 10:10 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?
>
> I agree with 100% of that. But here's a question ...
>
> >> I absolutely will not sacrifice an otherwise sound WLAN by tweaking
> >> configs or code upgradin for some small minority of poorly designed
> >> or suddenly misbehaving clients that can be fixed from the client
> >> side
>
> What about Intel's AX driver bugs? I absolutely hate the idea of disabling
> AX to support a few clients. But how many people are telling their helpdesk
> to upgrade drivers on whatever BYOD laptop shows up?
> What about a conference with 200 laptops that suddenly finds that half are
> unsupported?
>
> But, once it's disabled, will we ever re-enable AX? It's easy to say that
> we'll disable it "short term", but we know those drivers won't magically
> update themselves. We could be looking at crippling our wireless
> indefinitely :-/.
>
> Our current AX test environment has it turned off on the 2.4 radio, so
> that at least those users can connect someplace. Leave 5 GHz for those that
> can support AX. I don't like the compromise, but the alternative ("hey
> we're trying out a brand new wireless network that won't work for random
> people") is equally unappetizing.
>
> Sigh.
>
> Norman Elton
> William & Mary
>
> On Fri, Jan 10, 2020 at 9:36 AM Lee H Badman <
> 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
> >
> > I know a lot of people are likely following along, so I’ll throw one
> more rant nugget out there (and this is not meant to distract from Ryan’s
> original question):
> >
> >
> >
> > Over the many years I’ve been doing this, I have found that MOST
> problems on a healthy, well-designed wireless network are absolutely
> client-related. Even on the likes of Active Directory managed PCs where the
> assumption is that Windows updates make everything fine. These updates
> don’t tend to touch WLAN adapter, BIOS, and chipset drivers which are often
> the root cause of wireless issues.
> >
> >
> >
> > Then there is the fallacy that the latest Intel/Broadcom driver is the
> “best”. Sometimes you have to use an older one on a specific model PC or
> NIC- especially where you are doing 802.1X. The whole effect is greatly
> magnified in the BYOD world that many of us live in with endless mainstream
> and not so mainstream client OS’s. Is it the WLAN vendor’s job to make up
> for all the goofy, ill-designed crap that’s out there? (Talking myself back
> from the ledge here, before I go off on the Wi-Fi Alliance). This situation
> sucks largely, and we’re stuck with it so we have to manage as best as we
> can.
> >
> >
> >
> > Then there are the optional features- for example, I’ve seen band
> > steering make life tough for Windows PCs seemingly out of the blue.
> > Except it wasn’t out of the blue- it was after Windows’ Patch Tuesday.
> > In this case, disabling long-enabled band steering “fixed” the problem
> > of users having wireless connectivity but not getting anywhere and
> > losing massive amounts of pings. BTW… band-steering is not part of the
> > 802.11 standard. Where does “fault” lie in this situation? Microsoft?
> > The WLAN adapter/driver vendor? The WLAN vendor? Me? It’s messy as
> > hell at times, given that “standards” are often a big fat lie when it
> > comes to wireless in my opinion. Disagree? I’ll fight ya J
> >
> >
> >
> > So… my premise is that MOST of the time the clients are the issue. And
> for 

Re: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13

[Coehoorn, Joel]

Bypassing icloud.com and gstatic.com open up some pretty big holes  :/


Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Thu, Nov 14, 2019 at 9:02 AM Christina Klam  wrote:

> All,
>
> We were able to resolve this issue by NOT sending the following domains
> through our web proxy servers.
>
> *.icloud.com
> *.apple.com
> *.google.com
> *.gmail.com
> *.googleapis.com
> *.gstatic.com
> *.yahoo.com
>
>
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> 1 Einstein Dr
> Princeton, NJ 08540
> +1 609-734-8154
> ck...@ias.edu
>
>
> --
> *From: *"C. Klam" 
> *To: *"The EDUCAUSE Wireless Issues Community Group Listserv" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Sent: *Wednesday, November 13, 2019 4:23:22 PM
> *Subject: *[WIRELESS-LAN] Mail to gmail and yahoo stopped working after
> IOS 13
>
> All,
>
> Has anyone experienced this issue and have a solution?  With IOS 13,
> people are no longer able to send or receive emails from google or yahoo
> through the Mail app.  If they try accessing gmail or yahoo mail through
> the specifically branded app or a web browser, everything is fine.We
> have narrowed down the issue even further.  The problem only happens when
> the iPhone is using a proxy server.   We even tried bypassing the proxy all
> together for p*-mailws.icloud.com, but that has not helped.
>
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> 1 Einstein Dr
> Princeton, NJ 08540
> +1 609-734-8154
> ck...@ias.edu
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] Password reset/change guidance

[Coehoorn, Joel]

I'd love to "stand up an onboarding system", but so far the cost has been
far too much for us relative to the user experience.

The UX hasn't been there because the better options want to use sms and 2
of the top 5 cellular carriers have poor coverage on our campus. We can
help students and employees work past that, but it makes us unwelcoming to
too many guests.

With this limitation, I don't see anything better than 1x at the moment.

On Wed, Nov 6, 2019, 12:04 PM Sweetser, Frank E.  wrote:

> Personally, I'm a big fan of leveraging certificates for wireless
> authentication.  It completely decouples the username and password once
> you're past the provisioning process, but you can still tie your RADIUS
> server into AD to reject people with locked out accounts if you want.
> Machines on a domain can leverage ADCS, but for BYOD devices you'll need to
> stand up an onboarding system, like SecureW2 or Clearpass.
>
> For setup, we have an open SSID that's dual purposed with guest logins,
> but also allows access to our onboarding system.  This allows users to do
> it completely self service.
>
> Frank Sweetser
> Director of Network Operations
> Worcester Polytechnic Institute
> "For every problem, there is a solution that is simple, elegant, and
> wrong." - HL Mencken
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Kovich Greg <
> greg.kov...@al-enterprise.com>
> *Sent:* Wednesday, November 6, 2019 8:41 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [EXT] [WIRELESS-LAN] Password reset/change guidance
>
> Hello WLAN Community,
>
> A customer of ours has been using a captive portal to authenticate
> students to WiFi (Alcatel-Lucent branded Aruba gear).
> When a student forgets or does not reset their password there is a link on
> the CP to accomplish that… unfortunately, there have been problems with the
> variety of  student device browsers, so they are considering a move to
> 802.1X authentication in the hope that this smooths out the student
> experience.
>
> What best practice advice do you have for students to deal with password
> changes/resets when they can’t connect to the campus WiFi?
>
> Thank you for any guidance you can provide!!
> Sincerely,
> Greg
>
> ---
>
> Greg Kovich
> Director, North America Education Sales
> Alcatel-Lucent Enterprise
> ALE USA
> 3015 Abby Lane | Suite 301-B
> Schererville, IN 46375
> t:  +1-818-878-4667 m:  +1-219-276-2320
> e:  greg.kov...@al-enterprise.com w:
> www.al-enterprise.com
> 
>
> @ALUEnterprise
> [image: LinkedIn]
> 
>  [image:
> Twitter]
> 
>  [image:
> YouTube]
> 
>  [image:
> Facebook]
> 
>  [image:
> Rainbow]
> 
>
> 
>
> The Alcatel-Lucent name and logo are trademarks of Nokia used under
> license by ALE.
> This communication is intended to be received only by the individual or
> entity to whom or to which it is addressed and may contain information that
> is 

Re: [WIRELESS-LAN] Theater wifi - to have or not to have

[Coehoorn, Joel]

Add one counter-opinion. I tend to believe you **WILL** want coverage here,
and probably very soon; it's just what modern students expect.  But at the
same time, this can be a very costly project just because "someone will
need it someday".

**DO** add the switching and network drops to support the APs you'll need
to provide coverage. That part will be fairly cheap now, but grossly more
expensive afterwards. And **DO** have a bid in front of project planners to
handle the AP purchase, licensing, and installation. It's likely they'll
make the jump...

... but let those stakeholders make the decision.

We had a project recently where we raised some funds to install new
bleachers and do a cosmetic refresh (paint and carpet) in a gym. I
suggested that while the old bleachers were gone was a good time to improve
wifi support in the building and gave a cost estimate to the project
planners. They opted to do the wifi updates, but it was their decision.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Tue, Oct 22, 2019 at 1:36 PM Johnson, Christopher 
wrote:

> Put it in while you can indeed to what Michael said. And funny point about
> the “student expectation at times is unrealistic” as my co-worker overheard
> a girl saying recently the “Wi-Fi” sucks, when her friend asked her why, it
> was because it drops off under a 4 direction walk-way under-pass beneath an
> intersection….
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> *From:* Johnson, Christopher
> *Sent:* Tuesday, October 22, 2019 1:33 PM
> *To:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* RE: [WIRELESS-LAN] Theater wifi - to have or not to have
>
>
>
> Same situation as with what Thomas Carter ran into.
>
>
>
> We ran into the same situation a few years ago -> currently have one AP in
> the concert hall seating area and one in the theatre seating area (the
> concert hall AP is up in the cat-walk and does a surprisingly good amount
> of coverage/reflection around the area down below) -> because the rooms are
> used for more that just theatre/performances – *sometimes for classes and
> others for important presentations/presenters*. We were asked by a couple
> individuals “can we just say no to Wifi” in those area during campus
> upgrade. *We did add several additional APs in the atrium area for where
> students study and the back-stage areas for performers when taking their
> breaks*. It was ultimately decided no additional density due to cost (new
> work in old work).
>
>
>
> To the point about “distractions during performances and presentations/“people
> would be using devices instead of watching the performances” -> we got
> complaints again about Wi-Fi in the concert hall – and one of the IT folks
> brought up a very good and interesting point *“I think several around me
> were more distracted by continual efforts to get a good connection because
> that is what the expectation is these days.  And the rest were just flipped
> over to cell probably without knowing it.”*
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Manon Lessard
> *Sent:* Tuesday, October 22, 2019 12:37 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Theater wifi - to have or not to have
>
>
>
> *[This message came from an external source. If suspicious, report to
> ab...@ilstu.edu ] *
>
> Not only do most students expect it, universities push their online
> learning platforms, performers appreciate it and you can hand them “on the
> cheap”, but there’s always the possibility that some are going to be used
> for convocation ceremonies…meaning lots and lots of happy grads and their
> parents who want to share over social media (else, beware of Spotted:Your
> Uni)
>
>
>
> *Manon Lessard*
> Technicienne en développement de systèmes
>
> CCNP, CWNE #275, ESCE Design
>
> Direction des technologies de l'information
>
> Pavillon Louis-Jacques-Casault
> 1055, avenue du Séminaire
> Bureau 0403
> Université Laval, Québec (Québec)
>
> G1V 0A6, Canada
>
> 418 656-2131, poste 412853
> 

Re: [WIRELESS-LAN] Feasibility of an open SSID for student use

[Coehoorn, Joel]

We also run a completely open SSID. There is a captive portal, but it's at
the gateway rather than the wireless controller, so the same mechanism can
also handle wired connections, and it's only used for enforcement. New
visitors can get on the network without seeing the captive page.

*>  to get the protections afforded to ISP’s under DMCA we need to inform
users that they’re not allowed to share copyrighted materials and that
their connection will be blocked if they do.*

We handle the notification out-of-band for our students.  We have to notify
them; we don't necessarily have to use a captive portal to do it right at
connection time. The information is included with the account activation
for new students, repeated during orientation, repeated again via e-mail
near the start of each term, repeated again on the gateway capture page for
early offenses, and included in the student handbook.

If it were to come to the point of a block, we can give specific devices
a capture page with no way to click through. But our policy also includes
this text:

* Internet access today is more than a simple privilege, but is now
necessary for continued successful progress in academic pursuits. Student
actions which require the Department of Information Technology and the
Office of Student Development to conclude it is no longer appropriate to
allow a student to continue using the campus network may therefore result
in dismissal of the student  *

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Fri, Sep 13, 2019 at 7:42 AM Enfield, Chuck  wrote:

> “We run eduroam and a completely open guest SSID. The open SSID has no
> captive portal, no click through terms of services, and no restrictions on
> Internet access for content or speed.”
>
>
>
> I’m jealous Felix.  I made a strong push for this approach, but General
> Counsel stopped it.  FWIW, I think they got it right, but life would be
> easier and users would be happier your way.
>
>
>
> Their rationale is that to get the protections afforded to ISP’s under
> DMCA we need to inform users that they’re not allowed to share copyrighted
> materials and that their connection will be blocked if they do.  For
> account holders we make them agree to these terms and more when they
> activate their account.  But if the network doesn’t require an account this
> notification seems to demand a captive portal.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Felix Windt
> *Sent:* Friday, September 13, 2019 8:26 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Feasibility of an open SSID for student use
>
>
>
> I’d pay a fair price for an easily administered solution that lets us roll
> out PPSK in the dorms and deploy broadcast/multicast domains scoped to
> specific users.
>
>
>
> We run eduroam and a completely open guest SSID. The open SSID has no
> captive portal, no click through terms of services, and no restrictions on
> Internet access for content or speed. That SSID bridges through to VLANs in
> a DMZ, and its only real restriction is that it can only reach proper
> public IP addresses on campus, plus 2-3 applications on private IPs that
> are specifically permitted. That’s enforced on the firewalls between campus
> and the DMZ.
>
> We do see quite a lot of students on that SSID permanently. As a huge
> amount of our student applications are either cloud hosted or available on
> the public Internet, that works just fine for them. We’d prefer them on
> eduroam, but user experience trumps our preferences. The only real problem
> are devices such as Sonos sound bars, Google appliances, and other devices
> that will only support PSKs for wireless. For those we don’t have a
> solution right now.
>
>
>
> Once WPA3/OWE is out and widely supported I genuinely don’t know how much
> we’ll care about where devices are. At that point it seems not just more
> user friendly but easier for IT overall to just throw reasonable security
> in front of web apps that the student and faculty population need to
> access, and let them sit on the SSID that’s easier to get on to.
> Administrative machines under central control would probably be kept on
> properly authenticated networks, but those are easier to solve if you have
> reasonable mass device management options.
>
>
>
> For what it’s worth, we use the eduroam CAT tool for onboarding.
>
>
>
> thx,
>
>
>
> Felix Windt
>
> Dartmouth College
>
>
>
> *From: *The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Rumford, Charles" <
> charl...@isc.upenn.edu>
> *Reply-To: *The EDUCAUSE Wireless Issues Community Group Listserv <
> 

Re: [WIRELESS-LAN] Residential Wireless and Gaming

[Coehoorn, Joel]

Agree that it's best to let gamers use wired ports.

Nothing, and I mean ***nothing*** is harder on your shared wifi link than
low-latency game traffic. The actual throughput for this traffic tends to
be very small, especially compared to streaming... it's typically only
updated position/vector and action data, rather than full-video content.
The problem, however, is in the sheer number and frequence of packets, as
every little twitch needs a new update, and the fact this traffic is
bi-directional.

Where streaming traffic tends to all source from the AP, where the AP can
naturally avoid colliding with itself, much more of the gaming traffic
originates at the client, and therefore much more likely to cause
collisions in the shared half-duplex air space used by wifi. Getting that
traffic OFF the wifi and back onto wired links can do amazing things for
the general quality of life for everyone in that environment.

Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society


On Wed, Sep 4, 2019 at 3:12 PM Angelo Santabarbara 
wrote:

> Wireless contention is the real problem.  We recommend all gamers connect
> their systems to wired ports.  Not only does it make their experience
> better, but it also lessens the wireless load (On our campus XBox and PS4
> fall into the top 4 traffic sources).  If you already have a wired
> infrastructure than the edge switches are not all that expensive.
> Alternatively install access points like the Ruckus H510 in each housing
> unit which include 4 hard wired ports.
>
> Angelo D. Santabarbara
> Director of Networks & Systems
> Siena College
> asantabarb...@siena.edu
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Wall plate AP and Coax line sharing box

[Coehoorn, Joel]

We also have the "wall warts". We were able to mount a new box immediately
below the original, and put a blank keystone filler where the network port
used to be. For students who still want to plug in, our APs have a three(!)
switched pass-through ports on the bottom they can use. The second box
works just fine, but if I had it to do again, I'd probably use the idea to
drill a hole in the side of the box.

It's also worth nothing we no longer provide cable TV directly as of this
academic year. The cables still need to be there so students who want to
can still talk to our local provider directly, but it's not turned on by
default any more.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Jan 23, 2018 at 2:57 PM, Curtis K. Larsen 
wrote:

> We ran into this too.  You can see how we handled the dual-gang units in
> the attached images.  It's not super pretty but it worked.
>
> Thanks,
>
> Curtis
>
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Ken Meggitt <
> krmegg...@alaska.edu>
> Sent: Tuesday, January 23, 2018 1:22 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Wall plate AP and Coax line sharing box
>
> Hello Alan,
>
> My group recently added Wall Plate AP's to an entire dorm.  We had a
> similar issue with old cable TV Coax that supplied TV to the dorms.  Rather
> than abandon or remove it entirely we mounted bulkheads into the side of
> the boxes that allowed coax connections from the side while still allowing
> room for the wall plate AP to mount to the box.  The modifications required
> some drilling and a little cleanup but aside from that they could be
> completed quickly and with minimal effort.  depending on the size of the
> boxes you have in your rooms this may or may not work for you.
>
> On 1/23/2018 11:03 AM, Alan D Wang wrote:
> Hello,
> We are looking to possibly re-design the wireless deployment in several of
> our older dorms this summer but would like to do this with minimal need to
> move and/or add new junction boxes and cable runs.  One issue we will run
> into is that in newer rooms/common rooms the junction box that holds the
> data drop that will be used for the wall plate AP is also the same box that
> has the cable tv connection in it.  Has anyone here come up with a solution
> for mounting the wall plate AP that still allows access to the cable tv
> connection?  Depending on the building age, some of these boxes are single
> gang and some are dual gang.
>
> Thanks
> --
> Alan Wang
> Network Analyst
> Binghamton University
> aw...@binghamton.edu
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> --
> Ken Meggitt
> OIT Network Engineering
> x7575
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall Rooms

[Coehoorn, Joel]

My experience is you can get good signal propagation without complaints
going through one wall, but not often more. We go every other room in a
checkboard pattern for traditional rooms, also using (formerly
Motorola=>Zebra) Extreme AP7502's, which I love (it's nice to finally see
someone else here using this under-rated line), and we're doing well enough
I'm considering going to an every-third-room deployment strategy the next
time I update a dorm, which for a traditional dorm still meets the "one
wall" rule.

The every-other option is working well even in an older building that has
crazy poured-concrete interior walls like I've never seen elsewhere. The
original construction is a metal chicken wire mesh stretched from floor to
ceiling that is **murder** on wifi signal, with a heavy concrete mixture
poured around it. The walls actually curve inward a bit as they reach the
junction with the outside wall.

In the case of suites/apartments, I try for one AP per suite (using AP7522
on the ceiling in the common room/living room), but we have two buildings
that were put up just a year or two before wifi was a big deal, and there's
no good way to get network drops into the ceiling... no plenum, and the
existing cable paths run in the outside wall between the brick and
insulation layer, and I have next to no way to change any of it. I wish I'd
been here when they were constructed... I would have insisted on drops into
the common spaces. These buildings use a hybrid between hallway and
in-room, with an AP7502 in every suite, plus some hallway APs to augment.





Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 11, 2017 at 2:06 PM, Daniel Brisson  wrote:

> I have found with Cisco’s 1810Ws that we can get more than one room.
> Obviously, this depends greatly on building construction, but we can
> typically get at least 3 rooms covered with one Access Point.  It’s really
> not *that* much more than deploying the larger APs.  I am looking at
> between 2-3x number of 1810Ws to replace our aging 3502i’s, which doesn’t
> seem that bad really considering we just need to add one 48-port POE switch
> in most cases.
>
>
>
> -dan
>
>
>
> --
>
>
>
> Dan Brisson
>
> Network Engineer
>
> University of Vermont
>
>
>
>
>
> *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Thomas Carter <
> tcar...@austincollege.edu>
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Wednesday, October 11, 2017 at 3:03 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU>
>
> *Subject: *Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall
> Rooms
>
>
>
> I’ve complained to vendors about this before, but the problem is the
> one-per-room deployment can be 2-4x the cost of in-hall deployment. At
> smaller schools like ours, nebulous future support hours saved won’t make
> up for current costs now.  The biggest issue is an in-hall AP that supports
> 4-6 rooms is only 2x the cost of a single in-room solution. For example,
> the dilemma I face is there is money to replace 6-8 year old APs and I can
> do one hall or 3-4 (with no guarantees of future money), which do you
> choose?
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> 
> Sherman, TX 75090
>
> Phone: 903-813-2564 <(903)%20813-2564>
> www.austincollege.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Stephen Belcher
> *Sent:* Wednesday, October 11, 2017 12:55 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Best Wireless Solution for Residence Hall
> Rooms
>
>
>
> We started with an all wireless residence halls concept three years ago
> and will finish the last three (fairly small) installs next summer. We went
> with in-room access points supplemented with APs in common areas. For
> traditional residence halls we went with Cisco 702w initially changing to
> 1815w access points when they became available. For residence halls
> designed more as a suite concept we went with 2800 series access points. We
> pretty much blast the 5 GHz everywhere and disable 2.4 GHz in every other
> room (with a few exceptions).
>
>
>
> We have 6120 beds and the cost per bed for installs was about $370. I will
> be at Educause this year with a poster presentation on wireless dorms. If
> anyone is around stop by and say hi and grab some literature with the cost
> 

Re: [WIRELESS-LAN] 5GHz Micro Adapters

[Coehoorn, Joel]

I've seen some laptop vendors lock down the internal adapter in the bios to
the original approved model only, claiming recent FCC rules as the excuse.

On Aug 28, 2017 5:47 PM, "Johnson, Christopher"  wrote:

> Good Evening,
>
> 1.   Has anyone had any experience and would recommend a particular
> 5GHz Wifi Micro USB adapter for students that have a Windows Laptop with a
> 2.4GHz only integrated adapter?
>
> 2.   How is the quality/performance of a 5GHz Micro USB Adapter?
>
> a.   I can’t imagine it performing as well as a laptop with Wi-Fi
> antennas integrated throughout the monitor.
>
> b.   Would it be better to recommended the internal Wi-Fi NIC be
> swapped out for another compatible model – although I could see this being
> an issue if the antennas weren’t dual-band capable.
>
>
>
> Thank you and have a great night!
>
>
>
> *Christopher Johnson*
>
> Wireless Network Engineer
>
> AT Infrastructure Operations & Networking (ION)
>
> Illinois State University
>
> (309) 438-8444
>
> Stay connected with ISU IT news and tips with @ISU IT Help on Facebook
>  and Twitter
> 
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Backup power

[Coehoorn, Joel]

In theory, we use UPS with all of our switch. In practice, while we always
have one when we deploy a new or replacement switch, the funding hasn't
been there for maintaining the batteries or replacing a UPS if it fails.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Jul 20, 2017 at 11:00 AM, Hales, David  wrote:

> We size and install a UPS in every switch closet.  We have only a few
> models of switch and access point, so we built a spreadsheet to calculate
> our power load based on actual power draw observed in our lab.  We try to
> size our UPSes to provide a minimum of 15 minutes of uptime with 150% of
> their installed load.  That gives us enough headroom for adding switches to
> existing stacks, or adding other PoE devices down the road.  Based on a 5-6
> year replacement cycle, that sizing should be more than enough to keep up
> with any growth in load we might experience before the next cycle where we
> can resize for the load at that point in time.
>
>
>
> We keep our distribution and core on service contracts, but we use limited
> lifetime hardware warranty on our access switches.  We keep enough spares
> on hand to handle the troubleshoot and cross ship transition for any that
> fail.  Again, we only have a couple of models in production, so keeping
> spares on hand is a pretty low cost option.
>
>
>
> *David Hales*
>
> *Network Systems Administrator*
>
> *Information Technology Services*
>
> 1010 N. Peachtree
>
> Clement Hall 117
>
> Cookeville, TN 38505
>
> *P* 931-372-3983 <(931)%20372-3983>
>
> *F* 931-372-6130 <(931)%20372-6130>
>
> *E* *dha...@tntech.edu* 
>
> *www.tntech.edu/its* 
>
> *[image: Tennessee Tech Logo]* 
>
> *[image: TTU Facebook] * *[image:
> TTU Twitter] * *[image: TTU
> Instagram] * *[image: TTU
> Youtube] * *[image: TTU Pintrest]*
> 
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Sandra Bury
> *Sent:* Thursday, July 20, 2017 10:02 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Backup power
>
>
>
> Good morning -
>
>
>
> I would be interested to know how many of you include UPS purchases for
> switches in each network closet in your campus deployments. If you do not
> build in backup power, do you put your switches on a maintenance contract,
> or do you pay to replace them when they fail outside of warranty?
>
>
>
> Thanks very much.
>
>
>
> Sandy
>
>
> *Sandra H. Bury*
>
> Executive Director, Computing Services
>
> Information Resources and Technology
>
> Bradley University
>
> 309-677-2808 <(309)%20677-2808>
>
> sa...@bradley.edu
>
>
>
> *[image: https://www.bradley.edu/global/images/emailsig_wordmark.gif]*
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam AUP question

[Coehoorn, Joel]

​No one said the AUP agreement has to be electronic.  You can put this in
your Student Handbook and employee contracts, and get agreement that way.​



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Jul 14, 2017 at 10:09 AM, Michael Davis  wrote:

> In the AUP itself, it's stated:  "No person or party may use the eduroam
> services without agreeing to this Acceptable Use Policy."
>
> I would be curious to see how others are meeting this.  We already have
> thousands of users using eduroam,
> do we now go back and force them into a Captive portal to agree to the AUP
> ?
>
> Seems to me that it's much easier now to just forget eduroam, remove it
> from campus, and go back to our
> branded Wifi.
>
>
>  On 7/11/17 4:56 PM, Elizabeth Shannon wrote:
>
> Section 3.3.7 of the Internet2 eduroam connector Agreement, states
> “Connector used reasonable efforts to ensure that such employee or Student
> IdP User acknowledged the AUP”.  I would like to know other institutions
> are meeting this requirement. We offered K-State branded SSIDs, eduroam,
> and Guest; users do not have to acknowledge terms of service or accept an
> AUP. Thanks.
>
>
>
> --
>
> Elizabeth Shannon, CIPT
>
> Kansas State University
>
> Information Security and Compliance
>
> 785.532.2540 <(785)%20532-2540>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Ubiquiti per dorm room WIFI

[Coehoorn, Joel]

We don't use them here, but my understanding from a colleague at another
institution is the existing room cable drops are NOT as efficient as actual
designed coverage.  You will end up needing more APs than a designed
layout, and the coverage and power settings won't be quite as nice.

But. The ubiquiti APs are cheap enough, especially when adding ongoing
licensing into the mix, and the coverage is still good enough, that you can
definitely come out with a win using this scheme.

On Jun 5, 2017 10:39 AM, "Rogers, Michael J."  wrote:

I realize this is a couple months old but wanted to provide some info and
ask a question related to the in-wall style ap.



We have been testing the Ubiquity UAP-AC-IW for about a month in an
office.  It has been working fine.  It does work over standard poe.  Only
thing we are really still waiting to test is vlan support for the Ethernet
jack.  I believe it is about out of beta.



We are considering these for ResHall deployments.  Love the idea of not
running additional cable.  For those that have deployed the in-wall type ap
- do you find that you need more of them because of the low height they are
mounted at?  I would guess all the furniture might attenuate a bit.  If so
did you end up deploying one per room?



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Norman Mourtada
*Sent:* Saturday, March 11, 2017 1:31 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Ubiquiti per dorm room WIFI



We are using something similar with Aruba model 205H 802.11ac 2.4/5 2x2
wave 1 and now the new model 303H wave 2 with MU-MIMO. This is a
hospitality AP model for dorms with built-in 3 Ethernet ports for wired
access as well. See http://www.arubanetworks.com/assets/ds/DS_AP303H.pdf.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Michael Blaisdell
*Sent:* Saturday, March 11, 2017 11:02 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Ubiquiti per dorm room WIFI



Has anyone looked at the new Ubiquiti IN WALL WAP?  It has what I need.  I
also believe it answers some of the questions that came up in past posts
about residence hall WIFI.

UAP-AC-IW - Ubiquiti UniFi In-Wall 2.4 / 5GHz AC Access Point


I read some of the specs at the baltic network site.

Product Specifications
• Dimensions: 139.7 x 86.7 x 25.75 mm (5.5 x 3.41 x 1.01 ")
• Weight: 200 g (6.43 oz)
• Networking Interface: (3) 10/100/1000 Ethernet Ports
• Buttons: Reset
• Power Method: Passive Power over Ethernet (48V), 803.2at Supported
(Supported Voltage Range: 44 to 57 VDC)
• Power Supply: UniFi Switch (PoE)
• Power Save: Supported
• PoE Out: 48V Pass-Through (Pins 1,2+; 3,6-)
• Maximum Power Consumption: 7W
• Maximum TX Power:
2.4 GHz: 20 dBm
5 GHz: 20 dBm
• Antennas: (1) Dual-Band Antenna, Single-Polarity
2.4 GHz: 1 dBi
5 GHz: 2 dBi
• Wi-Fi Standards: 802.11 a/b/g/n/ac
• Wireless Security: WEP, WPA-PSK, WPA-Enterprise (WPA/WPA2, TKIP/AES)
• BSSID: Up to Four per Radio
• Mounting: 1-Gang Electrical Wall Box (Not Included)
• Operating Temperature: -10 to 50°C (14 to 122°F)
• Operating Humidity: 5 to 95% Noncondensing
• Certifications: CE, FCC, IC

Advanced Traffic Management
• VLAN: 802.1Q
• Advanced QoS: Per-User Rate Limiting
• Guest Traffic Isolation: Supported
• WMM: Voice, Video, Best Effort, and Background
• Concurrent Clients: 250+

I didn't post the link to the data sheet but is listed on the site.





-- 

Michael Blaisdell
Director of Network Services

IT Services

Learning Commons/Library
Saint Francis University

117 Evergreen Drive

Loretto, PA  15940
814-472-3242 <(814)%20472-3242>
http://www.francis.edu


*The best way to predict the future is to invent it.** - O**badiah Bumbly*

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://www.educause.edu/
discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] 2.4 vs 5

[Coehoorn, Joel]

We still have a lot of devices (especially low-end smartphones) that only
have 2.4 radios.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Mar 6, 2017 at 10:42 AM, Oliver, Jeff  wrote:

> Folks, just wondering how many PSI’s have successfully turned off your 2.4
> and gone 5GHz only? And how much blowback?
>
>
>
>
>
> Cheers,
>
> Jeff
>
>
>
> ---
>
>
>
> Jeffrey L. Oliver
>
> Manager, Network and Telecommunications
>
> Information Technology Services
>
> The University of Lethbridge
>
> 4401 University Drive, Lethbridge, Alberta, T1K 3M4
>
>
>
> Tel: 403.329.5162 <(403)%20329-5162>
>
> Mob: 403.315.4461 <(403)%20315-4461>
>
>
>
> URI:   jeff.oli...@uleth.ca
>
> Web:http://www.uleth.ca/information-technology/
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Here come the LTE-U devices...

[Coehoorn, Joel]

IIRC, this has the same power limitations as WiFi and other unlicensed
applications. That limits range enough I don't see carriers just deploying
this everywhere across our campuses. If nothing else, they'd have to get
permission to place the radios. I think it makes more sense for them as
something they can offer to us for micro-cells to improve coverage in
buildings and underground, instead of distributed antennas.

Even that won't make sense until handset support is in more than just a few
devices, though the current Apple/Samsung hegemony means the right device
could tip that scale faster than we expect. I'm also curious if this is
something that Cisco/Aruba/etc will build into Access Points and
controllers in a carrier-agnostic way, so we don't need additional devices,
wiring, or management and can spread it over a good-sized area when we know
we need it.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

*Please contact helpd...@york.edu  for technical
assistance.*


The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Feb 22, 2017 at 12:24 PM, Bob Brown  wrote:

> FCC announced it has authorized first LTE-U devices (Ericsson and Nokia
> are first two suppliers approved)
>
> CHAIRMAN PAI STATEMENT ON COMMISSION
> AUTHORIZATION OF FIRST LTE-U DEVICES
>   --
> WASHINGTON, February 22, 2017 – Federal Communications Commission Chairman
> Ajit Pai issued the following statement today on the agency’s first
> authorization of LTE-U devices:
>
> “Today, the Commission announced authorization of the first-ever LTE-U
> (LTE for unlicensed) devices in the 5 GHz band.  This is a significant
> advance in wireless innovation and a big win for wireless consumers.
>
> “LTE-U allows wireless providers to deliver mobile data traffic using
> unlicensed spectrum while sharing the road, so to speak, with Wi-Fi.  The
> excellent staff of the FCC’s Office of Engineering and Technology has
> certified that the LTE-U devices being approved today are in compliance
> with FCC rules.  And voluntary industry testing has demonstrated that both
> these devices and Wi-Fi operations can co-exist in the 5 GHz band.  This
> heralds a technical breakthrough in the many shared uses of this spectrum.
>
> “This is a great deal for wireless consumers, too.  It means they get to
> enjoy the best of both worlds: a more robust, seamless experience when
> their devices are using cellular networks and the continued enjoyment of
> Wi-Fi, one of the most creative uses of spectrum in history.
>
> “I remain committed to ensuring a competitive and vibrant unlicensed
> ecosystem that fosters innovation and promotes the efficient use of
> spectrum.  Today’s announcement, enabled by cooperation among private
> actors and collaboration with the public sector, reflects that commitment.”
>
>
> https://www.fcc.gov/news-events/blog/2017/02/22/oet-
> authorizes-first-lte-u-devices
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Student Gaming behind NAT

[Coehoorn, Joel]

Our firewall vendor (Untangle) is experimenting with a restricted UPnP
option, that may eventually allow us to use it for only approved devices
and approved ports, for an approved timespan. Other UPnP requests would be
rejected.

Not sure yet how I feel about the feature. If it works, I know our
student's would love it and I'm confident I could secure it to protect our
own public-facing services. But I'm not sure how it could allow two NAT'd
devices to both have, say, port 3074 forwarded at the same time.

On Feb 14, 2017 10:52 AM, "Voelker, Andy"  wrote:

> We’re having increasing problems with newer games operating on a 1:1 NAT
> in our residence halls.  Some of these games have a dozen port entries per
> platform (Xbox, PS4, PC) and after all that the games still aren’t acting
> reliably.  We’re using a Palo Alto firewall, which carries application
> signatures for SOME games, but not that many.  I’m finding myself spending
> too much time on this, yet not able to dedicate enough to get to a good
> solution.  I’m interested to hear how others are handling this (since I’m
> new to operating this type of service).
>
>
>
> Little background info:  We have a device SSID with a WPA2-PSK that dumps
> onto the student network, which carries some network permissions but
> relatively few.  A potential solution would be to stop NATing addresses,
> provide a public IPs to the device network, and segment them into an
> off-campus-only VRF.  However, students are starting to interact with their
> consoles using their PC’s and mobile devices, which would not work in this
> model.  By this I mean screen-casting, live streaming, etc.  I suspect that
> need will grow.  Also other “things” that use the device network like
> Chromecast, Sonos, Google Home, WiFi lights, etc would be useless unless we
> wrote firewall rules that allowed each and every one of these protocols.
> Many of these rely on mDNS, DIAL, etc though.  Not easy.
>
>
>
>
>
> I covet your thoughts.  Thanks in advance.
>
>
>
> ​
>
> Andy Voelker
>
> Network Administrator and IT Infrastructure Team Lead
>
> Davidson College
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] TLS Onboarding Vendors

[Coehoorn, Joel]

> If those using or considering TLS had the option of PPSK (personal
pre-shared key), would you opt for PPSK instead?

Definitely. I think it's a much more user-friendly option, while providing
similar control and security as TLS.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Nov 1, 2016 at 9:12 AM, Jeffrey D. Sessler 
wrote:

> Just curious. If those using or considering TLS had the option of PPSK
> (personal pre-shared key), would you opt for PPSK instead?
>
> Jeff
>
> On 10/31/16, 9:27 AM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Bruce Boardman"  on behalf of board...@syr.edu> wrote:
>
> We are using Cloud Path for onboarding, but we are considering other
> options if and when we go to EAP TLS. We may get it baked in if we use ISE
> or Clear Pass but I considering other standalone options as well. Anybody
> have  experience or thoughts they'd like to share. Thanks
>
> Bruce Boardman Networking Syracuse University 315 412-4156 Skype
> board...@syr.edu
>
> **
> Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Captive portal trouble with LG phones

[Coehoorn, Joel]

I have an LG phone, and it is a common occurrence for me everywhere I go
with public wifi that my phone will want to give up on a wifi connection
and switch to data before I can complete a registration process. It's not
just our campus, but also McDonald's or Culver's with my kids, Starbucks,
or anywhere that does capture.

I say this because, while it is something you will want to address, it's
likely something that users of the phone will be used to, so at least
they're less likely to try to blame IT.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Oct 13, 2016 at 8:16 AM, Turner, Ryan H 
wrote:

> I despise captive portal detection on devices.  On our onboarding
> platform, I do everything possible to PREVENT the automatic popup of
> browsers due to problems like these (and many others).  For you to really
> figure this out, you are likely going to need to do a packet capture of the
> session and see what that users phone is attempting to connect to.  I would
> be doing a packet capture to poke some holes through so that the captive
> portal browser never opens in the first place.
>
>
>
>
>
> Ryan Turner
>
> Manager of Network Operations
>
> ITS Communication Technologies
>
> The University of North Carolina at Chapel Hill
>
>
>
> r...@unc.edu
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Thomas Carter
> *Sent:* Wednesday, October 12, 2016 9:36 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> I forgot to mention we’re currently running 5.4. We’ve had this trouble
> 3-4 times in the past few weeks, and every time it is a brand new LG phone.
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> 
>
> [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Sullivan, Don
> *Sent:* Wednesday, October 12, 2016 7:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> We use Packetfence also and we have not heard of or seen this issue. We
> are running version 6.0.3.
>
>
>
> *Don Sullivan*
>
> *Network Administrator*
>
> *205-726-2111 <205-726-2111>*
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Thomas Carter
> *Sent:* Monday, October 10, 2016 2:40 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Captive portal trouble with LG phones
>
>
>
> We use PacketFence as our NAC and have a captive portal to allow users to
> self-register their devices. In the past couple of weeks we’ve had problems
> with the latest LG phones (other Androids work fine) disconnecting in the
> middle of a captive portal session; it won’t stay connected long enough to
> register the device. It seems similar to the old Apple “success.html” test
> for internet connectivity, but I haven’t been able to determine if that is
> the case. Has anyone else seen this issue with new LG phones?
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> 
>
> [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif]
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/
> 

Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2

[Coehoorn, Joel]

Find someone with a good 3D printer ;D



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Sep 1, 2016 at 11:24 AM, Troy Lynn Wiseman  wrote:

> This is not pretty, but we use standard L brackets you can buy at the
> hardware store.
>
>
>
> Thanks
>
>
>
> TROY WISEMAN
>
> Network Engineer V
>
>
>
> INFORMATION TECHNOLOGY
> MAIL CODE 4622
> SOUTHERN ILLINOIS UNIVERSITY
> 625 WHAM DRIVE
> CARBONDALE, ILLINOIS 62901
>
>
>
> twise...@siu.edu
>
> P: (618) 453-6264
>
> INFOTECH.SIU.EDU 
>
>
>
> [image: SIU]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
> *Sent:* Thursday, September 1, 2016 10:59 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2
>
>
>
> You actually answered a question I meant to include, but I didn’t ask ..
> how are people doing wall mounts.  That issue just popped up this morning.
> I’ll keep this on file for those instances.  Thanks!
>
>
>
> -Brian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *James Helzerman
> *Sent:* Saturday, August 27, 2016 10:11 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cost effective alternatives to AP-220-MNT-W2
>
>
>
> We use Cisco so I am not sure of the Aruba bracket but I was able to
> easily modify a camera mount for this purpose.  We also use the Oberon
> mount and are happy with that.
>
> This camera mount attaches to a single gang box and has a pass thru for
> the cable.  My picture does show the pass thru well but the link below does.
>
> http://www.securityideas.com/pa89pathjstm.html
>
> Jimmy
> University of Michigan
>
>
>
> On Aug 26, 2016 5:55 PM, "Lionel Shigemura"  wrote:
>
> A local Aruba vendor has made some custom 2-gang cover plates modified
> with a tile grid type piece for another Campus.  Just mount the adapter
> plate and clip the AP similar to a ceiling grid.  It was custom piece at a
> "decent" price, but can't recall exactly.  I've used various Oberon
> products and they're really nice.  We have some older bldgs with plenum
> ceiling that use a steel frame grid with integrated supply ducts.  No
> standard grid for clip usage. I've used the Aruba AP-220-MNT-W1 and Aruba
> AP-220-MNT-W2 using screws and zip ties.  If the W2 is too costly, a
> cheaper options we entertained was to modify the included grid clip adapter
> and screw it into the steel plate.  The latter solution was really
> difficult to remove so we didn't use it.
>
>
>
> For walls, I prefer this solution until I find something better.  #1011-00
>
> http://www.oberoninc.com/products/right-angle-brackets
>
>
>
> I contacted Oberon's competitor and their similar model didn't have a
> knockout for cable pass-through and had some differences.  This was shortly
> after Atmosphere.  Wasn't worth the cost when we had to modify to make it
> work.
>
>
>
> Lionel
>
>
>
>
>
> On Fri, Aug 26, 2016 at 9:17 AM, John Kristoff  wrote:
>
> Has anyone found, purchased or produced wall mounting kits suitable for
> attaching an AP to a gang box.  Specifically for Aruba APs like the 325
> (or the 220).  We've found the AP-220-MNT-W2, but if you get a lot of them,
> it gets costly quick.
>
> Thank you,
>
> John
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Coehoorn, Joel]

We looked into Clickatel and really *really *liked it.

Unfortunately, our campus is pretty close to the middle of nowhere. Neither
AT, Sprint, nor T-Mobile have the coverage to reliably deliver texts, and
they comprise a fair number of our visitors. You NEED Verizon (or a
verizon-based mvno) out here. I'm still trying to figure out a good
reliable way to get keys to guests in the absence of conistent txt message
delivery.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Jun 27, 2016 at 1:55 PM, Lee H Badman  wrote:

> Twillio. Is reliable and affordable.
>
> Lee Badman
> Network Architect/Wireless TME
> Syracuse University
> 315.443.3003
>
>
> -Original Message-
> *From:* Hector J Rios [hr...@lsu.edu]
> *Received:* Monday, 27 Jun 2016, 14:29
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *Subject:* Re: [WIRELESS-LAN] student residential routers?
>
> Any recommendations on an SMS gateway service? We are implementing
> ClearPass and we want our sponsors to have the ability to send credentials
> via text. I know about leveraging SMTP, but I’m interested in that option.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] backhaul wifi comparison/suggestions

[Coehoorn, Joel]

I've used Engenius bridges in that scenario.  Just $70 each, no licensing:

http://www.amazon.com/EnGenius-Technologies-Wireless-Bridge-ENS500/dp/B00BOVOM0S/



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Apr 5, 2016 at 4:52 PM, John Rodkey  wrote:

> That's what I've got in place now, but it also costs because of the yearly
> license fees.
> It hasn't been 100% reliable, either (interference on 2.4MHz, I'm pretty
> sure), so going 5 is desirable.
>
> John
>
> On Tue, Apr 5, 2016 at 2:42 PM, Ian McDonald  wrote:
>
>> A pair of (cisco) access points from your scrap pile in bridge mode? 100%
>> inexpensive J
>>
>>
>>
>> --
>>
>> ian
>>
>>
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *John Rodkey
>> *Sent:* 05 April 2016 22:36
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [WIRELESS-LAN] backhaul wifi comparison/suggestions
>>
>>
>>
>> I have need for a fairly inexpensive,  low bandwidth (10Mbps), short
>> distance (<200 ft)  point to point wireless connection .
>>
>> I am aware of the Cambrium ePMP 1000 and Ubiquiti nano.
>>
>> Would anyone like to compare these items or propose other good solutions
>> to this type of situation?
>>
>> John
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new flexible radio assignment?

[Coehoorn, Joel]

Not with Cisco, but I love my AP7502's
.


The radios in that device are not programmable, but they are in their big
brother AP7522, where I could have both radios in the device running 5Ghz
or set one as a client for health checks. The Zebra (formerly Motorola)
controller won't do this dynamically, though... at least not yet.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 22, 2016 at 2:07 PM, Mike Atkins  wrote:

> I’m looking forward to the 2800/3800 AP features as we deploy new
> infrastructure and high density WiFi.  I hopeful the external antenna model
> can help reduce the # of APs/licenses needed in very high density
> locations.  The auto channel width could be nice if it works okay in our
> environment.  Only time and testing will tell…..   Not sure if multi-gig
> will be a factor in the coming year but we are certainly looking at it for
> the new Cisco and new Aruba APs.  Our Aruba folks indicate two 5.2 GHz
> radios in the same antenna location will not work efficiently…. So we’re
> hoping there is some software magic to overcome physics.  Needless to say
> I’m trying to keep my expectations low in order to be pleasantly
> surprised.
>
>
>
> There are a couple “No Strings Attached Show” podcasts discussing
> 2800/3800 and flexible radio assignment.  (sponsored podcast)  There is
> also a “Cisco Champion Radio” podcast discussing 2800/3800 features.
>
>
>
> PS.  We are looking at 1810w for dorm deployment.  It’s wave2 AC but still
> does not do clean air if you need that.
>
>
>
>
>
>
>
> *Mike Atkins *
>
> Network Engineer
>
> Office of Information Technology
>
> University of Notre Dame
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Daniel Brisson
> *Sent:* Tuesday, March 22, 2016 2:46 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts
> on new flexible radio assignment?
>
>
>
> Yes, the flexible radio design is definitely interesting.  I’m interested
> to see how it plays out in terms of shuffling clients between APs based on
> what radio is available.
>
>
>
> I wanted to ask…have you considered the 702W for your res halls?  It
> really seems to be the way to go in terms of creating small cells for the
> myriad devices that existing in that setting.  We have a new dorm going up
> as well and with our experience with the 3502i’s, which grants has not been
> bad, but I really see the benefit of going with the 702w style.
>
>
>
> -dan
>
>
>
>
>
>
>
> Dan Brisson
>
> Network Engineer
>
> University of Vermont
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Tuesday, March 22, 2016 2:27 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on
> new flexible radio assignment?
>
>
>
> For the Cisco shops:
>
>
>
> I recently had a briefing on the new Cisco 2800/3800 Wave 2 WAPs coming in
> May, and I’m pretty excited for the new flexible radio design. For those
> that have not read up on it, in the new models one of the two radios can
> dynamically move (self optimize) between 2.4 and 5 GHz depending on need
> (coverage/performance) or function (Serve clients, security monitoring,
> service assurance aka be a client, or enhanced location).
>
>
>
> Seems like Cisco is addressing one of my long standing concerns/wishes,
> that when designing dense deployments, that the number of 2.4 GHz radios
> become overkill and wasted. The new model provides for much better 5 GHz
> coverage (lots of WAPs running 5GHz x 2) with just enough running 2.4 GHz
> to handle legacy needs. It’s going to make my life much easier when
> designing for our residential halls.
>
>
>
> Any of the other Cisco shops excited for the new flexible radio feature?
> Thoughts? I have a new residence hall coming online in August so the timing
> is great.
>
>
>
> Jeff
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for 

Re: [WIRELESS-LAN] Desktop projection to classroom display

[Coehoorn, Joel]

I just did some searching, and ALL of those (Crestron,  ClickShare, and
WePresent) will only show content that you can load in their app. If you
want to show content from other apps, you're stuck.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:13 PM, Wall Wofford  wrote:

> WePresent is another option that we hope to explore soon.
>
> Regards,
> Benjamin
>
> On Wed, Mar 2, 2016 at 12:09 PM, Sullivan, Ryan 
> wrote:
>
>> At UCSD, we have a customer who recently asked about a Barco Clickshare
>> set up. The default mode is that it does act as an AP but there is an
>> advanced set up configuration that allows the AP function to be disabled
>> when the base unit has a wired connection and the remote buttons can attach
>> to a WPA2-E network.
>>
>> Section 4.12
>>
>> http://www.barco.com/tde/%282331390682231610%29/R594/08/Barco_InstallationManual_R594_08__ClickShare-CSC-1-Installation-Guide.pdf
>>
>> No actual experience with the product but it sounds promising.
>> Thanks,
>> Ryan Sullivan
>>
>>
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Thomas Carter [
>> tcar...@austincollege.edu]
>> Sent: Wednesday, October 28, 2015 6:35 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> We have a ClickShare - it works well, but was very pricy. It basically is
>> an AP (luckily it can do 5GHz so interference wasn’t a problem) that talks
>> to the dongles. The benefit is the simplicity for Windows and Mac users; we
>> get no support calls on it. The down side is the cost (4 digits for the
>> device and USB dongles).
>>
>>
>> Thomas Carter
>> Network & Operations Manager
>> Austin College
>>
>>
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
>> Sent: Tuesday, October 27, 2015 8:27 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display
>>
>> On Tue Oct 27 2015 07:49:31 CDT, "Ashfield, Matt (NBCC)" <
>> matt.ashfi...@nbcc.ca> wrote:
>> >
>> > We’d like to try and standardize on a technology so we can manage it
>> (ha!). I’m just wondering if anyone has solved this one yet?  We’ve looked
>> briefly at AirParrot but wondering if anyone else has had any luck in this
>> area.
>>
>> One of our groups just showed up with the Barco ClickShare.  I know it's
>> been discussed here in the past a couple of times, but any idea how it
>> compares with some of the other solutions mentioned here already?
>>
>> Just at a first glance I'm not too wild about it since it basically looks
>> like an AP that gets connected to a projector or display.
>>
>>
>> --
>> Julian Y. Koh
>> Associate Director, Telecommunications and Network Services Northwestern
>> Information Technology
>>
>> 2001 Sheridan Road #G-166
>> Evanston, IL 60208
>> 847-467-5780
>> NUIT Web Site:  PGP Public Key:<
>> http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
>>
>>
>>
>>
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>
>
>
> --
> Benjamin Wall Wofford
>
> *Director of Technology Support Services*
> Fuller Theological Seminary
> w...@fuller.edu
> phone: 626-304-3798
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Open Networks in Resnet

[Coehoorn, Joel]

We have an open SSID



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 2, 2016 at 2:40 PM, Augustus Pertalion  wrote:

> We run an open network in our resnet environment, in addition to an
> authenticated one.
>
> Thanks,
>
> John
>
> --
> John Pertalion
> Network Infrastructure and Control Systems
> 1116 Peacock Hall
> Appalachian State University
> Boone, NC 28608
> 828 262 7909
>
> On Wed, Mar 2, 2016 at 3:35 PM, Lee H Badman  wrote:
>
>> 
>>
>> Other than Jeff Sessler at Scripps, who else is running an open network
>> in their resnet environment? Off-list answer is fine, if you prefer. I’d
>> like to bounce a few questions off of those doing this, off-list.
>>
>> Kind regards,
>>
>> Lee Badman
>>
>>
>> *Lee Badman* | Network Architect (CWNA, CWSP, Mobility+)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>>  *w* its.syr.edu
>>
>> *SYRACUSE UNIVERSITY *syr.edu
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Coehoorn, Joel]

Because devices *work *with PPSK. That's too often not the case for 802.1x,
and unfortunately this seems to be getting worse rather than better.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu <jcoeho...@york.edu>*

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 1, 2016 at 12:01 PM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu> wrote:

> Why “reinvent the wheel” with PPSK when 802.1X uses the existing personal
> user credentials?
>
>
>
> ​
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Coehoorn, Joel [mailto:jcoeho...@york.edu]
> *Sent:* Tuesday, March 1, 2016 12:02 PM
> *Subject:* Re: Self-registered MAC device bypass- worth the headaches?
>
>
>
> Ruckus supports a PPSK variant, as well.
>
>
>
> I'm just gonna put this out there. I have this idea in my head for an
> ideal wifi service. It starts with personal pre-shared key (PPSK), but it's
> something I don't believe is possible yet with any vendor.
>
>
>
> Step one is to create a unique key prefix for each user, effectively
> embedding a username value (the prefix) into the same field as the
> key/password. The prefix would be as short as possible, perhaps as small as
> three characters, in order to keep entry into devices simple. The purpose
> of this prefix is to allow users to choose their own wifi password, while
> still ensuring that each PSK value is unique and identifiable to a given
> user. If we don't value allowing users to choose their own wifi passwords,
> we could instead generate and assign them, and just map back the assigned
> key to the user.. but I believe there is value in this.
>
>
>
> Users would onboard by first connecting to a portal available via
> open/limited ssid to claim their key. They would have to log in with their
> traditional username/password. The portal would then prompt them for a key
> suffix (their wifi password), and then show them the complete key (prefix +
> suffix), which would be registered with our system. It would also have
> options to show them history for devices authenticated using their key,
> expire an old/create a new key using the same prefix, and other typical
> account management options. Once created, that key could be used with
> anything that supports traditional PSK connections.
>
>
>
> One important feature that I'd like to see as part of this, and what I
> think helps make this idea unique, is that devices authenticated with the
> same PPSK should always end up with the same vlan id. In this way, a
> student would be able to, for example, connect to a desktop in his room
> from the phone/tablet he brought to class and grab a file he forget to show
> an instructor. It also makes things like wireless printers, long the bane
> or our existence, almost reasonable in terms of setup and support.
>
>
>
> By keeping a prefix that's unique to each user, or mapping all key
> assignments back to the user, we can still always know who is responsible
> for a given device. We could do things like get a report of keys that
> authenticate more than, say, 6 devices to monitor for key abuse, expire
> keys when there is a problem, engage a known user when expiring old keys is
> not enough, and even map users to specific vlan pools for network policy
> enforcement. We could also create keys for events or specially classes of
> device (security cameras, door locks, wifi phones, etc). Additionally,
> per-user keys means each user's over-the-air signals have different
> encryption keys, preventing things like firesheep from working. This is
> just about all the things we do with 802.1x today, but in a form that's
> much friendlier to the consumer devices we have to support.
>
>
>
> This plan effectively embeds a username (the prefix) and a password
> (suffix) into the same value, with our without the prefix, so some of the
> same security concerns apply, but these are solvable problems. We just need
> to get vendors on board with the idea.
>
>
>
>
> Joel Coehoorn
> Director of Information Technology
> 402.363.5603
> *jcoeho...@york.edu <jcoeho...@york.edu>*
>
> The mission of York College is to transform lives through
> Christ-centered education and to equip students for lifelong service to
> God, family, and society
>
>
>
> On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton <dmor...@uw.edu> wrote:
>
> M

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

[Coehoorn, Joel]

Ruckus supports a PPSK variant, as well.

I'm just gonna put this out there. I have this idea in my head for an ideal
wifi service. It starts with personal pre-shared key (PPSK), but it's
something I don't believe is possible yet with any vendor.

Step one is to create a unique key prefix for each user, effectively
embedding a username value (the prefix) into the same field as the
key/password. The prefix would be as short as possible, perhaps as small as
three characters, in order to keep entry into devices simple. The purpose
of this prefix is to allow users to choose their own wifi password, while
still ensuring that each PSK value is unique and identifiable to a given
user. If we don't value allowing users to choose their own wifi passwords,
we could instead generate and assign them, and just map back the assigned
key to the user.. but I believe there is value in this.

Users would onboard by first connecting to a portal available via
open/limited ssid to claim their key. They would have to log in with their
traditional username/password. The portal would then prompt them for a key
suffix (their wifi password), and then show them the complete key (prefix +
suffix), which would be registered with our system. It would also have
options to show them history for devices authenticated using their key,
expire an old/create a new key using the same prefix, and other typical
account management options. Once created, that key could be used with
anything that supports traditional PSK connections.

One important feature that I'd like to see as part of this, and what I
think helps make this idea unique, is that devices authenticated with the
same PPSK should always end up with the same vlan id. In this way, a
student would be able to, for example, connect to a desktop in his room
from the phone/tablet he brought to class and grab a file he forget to show
an instructor. It also makes things like wireless printers, long the bane
or our existence, almost reasonable in terms of setup and support.

By keeping a prefix that's unique to each user, or mapping all key
assignments back to the user, we can still always know who is responsible
for a given device. We could do things like get a report of keys that
authenticate more than, say, 6 devices to monitor for key abuse, expire
keys when there is a problem, engage a known user when expiring old keys is
not enough, and even map users to specific vlan pools for network policy
enforcement. We could also create keys for events or specially classes of
device (security cameras, door locks, wifi phones, etc). Additionally,
per-user keys means each user's over-the-air signals have different
encryption keys, preventing things like firesheep from working. This is
just about all the things we do with 802.1x today, but in a form that's
much friendlier to the consumer devices we have to support.

This plan effectively embeds a username (the prefix) and a password
(suffix) into the same value, with our without the prefix, so some of the
same security concerns apply, but these are solvable problems. We just need
to get vendors on board with the idea.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton  wrote:

> Matt, Bill and others,
>
> You’d indicated that you have instructions for most common devices, is
> this something that you can share. Like others, we have a manual
> registration process (built on ClearPass), but it does require the MAC in
> order to complete the registration. The Amazon Echo is now relatively
> straightforward, as it shows up in the Alexa app after you’ve connected
> your phone to the Echo. To find it, users open the Alexa app, go to
> settings, choose the device and scroll all the way down to the bottom of
> the screen. There it will show you the software version, serial number and
> MAC address. All of that said, I haven’t been able to test the latest
> versions to see if you can do all of this without needing to connect to the
> Internet. If you aren’t we are back at square one and have to take it off
> site to get through the initial setup, which is a real pain.
>
> Another device we’ve had a lot of issues with is the newest AppleTV. Again
> I haven’t checked the latest update so this may have changed, but when it
> first came out, you had to do a little dance to get the MAC. The dance had
> you connect it to wired, navigate to the network settings when the MAC
> address and then remove the wired cable. This would put the device back
> into Wi-Fi mode and would display the Wi-Fi MAC. Then you are able to
> manually register it and go through the complete process.
>
> Chromecast has had a few other issues, mostly related to dropping sessions
> and making poor AP choices.
>
> This 

Re: [WIRELESS-LAN] aps into a office Christmas tree

[Coehoorn, Joel]

The wreath on my office door:

[image: Inline image 1]



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Dec 16, 2015 at 2:27 PM, Lee H Badman  wrote:

> Wonder what code bug they leveraged to pull that off.
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Trent Hurt
> *Sent:* Wednesday, December 16, 2015 3:09 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] aps into a office Christmas tree
>
>
>
>
>
>
>
>
> http://www.networkworld.com/article/3015954/mobile-wireless/our-christmas-tree-at-the-office.html
>
>
>
>
>
>
>
> Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
>
> Wireless Network Administrator
>
> University of Louisville
>
> Phone (502) 852-1513
>
> FAX (502) 852-1424
>
> Wireless.louisville.edu 
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It's that time of year...

[Coehoorn, Joel]

That's not the only recent wifi news article

http://www.telegraph.co.uk/news/uknews/12025988/Mother-claims-wifi-allergy-killed-her-daughter-and-accuses-school-of-failing-to-safeguard-children.html





Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Dec 2, 2015 at 1:23 PM, Patrick Campbell  wrote:

> It looks like we have a Ham among us judging from the frequency range and
> “S” signal level instead of dBm.
>
>
>
> Pat, WA3UOE
>
>
>
>
>
> J. Patrick Campbell
> Wireless System Design Specialist
>
> The Pennsylvania State University
>
> 110 University Support Building 2
>
> University Park, PA 16802
>
> Email: jp...@psu.edu
>
> Office 814-865-5888
> Cell 814-280-7630
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald
> *Sent:* Wednesday, December 2, 2015 2:03 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] It's that time of year...
>
>
>
> Hi Brandon,
>
> I'm pretty sure wideband noise from cheap and nasty electronics can cause
> havoc with most telecommunications.
>
> Whether fairy lights are any better or worse than anything else, I doubt
> it, though they are very cheaply produced, and unlikely to be very well
> designed.
>
> My Cisco 837 power supply (while still powering the router quite
> effectively) developed a S9+40 noise from 1.8MHz to 30MHz, which turned out
> to be down to the infamous bulgy caps, so it's not down to purchase price
> either ;)
>
> Best Regards,
>
> --
> ian
>
> Sent from my phone, please excuse brevity and/or misspelling.
> --
>
> *From: *Case, Brandon J 
> *Sent: *‎02/‎12/‎2015 17:52
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject: *[WIRELESS-LAN] It's that time of year...
>
> The holidays are officially upon us!
>
>
> http://gizmodo.com/can-christmas-lights-really-play-havoc-with-your-wi-fi-1745648879
>
> Has anyone else gotten wind of this yet? Seems to be making the rounds
> here.
>
> Thanks,
> --
> Brandon Case
> Senior Network Engineer
> IT Infrastructure Services
> Purdue University
> ca...@purdue.edu
> Office: (765) 49-67096
> Mobile: (765) 421-6259
> Fax:(765) 49-46620
>
> PGP Fingerprint:
> 99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] OT - Anyone using OpenDNS Umbrella DNS security product?

[Coehoorn, Joel]

I look forward to hearing your results from blocking port 53. What
communication have you done for this so far?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Nov 19, 2015 at 2:49 PM, Randy Mahurin 
wrote:

> Here are the comments from our Security Engineer, we've been using it for
> several months now:
>
> "So we've been using OpenDNS Umbrella for about 2 months now.  We
> actually replaced our proxy server with this after some back and forth on
> what it gained us vs what we lost.  While we've been using it for 2 months,
> we only recently implemented the Virtual Appliances (VA's- talked about
> towards the end of this) into the mix that really gave us more visibility.
>
> Long story real short, we've been happy with it so far and if you want any
> more info let me know.
>
> Pro's:
>
>- We use bitsighttech.com as a 3rd party to rate us against other
>.edu's.  We were sitting in the 600 range for quite awhile, and then in
>july-sept, we just started getting hammered on score because of potentially
>exploited machines.  We can track it back to pretty much the day we
>switched over to openDNS to a lot of those falling off the list.  Systems
>still weren't cleaned at the time, but it since they were no longer able to
>go outbound, the score hit went away and then we were able to start using
>umbrella to track them down.
>- Blocks a ton of stuff that our proxy server wasn't blocking before
>since now it is blocking more than just 80/8080 traffic!
>- Scheduled reports.  I get a daily last 24 hr botnet report to show
>me systems on campus that are blocked trying to access botnet systems,
>we're just starting to work through this list.
>
>
> Con's:
>
>- They don't auto rescan their sites, if something is blocked for
>malware, until someone out there using their fabric requests a site be
>rescanned, it doesn't happen. The first week we had 3 requests, the 2nd 3,
>the third 2, etc...  We're probably averaging 1-2 support tickets a week on
>sight rescans and 80-90% have come back clean and been removed. A few have
>come back as still infected and we didn't unblock them.
>- Blocking sites, for us we used to use the proxy server to block
>exact pages out of phishes, so http:\\somesite.com\somefolder\phishme.html;
>Well now the best we can do is blocking somesite.com.  Looking back at
>99% of the phishes we've blocked in the past 3 years blocking the full site
>hasn't been an issue, but there was a site or two that this will/would have
>caused issues with.
>
> Other pieces
>
>- Depends on your point of view if this is a pro or a con.  The
>virtual appliances (talked about below) auto patch if you have 2 of them
>(which you'd want for redundancy).  If you have a strict change management
>policy, you have no control over when these patch beyond giving it a time
>window in the middle of the night and it does it automagically.  It does
>one, waits for it to come back up and restablish contact and verify
>functionality (somehow, bit magically) and then it will do the other.
>We'll be going through this for the first time within the next month.  You
>have to sign up to even get notices of this happening and it was basically
>between 11/18 and 12/8 we'll be rolling this out.  So no control over
>it outside of the time window you provide for it to look at doing this
>daily.  One less thing you have to patch or schedule, but something you
>have no control over also.
>- Just purchased by Cisco, waiting to see what they do on cost going
>forward.  Part of the reason we moved away from the proxies were because
>cisco kept increasing the maint cost each year!
>
>
>
> If you want to make the most use out of it.
> 1.  Roll out their Virtual Appliances and these become your primary DNS
> servers on campus for all of your clients (servers and workstations).  They
> forward *.local and *.whateveryourdomain(s) are onto your other DNS
> servers.  If you don't do this, reporting is fairly worthless as all you
> get is your DNS servers IP addresses, so tracking down who may be infected
> is difficult depending on what type of logging you have locally.  These are
> VMs.
> 2.  Plan on changing your outbound firewall to blocking tcp/udp 53 from
> all systems except your Primary DNS servers and the VA's in #1 at some
> point in the future.  Basically make sure people aren't bypassing the extra
> security you've provided by going to google's DNS, their home ISP, etc.  We
> plan on making this change over Christmas break.
> 3.  If an AD shop, look at rolling out their VM that ties into AD and
> parses DC logs for login events.  

Re: [WIRELESS-LAN] Ruckus has purchased Cloudpath

[Coehoorn, Joel]

Best case scenario: Ruckus' awesome Dynamic PSK feature gets rolled into
Cloudpath for the rest of us and the pricing comes down in an effort to use
CloudPath to eventually sway customers towards Ruckus hardware. Worst case:
Cloudpath effectively goes Ruckus-only, leaving us to move to either
Secure-W2, Cisco ISE, or Aruba ClearPass.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Oct 22, 2015 at 9:58 AM, Frank Sweetser  wrote:

> Well that's... interesting.
>
> Anyone heard any rumors about what their roadmap might be?  These
> acquisitions of an independent service by a larger portfolio company rarely
> seem to well for customers of the independent service if you're not also a
> customer of the large one.
>
> Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
> that
> Manager of Network Operations   |  is simple, elegant, and wrong.
> Worcester Polytechnic Institute |   - HL Mencken
>
> On 10/22/2015 10:43 AM, Lee H Badman wrote:
>
>> FYI.
>> *Lee Badman*| Network Architect
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003 *f* 315.443.4325 *e* _lhbadman@syr.edu_
>>  *w* its.syr.edu
>> *SYRACUSE UNIVERSITY
>> *syr.edu
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Zebra Wireless

[Coehoorn, Joel]

Has anyone here used or looked the Zebra wireless platform (formerly
Motorola/Symbol)?  I'm looking at them for a deployment away from the main
campus. They have a very tempting AP line-up with pricing less than $250
per AP, and I wonder if anyone else has used or looked at them.


Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Coehoorn, Joel]

HEOA just requires that we provide an individual notices to students once
per year that includes an explanation of copyright and our enforcement
policies. Said policies must include technical measures to limit copyright
infringement and a policy to promote legal alternatives, but I didn't see
anything in there about data retention requiring us to keep logs relating
IPs/MACs to users.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Sep 7, 2015 at 5:38 PM, Steve Bohrer 
wrote:

> Hi Jeff,
>
> Can you comment on how the Higher Education Opportunity Act (HEOA) fits
> into this? Our understanding is that HEOA, in addition to the opportunity
> of Pell grants, now also gives us the opportunity to provide specific
> annual user eduction about copyright, and to get involved with copyright
> enforcement. IANAL enough to discuss whether HEOA compliance requires more
> or less user identity info than DMCA compliance, but HEOA was historically
> one of the reasons we've tried to know who owns the devices on our wired
> and wireless networks. Are there Educause or other resources about HEOA
> similar to the one you cite for DMCA?
>
> Steve Bohrer
> Network Admin, ITS
> Bard College at Simon's Rock
> 413-528-7645
>
> > On Sep 4, 2015, at 5:28 PM, Jeffrey D. Sessler 
> wrote:
> >
> > Matthew,
> >
> > Under the DMCA, the ISP only has to, upon learning of the infringing
> transmission, act quickly to remove or disable access to the infringing
> transmission. We can carry that out with no knowledge of who’s behind the
> device. That said, it only applies to resources owned by the institution.
> >
> > Here is some key info in case you’re interested. Some of it is sourced
> from from an EDUCAUSE FAQ for DMCA designated agents in higher-ed.
> >
> > If your institution, after taking reasonable efforts to investigate and
> match a user to the IP address designated in the DMCA notice, cannot, for
> technical or other legitimate reasons, match a user to this IP address, the
> DMCA does not specifically require any other action.
> >
> > The DMCA does not include a records retention requirement for logs. So,
> if your record retention for radius, dhcp, etc. is only 7 days, and a DMCA
> notice arrives for something that occurred 14 days ago, then you are under
> no obligation to do more.
> >
> > Resources owned by an institution—such as faculty, staff, or computer
> lab computers—fall under 17 U.S.C. Section 512(c). This section provides a
> safe harbor for an ISP so that it is not liable for monetary damages for
> infringing materials on its servers provided it does not have “actual
> knowledge” of the infringing material, does not receive a direct financial
> benefit from the infringement, and, when notified, responds “expeditiously”
> to remove the infringing material or disable access to such material.
> >
> > Most student and guest activity on university networks occurs through
> personally owned equipment and thus falls under 17 U.S.C. Section 512(a).
> This section provides immunity to the ISP for information that simply
> transits the ISP’s networks, with no direction, input, or interference from
> the ISP itself, and is not stored anywhere on the ISP’s network. Notably,
> no additional proactive steps are required for an ISP to avail itself of
> this immunity. However, for a variety of reasons, some institutions have
> made a policy decision to treat these notices as if they fall under Section
> 512(c), terminating users from the network unless and until the infringing
> content is removed. Often such activity is handled through a student
> affairs process, rather than as a legal or IT matter, so as to seize upon a
> “teachable moment” for students.
> >
> > If you’re interested, here is the link:
> >
> http://www.educause.edu/focus-areas-and-initiatives/policy-and-security/educause-policy/issues-and-positions/intellectual-property/dmca-faq
> >
> >
> > Jeff
> >
> >
> >
> > On 9/4/15, 1:58 PM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Williams, Matthew" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of mwill...@kent.edu> wrote:
> >
> >> Jeff,
> >>
> >> Without knowing who is behind the device, how do you handle copyright
> issues?
> >>
> >> Respectfully,
> >>
> >> Matthew Williams
> >> Manager, Network and Telecommunications Services
> >> Kent State University
> >> Office: (330) 672-7246
> >> Mobile: (330) 469-0445
> >>
> >> -Original Message-
> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
> >> Sent: Friday, September 4, 2015 4:24 PM
> >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> >> Subject: Re: [WIRELESS-LAN] Supporting 

Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[Coehoorn, Joel]

The difference between us and a McDonalds or Starbucks is that we are the
student's residence. They can't as easily just wait or go elsewhere in
order to do things that really should not be done on an open wifi
connection.

Additionally, this is the first encounter with the issue for many students.
They haven't yet had a chance to know that they should care. Therefore, I
do believe it is our responsibility to provide the secure option and
educate our students on the importance of using it.

At the same time, college students are supposedly adults now, and capable
of making their own decisions, and so I try to provide both options (we
really do have an completely open SSID), along with some education and a
nudge via SSID naming that the secure SSID may be "better" in some
ephemeral way.




Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Sep 4, 2015 at 2:09 PM, Frans Panken 
wrote:

> Jeff,
>
> Jeffrey D. Sessler schreef op 04/09/15 om 20:55:
> > Just to turn this on it’s ear a bit...
> >
> > Why not go back to an open network for student devices, with the same
> EULA as they’d get be it at a Starbucks, McDonalds, hotel, or convention
> center? Why are we (my self included) so hell bent on student devices
> connecting via WPA-Ent and all the challenges associated with accommodating
> devices that can’t?
> Basically, because you do not know who is behind the device if this user
> does something that conflicts with any of the policies (e.g., security
> to name one).
> >
> >
> > Does data exist that shows all of this overhead we’ve created has had
> any measurable benefit (for the cost), especially when the same users
> aren’t concerned about over-the-air security when at the above mentioned
> places?
> Regardless of the numbers, I will tell you it was worth it.
>
> Inmagine the blames your institute copes with if some one decides to put
> a rogue access point in between that cathes all kinds of privacy data?
> The end-user will blame the institue because it happended there!
>
> Note that there are easy out-of-the-box tools that are dedicated for
> these kind of attacks and easy to set-up, even for a 12 year old. For
> example, have a look at pineapple: https://www.wifipineapple.com/
> (very usefull to play with!)
>
> Or Nethunter, that uses Linux Kali and is installed on a simple phone or
> tablet (http://www.nethunter.com/).
>
> >
> > Why do we care so much? Is there some middle-ground that is “good
> enough” but provides almost the same experience as at home?
> Seriously, you have an open network at home?? You login with your bank?
> Ever hear of SSL strip (if not, I recommend to Google it and watch that
> little slot in your browser continously)
>
> >
> > Would our efforts be better spent implementing other beneficial
> technologies such location-aware WiFi, where after the student connects all
> their AppleTV, TimeMachine, and Chromecast devices, the network is smart
> enough to provide them visibility of only those devices when in/near the
> same location e.g. Location-aware bonjour?
> I hope the arguments above convinced you. If not, I think I can think of
> some more...
>
> -Frans
> >
> >
> >
> > Jeff
> >
> >
> > On 9/4/15, 7:51 AM, "The EDUCAUSE Wireless Issues Constituent Group
> Listserv on behalf of Lee H Badman"  on behalf of lhbad...@syr.edu> wrote:
> >
> >> Where it gets interesting- broadcast and single class C required. But-
> this is a great summary of requirements.
> >>
> >> Lee Badman | Network Architect
> >> Information Technology Services
> >> 206 Machinery Hall
> >> 120 Smith Drive
> >> Syracuse, New York 13244
> >> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
> >> SYRACUSE UNIVERSITY
> >> syr.edu
> >>
> >> -Original Message-
> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
> >> Sent: Friday, September 04, 2015 10:46 AM
> >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> >> Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in
> the dorms- quick Survey
> >>
> >> Here is my first pass at requirements:
> >>
> >> 1. The service must prevent or discourage devices that ARE capable
> of using 802.1x authentication from using the service.
> >>
> >> 2. The service should provide some sort of traceability of devices
> back to their owners.
> >>
> >> 3. The service must provide some method to deny access to an
> individual device.
> >>
> >> 4. The service must be easy enough to use that the average student
> can connect a device to the network in 10-15 minutes without requiring
> assistance from ITS.
> >>
> >> 5. The service must restrict access to only authorized 

Re: [WIRELESS-LAN] Lab Computers and wireless

[Coehoorn, Joel]

Could you do machine authentication for these devices, and put them into a
vlan dedicated to the labs?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 1, 2015 at 4:08 PM, Frank Sweetser  wrote:

> A few people have mentioned dropping user categories into different VLANs,
> which is certainly one viable option.  However, this may cause problems for
> the multi user machines, as having the machine flip VLANs on login can be
> disruptive.
>
> As an alternative, you may be able to use the wireless controllers as the
> control point by defining different firewall policies there, and selecting
> the policy on a per login basis. You still have user based resource
> availability, but the machine never has to change VLAN or IP address.
> 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> On September 1, 2015 4:22:24 PM EDT, Paul Crittenden <
> paul.critten...@simpson.edu> wrote:
> >We are predominately a Meru shop. We have a staff and a student SSID
> >and a Windows Radius server for authentication.  To complicate this we
> >have lab laptops which both students and staff need to be able to log
> >into. Currently we have no way to prevent students from connecting to
> >our staff wireless and staff to student and still allow both students
> >and staff to connect to lab laptops.
> >
> >We have been charged to find out how other institutions are handling
> >this and what best practices they are using for this situation.
> >
> >Thanks in advance for any insight you may be able to offer.
> >
> >
> >**
> >Participation and subscription information for this EDUCAUSE
> >Constituent Group discussion list can be found at
> >http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

[Coehoorn, Joel]

I wonder if the student in question carries a cell phone?



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 1, 2015 at 8:10 AM, Barrett, Bruce  wrote:

> We are getting complaints about this from our business areas, Enrollment
> Services etc. I was curious where the 9 feet from an AP recommendation came
> from.
>
>
>
> Bruce
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Charlie Weaver
> *Sent:* Tuesday, September 01, 2015 8:53 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Yes, it sets a precedent that you are going to meet the students’ needs
> and protect the university.  If the parents and the students think it’s an
> issue, why try and force the matter when it is easy enough to move the AP
> and let them plug into the network through a port in the room.
>
>
>
> If they ask for the wireless on the entire campus to be turned off or in
> all of the classrooms the student is in, then it’s a different story.
>
>
> While this is not an ADA issue, the ADA laws talk of “reasonable
> accommodation”.  I would be hard pressed to believe this request was not
> reasonable.
>
>
>
> Ridiculous yes, but still very reasonable.
>
>
>
> Charlie Weaver
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Frank Bulk
> *Sent:* Monday, August 31, 2015 12:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Doesn’t that set a precedent?
>
>
>
> Frank
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Gruenhagen, Tim
> *Sent:* Thursday, August 27, 2015 10:12 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> Coincidentally, we just moved an AP out of a student's room because her
> parents were certain that it was a health hazard to be within 9 feet of an
> AP.  No point in arguing with an upset mom.
>
>
>
> On Thu, Aug 27, 2015 at 10:59 AM, Lee H Badman  wrote:
>
> Two words:  Lawyers… geeze.
>
>
>
> *Lee Badman* | Network Architect
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Bob Brown
> *Sent:* Tuesday, August 25, 2015 5:35 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> FYI We’ve included a link to the lawsuit and the school’s statement on
> this lawsuit in this piece:
> http://www.networkworld.com/article/2975945/mobile-wireless/massachusetts-boarding-school-fay-southborough-sued-over-wi-fi-sickness.html?nsdr=true
>
>
>
>
>
> *Bob Brown*
>
> Online Executive Editor, News
>
> T: 508.766.5418
>
> LinkedIn  | Twitter:
> @alphadoggs  | Facebook profile
>  | Google + profile
>  | Instagram
> 
>
>
>
> *NETWORK* *WORLD*
>
> 492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002
>
> NetworkWorld.com  | Media Kit
>  | Conferences & Events
> 
>
> An IDG Enterprise  Brand
>
>
>
>
>
> *From: *, James Patrick 
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Tuesday, August 25, 2015 at 4:43 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making
> son sick.
>
>
>
> I'll drink to that!
>
>
>
> -- Jim Gogan
>
> ITS Communication Technologies
>
> Univ of North Carolina at Chapel Hill
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Chuck Enfield
> *Sent:* Tuesday, August 25, 2015 4:29 PM
> *To:* 

Re: [WIRELESS-LAN] LTE over Wi-Fi spectrum sets up industry-wide fight over interference

[Coehoorn, Joel]

The good news is that LTE-U still has the same power limitations as other
unlicensed uses. Telecom companies won't be able to easily provision an
LTE-U tower every 30 meters within our campus, limiting their ability to
cause interference.

Instead, I see them mostly using this fill coverage gabs by selling wifi
routers with an LTE-U service built-in for rural and other underserved
areas. Additionally, I see them using this to try to push their backhaul
costs onto other providers. A Verizon could get a Cox to help foot their
transit bill by selling their special routers to customers at just below
their cost. Consumers would buy these routers because they are cheaper, and
suddenly Verizon gets some free spectrum in that area and can manage
things so the call terminates at the Verizon location nearest the other end
of the conversation.

The biggest risk on our end is probably having students bringing routers
with this ability into their residences, but we can deal with that the same
way we've always done... well, almost, depending on how the whole Mariott
thing turns out.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Aug 27, 2015 at 4:12 PM, Thomas Carter tcar...@austincollege.edu
wrote:

 Don’t forget the WiFi SLA discussion – another source of interference
 outside of our control.



 Thomas Carter

 Network and Operations Manager

 Austin College



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Philippe Hanset
 *Sent:* Thursday, August 27, 2015 2:17 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] LTE over Wi-Fi spectrum sets up
 industry-wide fight over interference



 We can now combine three threads that we have had over the summer on this
 list

 5 GHz, Containment, and the LTE-U controversy (this thread just started)



 LTE-U and Jamming…will my Wi-Fi equipment provider enable LTE-U
 “containment” and as a University/College how can I prevent LTE-U from
 interfering

 with my 5GHz deployment.



 Oh boy…



 Philippe



 Philippe Hanset

 www.eduroam.us







 On Aug 27, 2015, at 2:55 PM, Hinson, Matthew P 
 matthew.hin...@vikings.berry.edu wrote:



 Source:
 http://arstechnica.com/information-technology/2015/08/verizon-and-t-mobile-join-forces-in-fight-for-wi-fi-airwaves/#p3



 It was only a matter of time.



 Thank you!

 Matthew Hinson

 Supervisor, Network Operations

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Off-Topic: Apple Cloud/Virtualization?

[Coehoorn, Joel]

While I expect your first choice here is to go 100% native, if you don't
find a better option the folks at Xamarin have done a pretty good job
letting you build iOS apps on Windows with Visual Studio.​



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Jun 8, 2015 at 8:38 AM, Ashfield, Matt (NBCC) matt.ashfi...@nbcc.ca
 wrote:

  My apologies for the off-topic post, but this is head and shoulders the
 best higher ED list I’m a part of, so thought I’d ask here…



 Our College is going to be teaching a module on Native IOS App
 development. They will be using the IOS SDK’s to develop the apps. (ie,
 this is not HTML5 apps).



 Where this is one module of a larger program, the idea of buying a bunch
 of Macs for a lab is not overly cost-effective. I thought I’d ask here to
 see if anyone has had any success with Mac-in-a-cloud type of services, or
 possibly a mac-server providing terminal-services/vm type of services?



 Any info you can provide is appreciated. To minimize off-topic traffic to
 the list, please email me directly at matt.ashfi...@nbcc.ca



 Thanks,



 Matt

 NBCC


  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] google play ACL

[Coehoorn, Joel]

Wow. All of Amazon, too? I'm sitting on the outside of this process looking
in, hoping to do something like this before the end of the summer, and that
ACL is depressing.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, May 29, 2015 at 1:37 PM, Turner, Ryan H rhtur...@email.unc.edu
wrote:

  Thank you, Jacob.  Looks like I may have to go this route as well.



 Ryan H Turner

 Senior Network Engineer

 The University of North Carolina at Chapel Hill

 CB 1150 Chapel Hill, NC 27599

 +1 919 445 0113 Office

 +1 919 274 7926 Mobile



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jacob Bennefield
 *Sent:* Friday, May 29, 2015 10:26 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] google play ACL



 We have been working with Ruckus and Cloudpath on this issue as well.
 These are the web addresses we allow to make google play and a few other
 things accessible.  You basically have to open up everything to google but
 google.com



 2  ocsp.digicert.comEditClone

 3  crl3.digicert.com   EditClone

 4  crl4.digicert.com   EditClone

 5  *.play.google.com   EditClone

 6  *.ssl.gstatic.com   EditClone

 7  *.android.clients.google.com EditClone

 8  *.googleusercontent.com   EditClone

 9  *.ggpht.com  EditClone

 10   *.geotrust.com EditClone

 11   *.appengine.google.com EditClone

 12   *.settings.crashlytics.com
 EditClone

 13   *.googleapis.comEditClone

 14   *.cloud.google.comEditClone

 15   *.gvt1.com EditClone

 16   *.android.com  EditClone

 17   passwordreset.lamar.eduEditClone

 18   *.amazon.com  EditClone







 Jacob Bennefield, BBA

 Manager of Network Services

 Lamar University

 jacob.bennefi...@lamar.edu

 Phone: 409-880-7997



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Turner, Ryan H
 *Sent:* Friday, May 29, 2015 9:01 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] google play ACL



 Hello all,



 I’ve asked this question in the past, got some answers, attempted to
 implement some solutions, and have ultimately been disappointed with the
 results…



 Our problem:  We have a limited access onboarding SSID.  Currently, users
 must download the cloudpath agent directly from OUR server, requiring them
 to configure their devices to allow non google market place applications.
 I am attempting to streamline the onboarding process by allowing access to
 google play directly to download the onboarding application, but am failing
 miserably…  I have put up the white flag and opened up most of google, but
 now I am finding that through a combination of cache servers, and Samsung
 devices that appear to query for their own app store first, my results work
 only half the time.



 Has anyone else figured out a way to solve this madness?  We are not going
 to open up the SSID to everything, because people would just use it and not
 the proper wireless.





 Ryan H Turner

 Senior Network Engineer

 The University of North Carolina at Chapel Hill

 CB 1150 Chapel Hill, NC 27599

 +1 919 445 0113 Office

 +1 919 274 7926 Mobile



 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 CONFIDENTIALITY: Any information contained in this e-mail
 (including attachments) is the property of The State of Texas and
 unauthorized disclosure or use is prohibited. Sending, receiving or
 forwarding of confidential, proprietary and privileged information is
 prohibited under Lamar Policy. If you received this e-mail in error,
 please notify the sender and delete this e-mail from your system.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent 

Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

I'll add another anecdotal viewpoint that I don't think anyone chooses to
go to a specific school because of the wireless. I do think a student
*may *choose
NOT to go to a specific school if the student has a bad wireless
experience.

A candidate is more likely to assume the wifi works, and their one bad
experience is an aberration, unless it happens repeatedly or they hear
other students complain about it. A simple, Yeah, it's always like that
comment. and suddenly a candidate goes elsewhere, but unless that happens
wifi just isn't on a candidate's radar. Even if it is, many high schooler's
don't yet have their own laptops (it's becoming a common graduation
present), and will instead rely on a phone that has a backup data plan.
This is especially true on a campus visit. Many candidate may never even
try to connect to your network before arriving as a student for the first
time.

A current student will know better (or think they know better) by the end
of the their first term. A single bad experience here or there typically
won't matter much, but a consistently poor result may contribute to a
transfer decision where wifi is one factor. I think wifi is rarely if ever
the only factor, but the poorer the provided wifi service gets the more it
has a potential to be a big factor.
​​
In other words, wifi service can translate over into the retention side of
things, but teasing out just how much is challenging. The wifi service is
important, but it's probably a mistake to try to build out the service to
the level where you could see it as a competitive advantage over other
institutions. As long as you don't fall significantly behind, you should be
in good shape. Failing to provide service at all, though, is to risk
falling significantly behind. Again, this is my anecdotal viewpoint.

  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, May 14, 2015 at 10:33 AM, Chuck Enfield chu...@psu.edu wrote:

 I agree with the utility analogy, but what does that tell us?  Not much, I
 think.   Natural gas is also a utility, but request that in your office and
 see what kind of response you get.  The utility analogy fails to answer
 many
 question related to how and where we should deliver Wi-Fi services.  The
 answers to these questions must be driven by business requirements, and
 those are challenging to define.

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson
 Sent: Thursday, May 14, 2015 10:35 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless)
 service, or not to provide (wireless) service...

 Wi-Fi has become an (expensive to maintain) utility.  It is just expected
 to
 be there and work well.  You don't have people going around asking how much
 of a deciding factor the reliability of the electricity is for choosing
 where to go to school.

 Also, 7Signal isn't exactly an unbiased party with no conflicts of
 interest...

 On Thu, May 14, 2015 at 09:58:29AM -0400, Chuck Enfield wrote:
  I have no doubt that network availability, accessibility, and
  performance all affect student satisfaction.  But my question is
  directed at the issue of recruitment and retention, as these things
  have a clear impact on the bottom line.  It stands to reason that
  student satisfaction affects the bottom line as well, but to what
  extent is far less clear.  If we can't figure out if networking is a
  significant factor in who chooses to attend our institutions, it's
  highly unlikely we'll figure out how it affects things like alumni
  activity, donations, etc..
 
  The (undated) graphic Chris provided is the first time I've seen a
  survey of students that addresses the recruitment question.  38% say
  Wi-Fi quality is a deciding factor is pretty powerful.  That said, how
  students choose their institution is a well-researched question and
  I've never found information like this in any other source.  Typical
  of what I find is this 3 year old data from a UCLA survey:
 
  1. College has very good academic reputation (63.8 percent) 2. This
  college's graduates get good jobs (55.9 percent) 3. I was offered
  financial assistance (45.6 percent) 4. The cost of attending this
  college (43.3 percent) 5. A visit to this campus (41.8 percent) 6.
  College has a good reputation for its social activities (40.2 percent)
  7. Wanted to go to a college about this size (38.8 percent) 8.
  College's grads get into top grad/professional schools (32.8 percent)
  9. The percentage of students that graduate from this college (30.4
  percent) 10. I wanted to live near home (20.1 percent) 11. Information
  from a website (18.7 percent) 12. Rankings in national 

Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

What is the motivation here?

I ask because this sounds like a cost thing. It sounds like the President
is looking at 3 hefty expenses:

1. Existing fixed line internet service
2. Wifi Upgrades
3. Staff support costs for Wifi services

and is hoping to avoid all three of these by switching to an LTE/3G
service. Suddenly the bulk of the fixed-line internet bill goes away, you
don't have to pay for wifi upgrades, and support issues are just directed
to the carrier, instead of institutional IT staff.

Personally, I can't imagine the numbers possibly working out in your favor,
given what I've seen of carrier LTE rates (even if it is just as a
consumer). Pull up your logs and find out how much bandwidth you've used
over a period of month. Then find out how much it would cost to purchase
that data, and I expect that even the bulk rates will give the President
sticker shock and make this whole thing go away.

It may also be that cost is a side issue, and it's really about
streamlining the student experience... suddenly internet access issues are
a carrier issue, and even when students have problems they'll tend to
direct their ill-will at the carrier instead of your institution, plus it
gives IT the ability to function at a higher level, looking at capabilities
and services more than day to day network support. But again, I think the
cost here will orders of magnitude over what is expected.

The day is coming when this kind of service will make sense, but we're not
there yet. And it goes further than just bulk-purchasing LTE data. Just
like now most wireless systems tunnel traffic to a controller appliance
 before terminating it on the university network, someday cellular services
will tunnel traffic even from desktop computers to a leased service in the
cloud, to create private institutional cellular networks, where none of the
network infrastructure resides on campus. But that's a *long* way off yet.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, May 13, 2015 at 9:04 AM, Mark Elley mark.el...@bristol.ac.uk
wrote:

 Hi Brian,

 If 3/4G is seriously being considered by senior management then before any
 decision is actually taken there should be a serious amount of testing (by
 them) - the term 'eating your own dogfood' springs to mind.  I can't
 imagine using a mifi at home to stream Netflix or to download an Apple
 update, especially when the 2.4GHz spectrum will be terribly managed and
 the 3/4G network saturated by huge amounts of traffic.  If they value
 customer satisfaction then there is no option but to invest in wireless
 IMHO.

 Good luck with the case.

 Mark Elley
 Residential  Mobile IT Manager
 IT Services, University of Bristol

 On 13 May 2015 at 14:42, Christopher Michael Allison 
 chris.m.alli...@siu.edu wrote:

  An article I found about LTE replacing services it isn't wifi but it
 gives a detailed account of how LTE connection was tested. It isn't
 directly related to higher ed applications but it give a good account of
 the impact of congestion on an LTE service.



 http://www.networkworld.com/article/2226079/wireless/how-i-replaced-wired-internet-with-4g-lte.html




   CHRISTOPHER ALLISON
 Network Engineer I

   Information Technology
  Mail Code 4622
  625 Wham Drive
 Carbondale, Illinois 62901

  chris.m.alli...@siu.edu +chris.m.alli...@siu.edu
  P: 618 / 453 - 8415
  F: 618 / 453 - 5261
 INFOTECH.SIU.EDU http://infotech.siu.edu/


  *Choose a job you love, and you will never have to work a day in your
 life.*
  Confucius
   --
 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Hunter Fuller 
 hf0...@uah.edu
 *Sent:* Wednesday, May 13, 2015 8:36 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] AW: [WIRELESS-LAN] To provide (wireless)
 service, or not to provide (wireless) service...


 That sounds extremely painful. I cannot imagine deploying a solution that
 97+% of laptops cannot use directly.

 --
 Hunter Fuller
 OIT

 Sent from my phone.
 On May 13, 2015 8:25 AM, Brian Helman bhel...@salemstate.edu wrote:

  I have a little more information to provide now.  I absolutely
 appreciate that it will be extremely tempting to respond with biased
 opinions.  I don’t think there is anything that can be said that I haven’t
 already expressed to my team.  However, that will not help me write up my
 recommendation.  So that being said, feel free to chime in with tangible
 reasons to do this or not…



 Apparently, our president heard that some schools are investigating
 purchasing bulk data contracts with mobile (“cellular”) carriers for data.
 The idea is, we would stop providing 802.11g/n/ac wireless in the residence
 halls and instead provide students 

Re: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[Coehoorn, Joel]

I'm considering a student-funded Wifi refresh project. Our Wifi system was
designed for 2.4Ghz, with 2.4/5Ghz dual-radio APs added over the last two
years such that the new AP was just dropped into the same spot as the old
2.4-only model. These are mainly in hallways instead of student rooms.

Needless to say, the 5Ghz coverage isn't very good. The overlap is just bad
enough that 5Ghz devices are often at a range where they get signal that's
just good enough to avoid jumping to 2.4, especially certain devices
**cough**apple**cough**, but is noticeable weaker than what we'd like to
see. Overall adding 5Ghz has been an improvement over 2.4-only, but it
hasn't helped to the degree that it should.

The next logical step is to get the APs into student rooms. However, the
funding just isn't there right now. Having just spent the money for
dual-radio APs, the thinking is to get another year out of this equipment
and start the move to 802.11ac next summer. Hopefully the ac stuff will be
cheaper by then, as well.

To help us get through this next year, I'm working on a proposal to have
students sponsor new access points. If, say, a 4-student suite can put the
funds together for a new AP, we'll put the AP in their room for this year.
Of course, the next year we'll be free to move the AP to where it will do
the most good.  I'm going to propose we ask student to put up 50% of the
cost of the AP. More than that, and they may feel that they own the device,
and tamper with or take it with them. Less than that, and there's not much
point to making the offer. It helps that our APs are fairly inexpensive to
begin with; the student cost would be about $250, and that's a reasonable
amount with split 2-4 ways.


  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] troubleshooting wireless issues

[Coehoorn, Joel]

One resource we use is our student workers. They hear and know things about
student perception of the network that faculty and staff just don't. But
again... smaller campus, and it's still reactive rather than proactive.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Apr 2, 2015 at 3:34 PM, Ankit Agarwal aagar...@cca.edu wrote:

 Hi Dave,

 We have the same problem. Students don't like to reach out to help desk or
 create tickets. I usually ask faculty or staff if they hear any complains
 about wireless. I also sometimes walk around and ask students how wireless
 is working for them and what areas they face issues. Its easier for me as
 we have small campuses. But I am not sure how good this approach will be
 for bigger universities.

 Regards,

 *Ankit Agarwal*
 Network Engineer
 California College of the Artstechnology.cca.edu |Email: aagar...@cca.edu


 On Thu, Apr 2, 2015 at 1:09 PM, Alexander, David alexa...@ohio.edu
 wrote:

  I’d like to know what other schools are doing to proactively
 troubleshoot wireless issues on your campus.



 Our network team does a great job of troubleshooting end user wireless
 connectivity issues when a customer calls the Service Desk to report an
 issue, but end users don’t like to call our Service Desk to report issues.
 Because of this, end users assume our network sucks or they try their own
 workarounds (eg. using cellular data, etc.).



 What level of success do you have with customers contacting your Service
 Desk about connectivity issues?  Do you do anything to proactively find out
 if customers are having connectivity issues?



 It seems like a lot of the issues are on the client side (eg. updating
 Surface Pro drivers, applying a Mac fix, etc.).  What approaches are you
 using to communicate about device specific issues?



 I’d appreciate any feedback you have on how you are approaching this
 issue on your campus to improve end user experience with your wireless
 network.



 Thanks,

 Dave
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

[Coehoorn, Joel]

I used to prefer e-mail as well, but lately I've appreciated the web site
format more and more. Part of the reason is that it's so easy to turn this
kind of web site into an e-mail subscription... this is what RSS is made
for. That said, the reason I've preferred the web site is the ability to
find the content through Google, and I'm not sure something that is
publicly indexed is the right place to foster these discussions.

What I'd really like is something that lives in between a Stack
Overflow/Stack Exchange QA site and a traditional forum/bb format...
something that is better at discussion than Stack Exchange, but does a
better job of surfacing the truly useful discussions than a forum.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Mar 18, 2015 at 2:17 PM, Lee H Badman lhbad...@syr.edu wrote:

  You could be right- I used to run a Google group for regional ham radio
 nerds, I think that did both (I think).



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Frank Sweetser
 *Sent:* Wednesday, March 18, 2015 3:07 PM

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Looking for interest among Wi-Fi
 professionals



 Perhaps best of both worlds? I believe there are some forums in which you
 can participate equally through both mailing lists and web forums.

 On March 18, 2015 2:59:56 PM EDT, Lee H Badman lhbad...@syr.edu wrote:

 I hear you and get it, Ian- thanks.





 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald
 *Sent:* Wednesday, March 18, 2015 2:58 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Looking for interest among Wi-Fi
 professionals



 Can't see me using anything that I have to visit and look at rather than
 it being delivered to me like a listserv. There's just not the time in the
 day.

 Best Regards

 Sent from my phone, please excuse brevity and/or misspelling.
   --

 *From: *Lee H Badman lhbad...@syr.edu
 *Sent: *‎18/‎03/‎2015 17:49
 *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject: *[WIRELESS-LAN] Looking for interest among Wi-Fi professionals

 This is not meant to self-promote, apologies if it seems that way. Looking
 for interest on whether those on the list would get value out of a
 potential new wireless-oriented discussion board, as described here:




 https://wirednot.wordpress.com/2015/03/18/hey-wireless-professionals-would-you-use/



 Won’t hurt my feelings either way, but could be kind of valuable if you
 picture it widely used.



 Regards-



 Lee Badman







 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 --
 Sent from my Android device with K-9 Mail. Please excuse my brevity.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm chipset | PCWorld

[Coehoorn, Joel]

It's gonna be a long time coming, but I think the eventual end-game here is
we stop providing residential service at all. As the unlicensed spectrum
deteriorates and the licensed providers (Verizon, ATT, et al) improve
service and rates, eventually we'll hit a tipping point where it no longer
makes sense. Students will just use their cell service. But again... that's
a very long ways off yet. In the meantime, we have to do the best we can
with the spectrum available to us.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Feb 27, 2015 at 8:47 AM, Chuck Enfield chu...@psu.edu wrote:

 Without a doubt, but I assumed it's unavoidable.  Such is the nature of
 unlicensed spectrum.  More wireless devices means more congestion, which
 means anybody for whom it's important that their systems work well will
 put them in the best available band until eventually it is saturated too.
 The only solution I can conceive of is to make enough unlicensed spectrum
 available that everything can coexist in an mutually acceptable manner.
 We don't have that with 5GHz.  Add 60 GHz to the mix, with lots of
 high-capacity channels and poor propagation, and we probably get some
 breathing room, but even then I don't know how long it will last.

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
 Sent: Friday, February 27, 2015 8:45 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new
 Qualcomm chipset | PCWorld

 All I can say is that if we continue down this path, the 5GHz band will
 eventually turn into the mess that the 2.4GHz band is today. There might
 be more channels available in the 5GHz band, but there is a colossal
 parade of devices that are on their way to invade it, and it's not going
 to be pretty.

 Now, off to find fight rogues.

 Hector Rios
 Louisiana State University


 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
 Sent: Thursday, February 26, 2015 7:15 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new
 Qualcomm chipset | PCWorld

 http://www.pcworld.com/article/2889792/lte-can-mooch-off-of-wifi-spectrum-
 with-new-qualcomm-chipset.html

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks

[Coehoorn, Joel]

 I do think this can be good for Aruba  If integrated well, HP could
have a compelling
 package with ProCurve and Aruba all managed under AirWave with some magic
SDN
 sprinkled in there somewhere.

We'll see how it works out. We had a 3Com system once upon a time. Remember
3Com?




  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Feb 26, 2015 at 1:23 PM, Thomas Carter tcar...@austincollege.edu
wrote:

   I kept telling our Dell reps that Dell needs to buy into wireless and
 grab Aerohive or Ruckus. They would just mention the Aruba deal; we’ll see
 what happens with that.

 I do think this can be good for Aruba. I see it as this – Cisco is a
 company that does $50B revenue annually and spends $6B in RD. I know
 that’s not all wireless, but Aruba has $725M annual revenue with $170M RD.
 They need the financial backing to stay in second and maybe close the gap
 on Cisco. If integrated well, HP could have a compelling package with
 ProCurve and Aruba all managed under AirWave with some magic SDN sprinkled
 in there somewhere.

 Thomas Carter

 Network and Operations Manager

 Austin College

 903-813-2564

 [image: AusColl_Logo_Email]



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey Sessler
 *Sent:* Thursday, February 26, 2015 10:59 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba
 Networks



 Makes sense. Aruba is #2 in the market (but pretty distant from Cisco),
 and HP is 4th depending on who to talk with, so acquiring Aruba would put
 their combined market share well past the other competition, and a tad
 closer to Cisco. Then again, it could go all wrong under HP. I thought Dell
 would have been a better match - I wonder what happens to the Aruba/Dell
 oem relationship if this happens? Or the Alcatel oem agreement.



 Jeff

  On Wednesday, February 25, 2015 at 1:07 PM, in message 
 b46a050c-963c-4838-acec-6c890472e...@exchange.louisville.edu, Trent Hurt
 trent.h...@louisville.edu wrote:

 http://mvnoblog.com/hp-is-reportedly-trying-to-buy-aruba-networks/

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.
 http://www.educause.edu/groups/

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] NAT tracking question

[Coehoorn, Joel]

I was wondering the same thing.

Thinking about the problem, it occurred to me that for institutions that
once had enough IPs to go around to each device, getting more IPs to handle
the recent explosion in the number of devices per person and the number of
simultaneous online devices may be a challenge as IPv4 exhaustion is upon
us. In that case, NAT'ing one external IP for all of an individual users'
devices would still meet any identification goals.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Feb 23, 2015 at 2:13 PM, Chuck Anderson c...@wpi.edu wrote:

 If you have 1 public IP address reserved for each individual user, why
 do you need to do NAT at all?  This is a serious question--if you
 aren't saving public IPs by doing 1:many NAT, why do NAT at all?

 Thanks.

 On Mon, Feb 23, 2015 at 11:33:45AM -0500, Norman Elton wrote:
  We play tricks with our ISC DHCP server and a pair of F5 LTMs (similar
  to the A10 gear). The DHCP server hands out predetermined private IP
  addresses to devices as soon as we determine ownership (through our
  NAC). For outbound traffic, the F5 uses this private IP address to NAT
  to a public IP address that is reserved for the individual user. The
  end result is that no matter where the device is on campus, we know
  that 128.239.x.y is something owned by Joe Smith. If we need to know
  exactly which device, we consult our flow logs. But at least we're 99%
  confident we're dealing with the right student.
 
  I'm happy to share the gory details if someone wants to wrap their
  head around it.
 
  Norman Elton
  College of William  Mary
 
 
 
  On Mon, Feb 23, 2015 at 10:30 AM, Danny Eaton dannyea...@rice.edu
 wrote:
   We've got our Juniper SRX 5800 doing our NAT for all wireless, plus
 all students and visitors (wired or wireless).
  
   We send those logs (and the SRX is VERY CHATTY about NAT) to our
 Splunk server for the tying together of date/time, public IP and private IP
 - in the event we get a notice from some TLA.
  
   -Original Message-
   From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart
   Sent: Monday, February 23, 2015 9:12 AM
   To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
   Subject: Re: [WIRELESS-LAN] NAT tracking question
  
   We use a Sonicwall E8500 for NAT, it will log all NAT translations and
 send them as syslog to a server for storage. I have logrotate changing
 files every hour to make it easier to search on.
   --
   Heath Barnhart
   ITS Network Administrator
   Washburn University
   Topeka, KS
  
  
   On Wed, 2015-01-14 at 14:49 -0500, Jerry Bucklaew wrote:
   To ALL:
  
   We have a large Cisco wireless deployment with public ip address
   space.  Getting more public IP's is getting difficult so we are
   considering going to NAT.  The issue we have with NAT is that we still
   want to be able to map an outside IP back to a individual user.  Once
   you go to NAT that of course becomes more difficult to do.   I know a
   lot of you are probably already doing this and I was wondering how and
   what products do you use?  I assume most have a one to many NAT and
 then
   use something like a netflow collector to to track the inside NAT IP
 to
   the outside Src-IP/DST-IP/Port/Time. Any good working solutions or
   products would be helpful.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Interesting Wifi 3-D Visualization

[Coehoorn, Joel]

If you haven't seen this already, it's worth your time

http://www.engadget.com/2015/02/16/wifi-mapping-in-3d/

My favorite line is, The distance between these features is roughly the
same as one wavelength of 2.4Ghz.


  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

 does the enterprise wlan market need to figure out how to look more like
a consumer wlan? Is this a problem EDU's have created because of some
desire to provide a service that's more complex or invasive to use then it
has to be? Is there really a need to on-board devices and have them
associate using WPA2 Ent, or could we support the bulk of our users
(especially students) using something more consumer friendly?

THIS. For a few years now I've been wishing for an encrypted wifi offering
that works much more like SSL does on the web. Divorce the encryption
features currently .1x from the authentication/authorization parts. Let me
by a certificate from someone like VeriSign or Digicert that everybody
already trusts, deploy it to may APs or controller, and if you trust them,
you can get an encrypted connection without needing to do anything
different than if you were using a public hotspot. It needs to be just that
easy for end users. No enrollment, no pre-shared key, nothing. All of the
other authorization/authentication things that I want to do (or not do,
depending on things like subnet, MAC/ACL list, etc) can be handled after
the wifi link terminates at the controller or AP.

This is where the WiFi Alliance has the potential to help things. They can
push for inclusion of this ability in the 802.11 standard, and they can
push device makers to have better support for it. They're pull may be
reduced or wifi's early years, but it's not gone yet.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu
wrote:

  I don't know Lee, in my mind is it the device maker's requirements to
 work in both consumer and enterprise environment, or does the enterprise
 wlan market need to figure out how to look more like a consumer wlan? Is
 this a problem EDU's have created because of some desire to provide a
 service that's more complex or invasive to use then it has to be? Is there
 really a need to on-board devices and have them associate using WPA2 Ent,
 or could we support the bulk of our users (especially students) using
 something more consumer friendly?

 Take residential (dorm) wifi as an example. If you had a model with an
 open or PSK-emulated wireless network coupled with location-based service
 filtering, the user gets on with every device out there, and they can see
 their chromecast, appletv, etc. and any others on that AP or 1 adjacent.
 Pretty much gives you the consumer feel.

 Jeff


  On Thursday, January 22, 2015 at 11:47 AM, in message 
 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman 
 lhbad...@syr.edu wrote:

 I know self-promotion is in poor taste, but wanted to share this



 http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718?
 ​


 and encourage anyone of like (or opposing) mind to add comments. I'm told
 that the Alliance is at least reading along, FWIW.


 -Lee


  *Lee H. Badman*
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

In theory, yes. In practice, good luck finding it implemented that way in a
product we can actually deploy, or supported in a product in use by our
constituents.


On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk frnk...@iname.com wrote:

 Isn’t the certificates thing being described something like EAP-TLS?



 Frank




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention

[Coehoorn, Joel]

Not sure I agree with the separate certification idea. Too many of
students will still expect their residences to work with just living room
specification. To many of our faculty expect their classrooms to work that
way.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Jan 22, 2015 at 2:41 PM, Thomas Carter tcar...@austincollege.edu
wrote:

 Well written and definitely on point. Our users think wireless should
 “just work”. Roaming, Dot 1X, etc is a foreign language to them. It works
 at home with their Linksys, why can’t it work here? They think (and
 sometimes say) “the problem must be your wireless network and not my
 wireless device.”



 Thomas Carter

 Network and Operations Manager

 Austin College

 903-813-2564

 [image: AusColl_Logo_Email]



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hinson, Matthew P
 *Sent:* Thursday, January 22, 2015 2:27 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention



 Lee,



 Good write-up. I found myself nodding in agreement frequently as I read
 along.



 The biggest problem I see in the trenches of WLAN administration is a lack
 of knowledge about the Alliance at all. Their marketing has been so
 successful that “Wi-Fi” has become synonymous with 802.11 wireless
 networking. I cannot tell you the number of times a user brings a
 particular device on our network that can’t do .1X or some other critical
 standard. 10/10 times, you can check the Alliance’s database and find out
 that it isn’t certified.



 Of course, when you explain to them that their device isn’t working, they
 immediately default to “Well I’ve never even *heard* of that Wi-Fi
 Alliance thing.”



 TL;DR: I see the biggest problem as people not caring whether the device
 is certified or not, to say nothing of the quality of said certification.



 -Matt



 Matthew Hinson

 CWAP



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
 *Sent:* Thursday, January 22, 2015 2:47 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention



 I know self-promotion is in poor taste, but wanted to share this




 http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718?
 ​



 and encourage anyone of like (or opposing) mind to add comments. I'm told
 that the Alliance is at least reading along, FWIW.



 -Lee



 *Lee H. Badman*
 Network Architect/Wireless TME
 ITS, Syracuse University
 315.443.3003

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It would seem FCC just declared WLAN quarantine features illegal

[Coehoorn, Joel]

. We ask our students to sign a number of agreements when they
matriculate, one of which has to do with being a good net citizen (don't
DDOS our servers or anyone else's, don't download protected content, etc).
They must agree not to use their own APs without the permission of IT*

I'm not sure that covers it. What if Marriott adds similar rules to these
when you sign the check-in papers for your hotel room? What about
non-student guests, who haven't agreed to this and are using a MiFi to
avoid agreeing to any NAC policies?



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Oct 27, 2014 at 4:15 PM, Dave Flynn dfl...@carleton.edu wrote:

 While I agree that this opens up a nasty precedent for commercial
 institutions, I don't think it's a threat to colleges or universities. We
 ask our students to sign a number of agreements when they matriculate, one
 of which has to do with being a good net citizen (don't DDOS our servers or
 anyone else's, don't download protected content, etc). They must agree not
 to use their own APs without the permission of IT*; if they do, we have the
 right to knock them off the network. Generally speaking, we prefer to do
 that by disabling the wall port(s) to which they cannot instead of
 poisoning them from our own APs, but they've agreed to follow our
 guidelines regardless of the mechanism we choose. It's a condition of being
 a student here. The Marriott situation does not apply.

 *Not that they don't try. We have dozens of rogue APs every Fall and it
 takes many hours to clean them up.

 Dave Flynn
 Manager of Systems and Infrastructure
 Carleton College
 507 222 7836 - office
 651 331 6323 - cell

 --
 *From: *Pete Hoffswell pete.hoffsw...@davenport.edu
 *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Sent: *Monday, October 27, 2014 4:05:01 PM

 *Subject: *Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
 quarantine features illegal

 My thought is that the FCC is simply trying to police the ISM band, as
 outlined in FCC part 15 regulations


 http://www.ecfr.gov/cgi-bin/text-idx?SID=d5df6d61f643786c6651653f0942fd73node=pt47.1.15rgn=div5

 The 2.4GHz ISM band is free an open for everyone to use.  If you
 intentionally disrupt transception, well, I think you might be breaking
 some part of part 15.  I've not read part 15, nor could I even begin to
 comprehend it.

 But it gets grey quickly, doesn't it?   If you have a rogue AP on your
 campus, and you mitigate it by sending a spoofed disassociate packet, well,
 are you jamming?

 I'm with Lee.  I think the FCC jumped into a deep pond with this one.  The
 rules are out of date at best.  They need to clarify.








 -
 Pete Hoffswell - Network Manager
 pete.hoffsw...@davenport.edu
 http://www.davenport.edu


 On Mon, Oct 27, 2014 at 4:38 PM, Lee H Badman lhbad...@syr.edu wrote:

  Not so sure I agree- I know that Marriott’s insane fees led to this,
 but the FCC seems to be saying “you can’t touch people’s Wi-Fi, period”
 whether you offer a free alternative or not seems irrelevant. But then
 again, it appears that they issued a decision and were clueless about the
 fact that they created a lot of confusion over features that are built in
 to equipment that they certified for use in the US.



 Lee Badman

 Wireless/Network Architect

 ITS, Syracuse University

 315.443.3003

 (Blog: http://wirednot.wordpress.com)



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Williams, Matthew
 *Sent:* Monday, October 27, 2014 4:32 PM

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
 quarantine features illegal



 I don’t think that there’s a distinction about the location.  My
 understanding is that the issue was that Marriott was jamming the hotspots
 to force people to pay for the hotel provided wireless network.  I don’t
 think that there would have been a lawsuit if the hotel Wi-Fi was free.



 Respectfully,



 Matthew Williams

 Kent State University

 Network  Telecommunications Services

 Office: (330) 672-7246

 Mobile: (330) 469-0445



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Kitri Waterman
 *Sent:* Monday, October 27, 2014 4:25 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] It would seem FCC just declared WLAN
 quarantine features illegal



 Marriott Hotel Services has come to a $600,000 agreement with the
 Federal Communications Commission to settle allegations that the hotel
 chain interfered with and disabled Wi-Fi networks established by consumers
 in the conference facilities at a 

Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this?

[Coehoorn, Joel]

I've found that some Bittorrent clients just do. not. give. up.

You block a torrent, the clients will try, try again, often changing
something in how they send the messages: route over https, exclude certain
peers, etc, and eventually they sometimes find a way around the block.

What I've seen that's most effective in really defeating bittorrent is
throttling/tarpitting the user's traffic: not just bittorrent itself, but
*everything* originating from that internal IP. Send them back to the dial
up era. When the bittorrent traffic stops, their connection returns to
normal within a few minutes.

Students in this situation have figured out pretty quickly that bittorrent
was causing their slowness issues. From the student's perspective,
bittorrent breaks their computer. The great thing here is that it really
does tend to follow that thought process, and the blames tends to be
assigned to the protocol or something wrong with their bittorrent
configuration, rather than with your network. At this point, the behavior
is self-correcting.  If a student does complain, you point them to
bittorrent as a possible factor, and they'll get it soon it enough.

There's some good news/bad news for this approach, though. The good news is
that you don't have to detect every packet from every torrent stream for a
student to have an effective block. The bad news is that some unwanted
traffic still does get through (though usually not enough to offend the
copyright gods), and that there is a risk for small false positives
creating slow connections for innocent users... especially when there are
some legitimate bittorrent uses such as research data, linux distributions,
game updates, etc. I tend to not apply this policy to the population at
large, but only to those who have already tripped a flag somewhere: log
first, find where your torrenters are, and apply the tarpit policy rule to
that group.





  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 8, 2014 at 8:54 AM, Lee H Badman lhbad...@syr.edu wrote:

  We recently started relying on the 5508 AVC capability to block
 Bittorrent, which it seems to do fairly well. But… we are getting an
 increasing number of take-down notices where Bittorrent was used to do
 something, but drilling into the data in PI shows that nothing was detected
 by the WLC  for the activity that led to the take-down. In other words, the
 system doesn’t see the Bittorrent activity.

 We have all three Bittorrent protocols in use
 (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed
 being blocked. But what is getting by is probably sufficient enough that we
 may have to abandon the WLC P2P strategy and go back to an appliance. Has
 anyone been through this, and found anything else to add to the profile to
 help stem the Bittorrent? (We also have the obvious ones like eDonky, etc)

 Thanks-

 Lee

 Lee Badman
 Wireless/Network Architect
 ITS, Syracuse University
 315.443.3003
 (Blog: *http://wirednot.wordpress.com* http://wirednot.wordpress.com)



  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all, Bittorrent- Anyone else seeing this?

[Coehoorn, Joel]

​I use Untangle... but we're a very small school (400 undergrads), so this
won't be the best choice for everyone.​

Again, I also don't run that policy for the population at large. I watch my
logs a little extra close for the first week or three and move students to
the policy group as needed.



  Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Wed, Oct 8, 2014 at 11:12 AM, Bob Williamson bob_william...@aw.org
wrote:

  Joel,



 I am curious what you are using that triggers a throttle/tarpit when
 Bittorent is detected.



 Thanks,

 Bob Williamson
 Network Administrator
 Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org
 D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org

  *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Coehoorn, Joel
 *Sent:* Wednesday, October 8, 2014 8:22 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Cisco WLC AVC- Blocking most, but not all,
 Bittorrent- Anyone else seeing this?



 I've found that some Bittorrent clients just do. not. give. up.



 You block a torrent, the clients will try, try again, often changing
 something in how they send the messages: route over https, exclude certain
 peers, etc, and eventually they sometimes find a way around the block.



 What I've seen that's most effective in really defeating bittorrent is
 throttling/tarpitting the user's traffic: not just bittorrent itself, but
 *everything* originating from that internal IP. Send them back to the dial
 up era. When the bittorrent traffic stops, their connection returns to
 normal within a few minutes.



 Students in this situation have figured out pretty quickly that bittorrent
 was causing their slowness issues. From the student's perspective,
 bittorrent breaks their computer. The great thing here is that it really
 does tend to follow that thought process, and the blames tends to be
 assigned to the protocol or something wrong with their bittorrent
 configuration, rather than with your network. At this point, the behavior
 is self-correcting.  If a student does complain, you point them to
 bittorrent as a possible factor, and they'll get it soon it enough.



 There's some good news/bad news for this approach, though. The good news
 is that you don't have to detect every packet from every torrent stream for
 a student to have an effective block. The bad news is that some unwanted
 traffic still does get through (though usually not enough to offend the
 copyright gods), and that there is a risk for small false positives
 creating slow connections for innocent users... especially when there are
 some legitimate bittorrent uses such as research data, linux distributions,
 game updates, etc. I tend to not apply this policy to the population at
 large, but only to those who have already tripped a flag somewhere: log
 first, find where your torrenters are, and apply the tarpit policy rule to
 that group.








   Joel Coehoorn
 Director of Information Technology
 402.363.5603
 *jcoeho...@york.edu jcoeho...@york.edu*

 The mission of York College is to transform lives through
 Christ-centered education and to equip students for lifelong service to
 God, family, and society



 On Wed, Oct 8, 2014 at 8:54 AM, Lee H Badman lhbad...@syr.edu wrote:

  We recently started relying on the 5508 AVC capability to block
 Bittorrent, which it seems to do fairly well. But… we are getting an
 increasing number of take-down notices where Bittorrent was used to do
 something, but drilling into the data in PI shows that nothing was detected
 by the WLC  for the activity that led to the take-down. In other words, the
 system doesn’t see the Bittorrent activity.



 We have all three Bittorrent protocols in use
 (Bittorrent/encrypted/network), and can tell that most Bittorrent is indeed
 being blocked. But what is getting by is probably sufficient enough that we
 may have to abandon the WLC P2P strategy and go back to an appliance. Has
 anyone been through this, and found anything else to add to the profile to
 help stem the Bittorrent? (We also have the obvious ones like eDonky, etc)



 Thanks-



 Lee



 Lee Badman

 Wireless/Network Architect

 ITS, Syracuse University

 315.443.3003

 (Blog: http://wirednot.wordpress.com)







 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found

Re: [WIRELESS-LAN] Wireless lighting controls, etc

[Coehoorn, Joel]

Funny how things just come together sometimes. I also saw this today:

https://www.youtube.com/watch?v=egIY7ushchU


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Tue, Sep 30, 2014 at 12:28 PM, Jason Watts jwa...@pratt.edu wrote:

 Lee,

 Aside from Lutron and Crestron, which I believe both have equipment which
 operates in the low Mhz range (200-400), I've heard of Enocean which has
 offerings in both 300 and 900Mhz range and uses energy harvesting with some
 of its switches and components so that they are non-wiring dependent.

 Here is a link to what they are terming their wireless ISO/IEC standard:

 http://www.enocean.com/en/enocean-wireless-standard/

 We looked at them when Facilities was shopping around to upgrade some
 lighting systems. Haven't seen any of their gear in operation yet.

 --
 Jason Watts
 Pratt Institute, Academic Computing
 Senior Network Administrator


 On 9/30/2014 10:11 AM, Lee H Badman wrote:

 My cynical side thinks I know the answer already, but let my cast my net
 anyways…
 Has anyone found or been involved with any sort of lighting/sound
 controls that have wireless componentry and work well with enterprise
 WLAN?
 Thanks-
 Lee
 Lee Badman
 Wireless/Network Architect
 ITS, Syracuse University
 315.443.3003
 (Blog: _http://wirednot.wordpress.com_)
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iOS 8 drops tomorrow

[Coehoorn, Joel]

This is kind of a side issue, but it's not just the OS itself. An iOS
update tends to bring a lot of app updates along with it. I just opened my
iPad and had 16 apps wanting to update. A couple days ago it was another 8,
with 1s and 2s more than usual at other times over the last couple weeks.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Thu, Sep 18, 2014 at 9:29 AM, Matt O'Brien mattobr...@boisestate.edu
wrote:

 It looks like the space requirements for the IOS update to 8.0 kept a high
 percentage of devices from being able to get the update. Lots of upset IOS
 device owners on our campus, especially the ones with 16GB IOS devices.
 Looks like the update requires roughly 4.4GB of space before it will allow
 the device to download the update.

 Matt,

 On Thu, Sep 18, 2014 at 8:06 AM, Craig Eyre ce...@mtroyal.ca wrote:

 We didn't notice an out of control increase like iOS 7 but I did note
 that my phone didn't prompt me for the update, I had to go into the
 software update area and look for it. This might have kept the bandwidth
 down or it could be just my phone :)


 Craig

 On Thu, Sep 18, 2014 at 6:44 AM, Peter P Morrissey ppmor...@syr.edu
 wrote:

  Same here. Overall traffic peaks were higher, but our base levels grow
 quite a bit every year, so I would say the percentage of increase wasn’t as
 high as last year, but the traffic increase was significant. We saw peaks
 on our Internet connection of about a gig higher than normal for time of
 day but they were well within our burstable limit, and another gig or so
 increase in Akamai traffic. This persisted on and off until around midnight.



 Pete Morrissey



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jason Wang
 *Sent:* Thursday, September 18, 2014 12:24 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 We didn't see as sharp of an increase for this, but overall traffic
 reached about the same level for us on iOS 8 as it did last year for iOS 7.

 This is what we saw for iOS 8:
 [image: ios8_20140917]


 And this is what we saw for iOS 7 last year:
 [image: ios7_20130918]


 Jason


  On 9/17/14, 3:32 PM, Entwistle, Bruce wrote:

 We have not seen as significant of an increase in traffic with the iOS 8
 release as we did with the iOS 7 release.



 Bruce Entwistle

 Network Manager

 University of Redlands



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Peter P Morrissey
 *Sent:* Wednesday, September 17, 2014 11:38 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 Thanks Lee for digging up the link for Akamai signup.



 The Akamai caching definitely kicked in for us, offloading up to over a
 Gig’s worth.



 If you look at a graph of our Internet traffic versus Akamai server
 traffic (don’t know if they’ll come through the listserv) you can see that
 our Internet traffic took a little jump right at 1:00 PM, but then settled
 down to normal levels when the Akamai server traffic spiked up, taking over
 the load. Overall though, so far today, the traffic levels from IOS8
 haven’t been too bad. Maybe we’ll see more when the kiddies get out of
 class.



 Pete

 *`Daily' Graph (5 Minute Average) Internet *

 [image: day]

 *Max*

 *Average*

 *Current*

 *In*

 3924.1 Mb/s (39.2%)

 1843.2 Mb/s (18.4%)

 3296.3 Mb/s (33.0%)

 *Out*

 615.0 Mb/s (6.2%)

 323.8 Mb/s (3.2%)

 420.6 Mb/s (4.2%)





 *`Daily' Graph (5 Minute Average) Akamai*

 [image: day]





 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Peter P Morrissey
 Sent: Wednesday, September 17, 2014 2:09 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 Hi John,

 Don't have link handy but I'll ask their support.

 Pete



 -Original Message-

 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Center

 Sent: Wednesday, September 17, 2014 1:57 PM

 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

 Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 Hi Pete,



 Do you have a link for Akamai?  After reading this, I tried to find out
 where to apply, but I couldn't find it.



 Thanks.



 -John



 On 09/16/2014 03:20 PM, Peter P Morrissey wrote:

  We have one and it helped us tremendously for the Apple event last

  week, about a gig worth of 

Re: [WIRELESS-LAN] guest wireless

[Coehoorn, Joel]

I will admit to having a completely open guest network. We don't even
require a terms of service click-through, and it's not encrypted. We do
have some strict throttling for file sharing/p2p traffic, and I have some
decent auditing capabilities, so I can track down violations and restrict
them later if needed, but that's about it. We do the same throttling and
auditing on the regular network

Our Admissions and Advancement offices *love* this: a candidate or guest
comes on campus, and their device just works: never any 802.1x issues,
never a problem with sponsorships or authentication. We're in a residential
neighborhood, but I've learned not to worry about neighbors using our wifi:
it's really a drop in the bucket. No one uses bandwidth like a college
student uses bandwidth, and as I'm one of those who live just across the
street, I can testify that leeching wifi from the college is a horrible
personal wifi experience (also: before I came here and I had an hour long
commute, and I can say that walking across the street to get to your office
is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted
option, and the vast majority do on their laptops now, and some on their
phones, but students love the open network for things like smart TVs,
blu-ray players, etc. They feel this makes our network *better*. We have
some game consoles on the open network, but Residence Life encourages
students to plug those into a wired port (even providing cat5 cables at
times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be a hotspot
for any neighbors or people wandering by. We want to be part of the
community, and welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never
had a request for data. This may some day force us to make a policy change,
but in the meantime, I'd have a revolt on my hands if I ever tried to do
away with the open SSID.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu jcoeho...@york.edu*




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie fair...@rider.edu wrote:

 That's interesting Heath. What's the reasoning behind the exclusion period?


 On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
 heath.barnh...@washburn.edu wrote:

  We have an open guest network, however, you do have to register with a
 name, email, and phone number. Guests have 3 days of access followed by a 3
 day exclusion period were the device is not allowed on the network. Access
 is restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't
 throttle the bandwidth.

   --
 Heath Barnhart
 ITS Network Administrator
 Washburn University785-670-2307



   On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:

 I am looking for information on what people do with guest wireless.  Do
 you have open wireless on your campus?  Do you have a password that
 everyone knows?  Do you create special passwords for groups?  Any
 assistance would be helpful.



 Thank you



 m



 [image: Description: MU Arches]

 Mark Reboli

 Network/Telcom Manager

 Misericordia University

 (570) 674-6753




  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi

[Coehoorn, Joel]

I think most of all, they wouldn't like the results even if the wireless
worked. I imagine instructors will at some point expect to be able to
mirror a single device to all twelve screens at once, so they all show the
same thing, and I don't believe that Apple's AirPlay will work that way.
It's my understanding that if they have 12 Apple TVs, they'll need to be
running 12 separate iPads/iPhones/Macs to take advantage of those screens.
If that's what they want to do, that's one thing... but somehow I don't see
it being used that way. It seems much more likely that what they really
want is one AppleTV connected to a redistributor that will show a single
instructor's iPad across all 12 screen with only one connection, or if you
have a good enough controller system, just those screens that the
instructor selects.

Now, about the wireless actually working... hahahaha, how cute. What you
could do is run a network drop for each AppleTV, and make sure the wired
network drop gets an address from your wireless range, or is exposed to
your wireless range via a bonjour gateway. That would at least take a lot
of the traffic out of the rf space.



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Jan 15, 2014 at 10:37 AM, Hurt,Trenton W. trent.h...@louisville.edu
 wrote:

 Of the folks who are allowing users to do bonjour services over wifi.
  Either thru native multicast , or the enhancements from the various wifi
 vendors. Has anyone noticed spectrum issues in dense classrooms?  I have a
 department who is proposing 12 screens with 12 apple tvs in room with 180
 seats and I'm can't see how this can work given the crowded spectrum in
 large seat rooms.  Has anyone tried multiple apple tvs in the same room
 with multiple users mirroring different content simultaneously ?

 Sent from my iPhone
 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD wifi

[Coehoorn, Joel]

I've been **very** happy using AirServer (www.airserverapp.com) instead of
AppleTVs for mirroring. The software installs to a PC or Mac, and allows
the computer to act as an AppleTV. It even supports multiple-simultaneous
connections and recording(!) - (recording is currently Mac only, coming
soon for PC). What connected classroom doesn't already have a PC or Mac
where you could just install this program? And it's only $4 per classroom.
That's not a typo.

The downside is that this does make demands on your network... namely, that
your classroom PCs be on the same subnet as your wireless devices, or that
you complete the same kind of mDNS gateway setup for the classroom computer
that you would have needed to do for an AppleTV.

I know this sounds a bit like an advertisement, but I'm just a *very* happy
customer. We started a pilot with 12 real AppleTVs in the summer/early fall
of 2012, and within a few weeks of discovering this we had ripped all of
the AppleTVs out and deployed this campus-wide, for less than the smaller
pilot program cost.

The software can be set to run all the time, or start on demand, though
either way the user must be logged into a PC before it will accept a
stream. I've found it works best when started on demand... this cuts down
on the number of classrooms that show available for mirroring from the
iPad, making it easier to find what you're looking for, and it also solves
the issue of a random student or passerby interrupting a lecture already
using the computer by kicking off a stream. Also, there was a bug for the
PC version back in 2012 (since fixed) with running as a service, so that's
just part of the deployment we have now.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Jan 15, 2014 at 10:33 PM, Jason Cook jason.c...@adelaide.edu.auwrote:

 Hi James,

 You are right it doesn't do mirroring as such for IOS.  The mersive guys
 are pretty helpful, if you are interested it would be worth having a chat
 with them anyway, they might be pushing for such a feature in the future.

 As you say ultimately it's about choosing something that fits your
 requirements, IOS mirroring wasn't on our list as required but certainly
 nice to have... I'm sure it's only a matter of time until the requests pour
 in.  I believe we are also looking at a couple of AB tutor licenses, don't
 know if this has anything of use https://abtutor.com/ios_features

 Regards

 Jason

 --
 Jason Cook
 The University of Adelaide, AUSTRALIA 5005
 Ph: +61 8 8313 4800
 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au


 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Andrewartha
 Sent: Thursday, 16 January 2014 2:54 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Apple TV display mirroring spectrum use in HD
 wifi

 Hi Lee,

 On 16/01/14 12:07, Lee H Badman wrote:
  Not sure what you're looking at, but AppleTV has nothing to do with
 Mersive. I'm not trying to sell their stuff, just quite fond of it after
 the frustrations of what the network needs to have done to it (bigger
 networks are worse) for AppleTV.

 I was looking at the Solstice datasheet [1] which seems to indicate it
 doesn't do AirPlay on its own.

  I see TCO of AppleTV as $99 (for AppleTV) + lots of hours dorking with
 the network + lots of support issues when it becomes a service so relied on
 that it simply can't tolerate almost-guaranteed disruption/unpredictability
 + time spent trying to accommodate non-Apple devices = AppleTV actually
 costs hundreds (or thousands) of dollars and leaves you with a network
 you'd probably prefer not to have, and a fragmented what device can do
 what environment for diplay mirroring.

 Absolutely, you have to determine whether it's worth it, for Apple TVs or
 Solstice. I'm just trying to determine feature compatibility - from what I
 can tell, the Solstice app [1] can only play media files or view webpages,
 it's not true iOS display mirroring and so doesn't solve the what device
 can do what environment. Perhaps that's all your classes need, but not
 being able to mirror other iOS apps makes it a non-starter for our
 requirements.

  I like the Mersive paradigm as an alternative- it asks nothing of the
 network. Although I'd still like to see Apple fix their own limitations.

 Sure, I wish you could drop Apple TVs into a directory like printers
 (though AirPrint indicates that's going away too) and just choose from a
 list. Actually, you can with the latest MDM stuff [3], but then you're
 having to push configuration to the device. Bonjour even supports wide-area
 DNS-SD, just the Apple TV doesn't for what appears to be pandering to 

Re: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifi

[Coehoorn, Joel]

Through contacts at my alma mater, I know they were doing what you describe
until this year. This is their first year with a managed wifi deployment. I
don't know how happy they are with the new system, but I can tell you they
had a lot of complaints under the old method.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Dec 13, 2013 at 11:36 AM, Barros, Jacob jkbar...@grace.edu wrote:

 I didn't think this topic would generate that much buzz.  Thank you all
 for your feed back.  Allow me to jump tracks here and and throw out a
 concept that may seem heretical.

 In res halls, has anyone provided ONLY wired connections and allowed
 students to bring in their own router(s).  From a managed perspective,
 there are several reasons why it's a bad idea.  However I cannot shake the
 notion that with proper education, the rewards might outweigh the risks.

 To me, the target reward is that the student receives the level of service
 they want where they want it.  The user can chose what device is desired
 and upgrade as they see fit and the technology is always current.  IT would
 help with best practices, education and limited support but the student is
 ultimately responsible.

 I would really like to pitch this for an apartment style dorm that is
 being built.  Does anyone think this model can work?




 Jake Barros  |  Network Administrator  |  Office of Information Technology
 Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifi

[Coehoorn, Joel]

I forgot to add: that institution is about 5000 residential undergrads,
about 12 residence halls, and about 40/60 apartment vs dormitory.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Dec 13, 2013 at 11:38 AM, Coehoorn, Joel jcoeho...@york.edu wrote:

 Through contacts at my alma mater, I know they were doing what you
 describe until this year. This is their first year with a managed wifi
 deployment. I don't know how happy they are with the new system, but I can
 tell you they had a lot of complaints under the old method.


   Joel Coehoorn
 Director of Information Technology
 York College, Nebraska
 402.363.5603
 jcoeho...@york.edu



  *The mission of York College is to transform lives through
 Christ-centered education and to equip students for lifelong service to
 God, family, and society*



 On Fri, Dec 13, 2013 at 11:36 AM, Barros, Jacob jkbar...@grace.eduwrote:

 I didn't think this topic would generate that much buzz.  Thank you all
 for your feed back.  Allow me to jump tracks here and and throw out a
 concept that may seem heretical.

 In res halls, has anyone provided ONLY wired connections and allowed
 students to bring in their own router(s).  From a managed perspective,
 there are several reasons why it's a bad idea.  However I cannot shake the
 notion that with proper education, the rewards might outweigh the risks.

 To me, the target reward is that the student receives the level of
 service they want where they want it.  The user can chose what device is
 desired and upgrade as they see fit and the technology is always current.
  IT would help with best practices, education and limited support but the
 student is ultimately responsible.

 I would really like to pitch this for an apartment style dorm that is
 being built.  Does anyone think this model can work?




 Jake Barros  |  Network Administrator  |  Office of Information Technology
 Grace College and Seminary  |  Winona Lake, IN  |  574.372.5100 x6178
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] It's that time again... wireless printers/projectors- enterprise WLAN security?

[Coehoorn, Joel]

If you're talking campus-owned devices, I (thankfully) haven't had a need
to do this yet. Hopefully it stays that way, though I'm kind of expecting a
request for this for the Spring new student check-in line (I'll be watching
other responses for someone to suggest a model that works well).

If you're talking student devices, I still feel like the best answer is to
make available a strong printer gateway solution via a product like
PaperCut, and heavily promote this option while at the same time
discouraging students from bringing any printer at all, even the wired
variety.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Mon, Dec 2, 2013 at 11:37 AM, Frank Sweetser f...@wpi.edu wrote:

 I've noticed recently a few printers have actually shipped with zero
 hardwire connectivity of any kind - no ethernet, no USB, nothing.  This
 lends support to my ongoing theory that, for the most part, printer
 manufacturers view wireless not as a general networking connectivity, but
 as a drop-in replacement for those pesky USB cables that are never quite
 long enough.  I strongly suspect that until someone makes the rounds with a
 large bat with ENTERPRISE WIFI spelled out in nails on one end, the
 situation isn't likely to change.

 Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
 that
 Manager of Network Operations   |  is simple, elegant, and wrong.
 Worcester Polytechnic Institute |   - HL Mencken


 On 12/2/2013 11:23 AM, Lee H Badman wrote:

 Hello to the group. Has been a while since I last looked and got
 frustrated
 _http://wirednot.wordpress.com/2013/03/01/hey-printer-
 makers-you-realize-that-its-2013-right/_

 so throwing it out there in case anyone on the list has found devices that
 have caught up with the times.
 The question: has anyone found- and put into service- a business-grade
 printer
 with a wireless interface that will do 802.1x auth and WPA2 encryption (no
 preshare security stuff)? Same same for projectors, but printers are the
 more
 interesting paradigm for my use case right now.
 Thanks,
 Lee Badman
 Syracuse University
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.1x vs web-portal

[Coehoorn, Joel]

rantWhat I really want to provide is an HTTPS-like experience for my
users that just works: an SSL layer that doesn't care who you are, but
still provides meaningful encryption for the last 50 meters where your
traffic is moving through the air for anyone nearby to snoop.

I'm annoyed that so many encryption solutions are coupled to
authentication. The two don't need to be linked. You don't have to log into
an https site to get encrypted traffic, and you shouldn't have to log into
a wifi network to get encryption either.

My ideal scenario is that someday I'll be able to install the same wildcard
ssl certificate that we purchase for our web sites to each access point or
at a controller, change a setting for an SSID to use this certificate for
encryption, and as long the certificate is from a well-known/reputable
vendor, user devices will just work.

I include guest devices in this category. I want someone -- anyone, but
especially visiting admissions candidates --- to be able to turn on their
device for the first time and have the experience be easy: no capture, no
guest registration, no prompt to agree to terms of service, just choose the
SSID and they're online.

Sure, I could use a shared key scenario and just publish the key, but
that's not the same thing. If anyone knows the key, anyone can decrypt the
traffic, and it still requires an extra step to get online.

I honestly couldn't care less about the authentication part of this. I
don't need to know right away that it was Jane Smith's computer committing
whatever nefarious deed. The immediate reaction to that kind of thing is
the same regardless of the name of the person behind it. As long as I can
target a MAC address or have reasonably static IP addresses (I do), I'm
happy enough using a captive portal rule on a specific machine after the
fact to identify a user for those times when enforcement issues come up.
College-owned machines here do log user names all the time, so it's just
student-owned devices where this is necessary.

Sadly, I don't believe this kind of wifi exists today. Certificate-based 1x
comes close, but the need to install/configure devices with a supplicant
breaks it. I would settle for 1x, if I could count on it working for my
students. Personally, I place blame on the WiFi Alliance, certifying
devices that don't work for this feature as well as they should.

Currently, we're working to provide two WiFi options: one that's completely
open (and I mean completely), and one that uses 1x and prompts for a user's
Active Directory login. Anyone can walk on campus and get online at a basic
level. Really. I don't care. Guest (and even neighbor) use is a drop in the
bucket compared to what our regular students demand. But if you need
encryption you'd better hope the site or service supports https. We
encourage students to use the 1x SSID whenever they can, and try to educate
about the importance of encryption. *Most don't care*, and choose the open
network, but at least the option is open to them./rant




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Nov 20, 2013 at 8:54 AM, Ian McDonald i...@st-andrews.ac.uk wrote:

 Isn't that really a client supplicant issue though? You can send back a
 reason for authfailure, and then the client could prompt for a replacement
 password.

 --
 ian
 -Original Message-
 From: Fleming, Tony
 Sent:  20-11-2013, 14:22
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal

 I can tell you we use dot1x here with AD credentials and it doesn't lend
 itself to a good end-user experience. Our security policy requires password
 expiration after 60 days. When a student's password expires we see an
 increase of wireless related complaints (typically blaming the
 performance/signal of the wireless network) not realizing their password
 has expired and new credentials need to be applied in their wireless
 profile.
 The other AD credential issue we have is related to lock-out. If a student
 mistypes his/her password to lock-out their account all of their devices
 stop connecting to the wireless network.

 Having said that, we are eyeing certificate based 802.1x. Not having a lot
 of experience with PKI we are trying to gauge the effort level of
 deployment.
 Not trying to highjack the thread here - but I am curious if anyone has
 some real world experience spinning-up a PKI (from scratch) using CloudPath
 with certificates. What is the effort level?

 Tony

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
 Sent: Wednesday, November 20, 2013 1:30 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal

Re: [WIRELESS-LAN] 802.11 2.4G and XBox

[Coehoorn, Joel]

Frank, how did you determine the defective device?


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Nov 1, 2013 at 11:58 AM, Frank Sweetser f...@wpi.edu wrote:

 The last time I found that situation, it turned out that the game device
 itself was defective, just not in a way that affected gameplay. None of the
 other units in the building were nearly as loud.

 The building in this case was a Greek house, so I simply informed them of
 the cause of their troubles and let them figure it out themselves.
 --
 Sent from my Android device with K-9 Mail. Please excuse my brevity.


 Jonathan Brockmeier bro...@hope.edu wrote:

 We are seeing high channel utilization in one of our dorms and users are
 complaining about slowness.  Looking at the channel utilization, it seem
 that the XBox console-controllers are using quite a bit of the frequencies
 (all three main channels) and a decent duty cycle (upto 50%.)

 In a residential student environment, is the only solution to suggest
 they use 802.11 5G?

 Jonathan Brockmeier
 Hope College
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless NAT Tools for tracking DMCA reports

[Coehoorn, Joel]

We shape bittorrent connections, rather than outright block them. More than
that, we shape the entire connection for the internal IP behind the traffic
using a penalty box approach. All connections with bittorrent traffic are
sent to a common pool that caps combined use to at most 6% of our total
bandwidth. The 6% number was arrived at via trial and error, and it needs
to be adjusted from time to time. The result is that the internet works for
torrent users... but... it's... very... slow... The goal is to be similar
to an old dial-up connection. Ninety minutes later, the block expires and
things are fine for that connection again. If you have something that you
*really* need (or more often, want), and the only way to get it is via
torrent, you can do that... but there's a cost.

Needless to say, this is coupled with an informational campaign for new
students when they arrive, and reminders at the beginning of each term, and
additional reminders when users begin frequently showing up in the logs for
the feature. I've found this is *more* effective than an outright torrent
block.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Mon, Oct 7, 2013 at 10:26 AM, Michael Horne michael.ho...@olin.eduwrote:

 Here at Olin College.

 ** **

 We have bittorrent blocked via the application on our Palo Alto firewalls.
 So it is just the P2P application “bittorrent”.

 We also use a Procera for bandwidth management and do not have an issue
 with games that use the tech as they are defined differently in both
 applications appliances.

 So far so good, had a couple of students ask about it but once informed to
 the why (DMCA  RIAA) complaints. Have not heard much more over it in the
 years time since we blocked bittorrent out right.

 ** **

 Student resident halls get to use 40% of the overall bandwidth for
 residential wired connections.

 Wireless is also restricted but only for high bandwidth applications like
 steam downloads. Not unusable but enough to get the job done without
 killing wireless for the entire community.

 ** **

 ** **

 Michael Horne

 Network Engineer

 Olin College of Engineering

 1000 Olin Way, Milas Hall, Suite LL18

 Needham, MA 02492

 1-781-292-2438

 ** **

 ** **

 ** **

 ** **

 ** **

 ** **

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Voll, Toivo

 *Sent:* Monday, October 07, 2013 11:11 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Wireless NAT  Tools for tracking DMCA
 reports

 ** **

 For those institutions that are blocking P2P – do you have resident
 students/staff/faculty, and how are they taking it? There seem to be are a
 fair bit of applications that use P2P protocols, such as Blizzard’s update
 service, and I just ran into ASUS distributing driver downloads that way
 (as an alternative option to direct download). What other, if any,
 restrictions do you place on residential Internet use?

 ** **

 --

 Toivo Voll

 Network Engineer

 Information Technology Communications

 University of South Florida

 ** **

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUWIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 *On Behalf Of *Lee H Badman
 *Sent:* Wednesday, October 02, 2013 2:02 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Wireless NAT  Tools for tracking DMCA
 reports

 ** **

 Block all P2P. Helps out greatlyJ

 ** **


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Alternatives to Bonjour

[Coehoorn, Joel]

There are a few:

Miracast, Wi Di, Wifi Direct all come to mind.

It's betamax vs vhs or hd-dvd vs blu-ray all over again, and it's even more
complicated because using any of those with an Apple product just won't
happen. I suspect hell will freeze over before Apple supports any of them
for mirroring iPads, and that seems to be what's driving this.



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Wed, Aug 28, 2013 at 12:18 PM, Chanowski, John 
john.chanow...@utoledo.edu wrote:

  Does anyone know of an apparatus/application that allows
 mirroring/streaming to a TV screen wirelessly that does not depend on
 Bonjour or equivalent protocols and instead relies on more enterprise
 friendly protocols? Does anyone know if anything like this is being
 developed?
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] [Off-Topic] Computer Labs

[Coehoorn, Joel]

Labs aren't going away entirely, but the last time we renovated a lab space
we didn't put in any computers. We added tables with power modules in the
surface for kids to plug in their own laptops, and printers connected via a
PaperCut page where students can upload documents to print. The students
absolutely love this.  I'm hoping to add a terminal services install to set
up a virtual lab that will allow students using these spaces to have
access to college-specific applications. I see us adding more spaces like
this in the future.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Fri, Aug 23, 2013 at 8:04 AM, Hall, Rand ha...@merrimack.edu wrote:

 In a day when all students have a computer, we're still providing plenty
 of labs. Students want them because, we know the college computers will
 work when we need to write a paper. It's almost like they treat their PCs
 like disposable burners or something :-)


 Rand

 Rand P. Hall
 Director, Network Services askIT!
 Merrimack College
 978-837-3532
 rand.h...@merrimack.edu

 If I had an hour to save the world, I would spend 59 minutes defining the
 problem and one minute finding solutions. – Einstein


 On Wed, Aug 21, 2013 at 4:56 PM, Eric T. Barnett ebarn...@astate.eduwrote:

 We have a new Liberal Arts building that is currently in construction.
 The floor plans aren't quite nailed down yet but there was something on the
 current plans that made me wonder. There's no less than six computer labs
 in the building. Seeing that we make all of our Freshmen buy iPads and that
 laptops are super cheap nowadays, I was wondering just how useful computer
 labs are now/will be in the next two years or so. Getting rid of most or
 all of those labs would cut down on costs considerably. I've heard of some
 colleges dumping computer labs as they seem to be needed less and less as
 users have more and more tech available cheaply. What's your take?

 Regards,

 Eric Barnett
 Senior Network Engineer/Wireless Administrator
 Information and Technology Services
 Arkansas State University
 (870) 680-4243
 http://wireless.astate.edu




 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLAN engineer responsibilities

[Coehoorn, Joel]

Don't forget reporting.


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Tue, Jul 30, 2013 at 2:10 PM, Nathan Hay np...@winwholesale.com wrote:

 I have and do support specialized wireless devices, often times extending
 beyond the wireless part, all the way to the complete device.  Previously I
 supported medical simulation equipment, currently I support Symbol/Motorola
 barcode scan guns all the way to the management/inventory/repair of the
 devices and the configuration of the application we use on them.

 Beyond design, I manage our wireless physical installs (and sometimes do
 them myself).

 Hope that helps.

 Nathan Hay
 Network Engineer | NOC
 WinWholesale Inc.
 888-225-5947



 From:   Wright, Don donald_wri...@brown.edu
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU,
 Date:   07/30/2013 03:02 PM
 Subject:[WIRELESS-LAN] WLAN engineer responsibilities
 Sent by:The EDUCAUSE Wireless Issues Constituent Group Listserv
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU



  If some of you are fortunate enough to have a FTE wlan
 specialist/engineer (we don't), I'm curious as to what duties typically
 fall under their responsibility.  I'm thinking along the lines of the
 following:

 Wireless network and infrastructure design
 Security design and IDS configuration and monitoring
 Escalation support for technical issues
 New version and feature testing and validation
 Visual floor plan updates
 Access point design and placement for new and updated buildings

I'm sure this just scratches the surface for some wlan engineers out
 there, so what other wlan related tasks and responsibilities typically land
 in your lap?

 Thanks in advance.
 Don Wright
 Brown University



 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



 *
 This email message and any attachments is for use only by the named
 addressee(s) and may contain confidential, privileged and/or proprietary
 information.  If you have received this message in error, please
 immediately notify the sender and delete and destroy the message and all
 copies.  All unauthorized direct or indirect use or disclosure of this
 message is strictly prohibited.  No right to confidentiality or privilege
 is waived or lost by any error in transmission.

 *

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Powerline ethernet as uplink to an outdoor access point

[Coehoorn, Joel]

I looked into this about a year ago, and found that it would not work on
our campus, but the way our lights are set up the lines to the lights are
not hot when the lights are off. There is no switch in our lights: if
there's power, the light is on. If there's no power, the light is off. I
could put a powerline adapter in, but it would only work from late evening
to early morning. But that's just how our lights are set up, and ymmv


  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*



On Tue, May 28, 2013 at 4:49 AM, Harry Rauch rauc...@eckerd.edu wrote:

 We used such a connection for a short term linkage - less than six months
 - and it worked well. The limitation was the speed of the powerline linkage.



 On Mon, May 27, 2013 at 4:11 PM, Adam Forsyth forsy...@luther.edu wrote:

 Has anyone tried to use a powerline ethernet product as a backhaul to an
 outdoor wireless access point?  The thought crossed my mind today that that
 might be a possibility.  The remote AP can be powered by a light pole and
 electrical service to that light comes from a breaker inside one of our
 buildings.  If the uplink came from the same place the power does, that
 would make the installation a lot simpler I think.  Now that I've had the
 idea, I wonder...is this a good idea or a bad idea?
 --
 *Adam Forsyth*
 Director of Network and Systems
 Luther College
 Library and Information Services
 *
 700 College Drive
 Decorah, IA 52101
 563-387-1402
 *
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.




 --
 Harry Rauch
 Network Analyst
 Eckerd College
 4200 - 54th Ave So
 St. Petersburg, FL 33711
 727-864-8318
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless in Residence Halls

[Coehoorn, Joel]

We're looking into a wall-box form factor for our access points. Something
along the lines of one of these:

http://www.ruckuswireless.com/products/zoneflex-indoor/7025
http://www.extremenetworks.com/products/altitude-4511.aspx
http://www.panoptictechnology.com/smart-room-network-jacks/

They're designed to fit into a traditional electrical wall box (like the
one that's probably already there for an existing network drop) and they
provide a passthrough port, so a student can still plug in a wired device
like an xbox without messing the functional parts of the AP. The student
may not even know there's an access point there.

This won't work for everyone, since the big Aruba/Cisco players don't have
this form factor. We're small enough we don't even have a controller and
use fat APs. But I thought this was still worth mentioning for those with
mixed environments or anyone using Ruckus or Extreme.. As a side note: is
anyone else eager for a common AP/Controller interaction standard, to be
able to bring one vendor's access points to another's controller?



  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu



 *The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society*




On Wed, Dec 19, 2012 at 10:16 AM, Lee H Badman lhbad...@syr.edu wrote:

 To that point- I have had to hit manual override on the fabled RRM
 algorithm in spots where the APs influence each other to the detriment of
 the clients. Typically amounts to setting a new min power level that the
 APs are not allowed to go below, and occasionally going old-school setting
 fixed power. I find the auto power/channel thing to be good, but not above
 reproach.





 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of phanset
 Sent: Wednesday, December 19, 2012 11:10 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Wireless in Residence Halls

 David,

 Let me add that we cover between 5 to 6 students per AP (we stagger APs
 between floors), and when an AP goes down,
 we rarely receive a complaint since there is enough overlap between APs.
 So we can take some time to fix the problem (referring to the room access
 issue).

 As Larry mentioned, we used to have many complaints with our hallway 2.4
 GHz design, we have almost none with our bedroom 5 GHz design.
 The cost is different of course!

 BTW, good luck to have a decent coverage at 5 GHz if you plan to cover
 from the hallway. The attenuation is atrocious!
 It is hard to reach the room, and APs see each other in the hallway
 forcing the RADIO algorithm to reduce power.
 (at least with the kind of buildings that we have at UTK)

 Best,

 Season's Greetings,

 Philippe
 www.eduroamus.org

 On Dec 19, 2012, at 10:30 AM, Jennings, Larry W ljenn...@utk.edu
 wrote:

  David,
  During the spring and summer of 2012, the University of Tennessee
 Knoxville campus upgraded wireless in the dorms.  We had b/g AP's in the
 dorm hallways and the wireless complaints were a constant reminder that we
 had to do something.  We removed the AP's from the hallways and placed AP's
 in some of the dorm rooms, taking one of the wired ports for an AP.
  Overall, we went from around 600 AP's to 1600 AP's and to 802.11n
 throughout in the process.  We've had very few calls where students have
 messed with the AP's.  For rooms that we had to use one of the wired ports,
 we allow a small switch to be installed upon request.  But we haven't seen
 many requests for that.
 
 
  lj
 
 
  Larry Jennings
  IT Manager - Network Services
  The University of Tennessee
  2309 Kingston Pike Bldg.
  Knoxville, TN 37996
  Phone: 865.974.1619
  Email: ljenn...@utk.edu
  SIP: ljenn...@utk.edu
 
 
 
  -Original Message-
  From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Robertson
  Sent: Wednesday, December 19, 2012 8:37 AM
  To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
  Subject: [WIRELESS-LAN] Wireless in Residence Halls
 
  We are looking at how we install wireless in our Residence Halls for
 coverage.  Currently we only place access points in the hallways, but are
 looking at moving them into the rooms for better coverage. We were
 wondering if anyone else has put the access points in the rooms and if they
 have seen a reduction in wireless complaint or if there have been issues
 with students playing with or disconnecting the access points.
 
  David R.
 
  --
  David Robertson
  Service Delivery Manager
  Network Engineering Technology
  George Mason University
  Voice: 703-993-2443
  Fax: 703-993-3505
 
  **
  Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.
 
  **
  Participation 

Re: [WIRELESS-LAN] Apple TV's (Again).

[Coehoorn, Joel]

The solution at York College for AirPlay was to publish software that
supports AirPlay mirroring to the classroom computers. This won't work for
everyone, because it requires the ability to make sure an iPad is on the
same subnet as the wired machine in the classroom, but at least we have
more control over the computer. We've been very happy with the result so
far. If anyone's interested, we used AirServer (www.airserverapp.com). At
only $4 per machine, it's also way more cost effective than an AppleTV.

On Wednesday, December 5, 2012, Chris Murphy wrote:

 I'n with Neil, in many ways just being able to specify the hostname or IP
 address of a Apple TV or a printer would be a fine solution, and possibly
 preferable to some sort of Bonjour workaround.

 -Chris

 On Dec 5, 2012, at 3:29 PM, Johnson, Neil M neil-john...@uiowa.edu
 wrote:


  I've been following the traffic over on the mdnsext mailing list and
 there hasn't been any significant traffic since 11-15-2012.

  While I'm all for going through the standards process to establish a
 long-term permanent fix for Bonjour/AirPlay in Enterprise environments, it
 will be probably take several months to years (if there is a solution that
 meets everyone's needs) before there is one and I need something I can use
 now (or at least in the next 3-6 months).

  Simply having a way to enter the DNS name or IP address of the target
 Apple TV device seems the simplest solution.

  Do we need to push Apple again as group to come up with an interim
 solution ?

  -Neil


   --
 Neil Johnson
 Network Engineer
 The University of Iowa
 Phone: 319 384-0938
 Fax: 319 335-2951
 Mobile: 319 540-2081
 E-Mail: neil-john...@uiowa.edu

** Participation and subscription information for this
 EDUCAUSE Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


  ==
 Chris Murphy
 Sr. Manager, Network Operations and Unified Communications
 MIT Information Services  Technology
 Room W92-190
 77 Massachusetts Avenue
 Cambridge, MA  02139
 ch...@mit.edu
 617-253-4105



 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless AP Tripods

[Coehoorn, Joel]

Look in the audio/visual department for camera/speaker/lighting mounts.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Thu, Aug 9, 2012 at 4:05 PM, Reams, Lane lane.re...@vanderbilt.eduwrote:

 I was looking to purchase some tripods to mount APs, similar to the ones
 used at CiscoLive.  Anyone know where I can find these?

 ** **

 [image: Description: Description:
 http://lh3.ggpht.com/_WD-mUdH9mlk/TDDeTbj5dNI/BSk/-b3btEuc0iY/s288/IMG_0377.JPG]
 

 ** **

 Lane Reams

 Manager Network Design  Engineering

 Network Computing Services

 Informatics Center

 Vanderbilt University Medical Center

 (615) 936-2677 (office)

 ncs.mc.vanderbilt.edu

 ** **
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

image001.jpg

Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.)

[Coehoorn, Joel]

That is worth mentioning: I'll be disappointed if this petition is limited
to AirPlay. The real target here is Bonjour. It's required for an iOS
device to use wifi to sync to iTunes. Time Capsule uses it. It is rapidly
becoming the cornerstone of Apple's networking story.

In fairness, if we give Apple the benefit of the doubt on the
experimental part of the mDNS description, then small networks without
DNS servers perfectly describes the typical Apple deployment environment.
Move beyond that, though, and the experiment has failed. Spectacularly.

Just be careful what you ask for. Apple's likely response is to release a
new line of AirPort access points for enterprise that work with Bonjour and
make Cisco's pricing look like D-Link.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Fri, Jul 6, 2012 at 10:08 AM, David Gillett gillettda...@fhda.eduwrote:

For me, the key point is enterprise networks.  When Bonjour first
 came to my attention, it was officially described as An experimental
 protocol for small networks without DNS servers.
   Apparently, Apple's thinking is that if you use their products, your
 network MUST qualify.  I believe THAT is the attitude that needs to be
 changed.

 David Gillett

  --
 *From:* Johnson, Neil M [neil-john...@uiowa.edu]
 *Sent:* Friday, July 06, 2012 7:55 AM

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You
 knew it was coming...Airplay/Apple TV support for instructors.)

How about:

   Whereas, we the undersigned academic and research institutions are receiving
 numerous requests from our faculty, staff, and students for the ability to
 utilize Airplay technology in classrooms, conference rooms, and other
 locations, hereby solemnly request that Apple provide support for Airplay
 technology in enterprise networks.


  Specifically, we request the following (in order of priority):

- That Apple establish a way for the Apple TV (and other Airplay
enabled devices) to be easily accessible across multiple IPv4 and IPv6
subnets.
- That Apple establish a way for the Apple TV (and other Airplay
enabled devices) to be easily statically configured to be accessible across
multiple IPv4 and IPv6 subnets.
- That the Apple TV support Enterprise Wireless Encryption and
Authentication (WPA2-Enterprise)
- That authentication to the Apple TV be able to utilize enterprise
authentication services (LDAP and/or AD)


  Any enterprise Airplay solution needs to meet the following criteria:

- It must scale to 100's-1000's of Airplay enabled devices.
- It must work with wired and wireless networks from different vendors.
- It must not significantly negatively impact network traffic (wired
and wireless).
- It must be easily manageable at scale.
- If it requires a separate hardware solution, the solution's hardware
must be enterprise grade (rack mountable, dual power supplies, etc.)
- It must be provided at a reasonable cost

  Failure to provide this support severely limits the usefulness (and 
 desirability)
 of Apple products in our institutions.



 At your earliest convenience please provide us with a roadmap for support of
 Airplay and related technologies in enterprise wireless environments.



 Thank you.

   --
 Neil Johnson
 Network Engineer
 The University of Iowa
 Phone: 319 384-0938
 Fax: 319 335-2951
 Mobile: 319 540-2081
 E-Mail: neil-john...@uiowa.edu

--
 Neil Johnson
 Network Engineer
 The University of Iowa
 Phone: 319 384-0938
 Fax: 319 335-2951
 Mobile: 319 540-2081
 E-Mail: neil-john...@uiowa.edu


   From: Ian McDonald i...@st-andrews.ac.uk
 Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Date: Friday, July 6, 2012 9:32 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Apple Petition (Was Re: [WIRELESS-LAN] You
 knew it was coming...Airplay/Apple TV support for instructors.)

   It must run on a standard size rack-mountable server class piece of
 hardware!



 I’m not big on “discovery”, I’d much rather some central registration 
 arbiter system through which the traffic flowed, and probably a separate
 “Airplay Enterprise” software implementation.

 We don’t want to have to allow inter-client communications on either our
 wireless or wired networks.



 In general though, I’d like to see it looking like it’s a deployable and
 manageable solution, not something that might work (if you’re lucky) in
 your house.



 My 0.02 J



 --

 ian



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUWIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 *On Behalf Of *Johnson, Neil M
 *Sent:* 06 July 2012 15:26
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] Apple Petition (Was Re: 

Re: [WIRELESS-LAN] 4-channels in 2.4 GHz

[Coehoorn, Joel]

I looked into this about 18 months ago for our campus. It never made it to
the point of a trial: I learned enough to stop the project before it made
it that far, and I think I can summarize here what I found.

I'll start by going back to basics: we all know that wireless channels
overlap. A graph of signal from a wireless access point typically takes the
shape of a parabola, or cone, with the open end pointed down and centered
on the channel used by the access point. An example can be found at the
following link found via quick Google Images search:

http://www.bestandroidappsreview.com/wp-content/uploads/2010/04/Top-Android-App-WiFi-Analyzer-Signal-Graph.png

That image (from an app I'd used with great success on iOS before it was
pulled from the Apple App Store for using undocumented APIs) clearly shows
overlapping signals. The wider portion as a signal flares out towards the
bottom is often referred to as a signal's skirt... this term skirt will
be important later. The common best practice to avoid overlap (and thus
avoid interference and improve performance) is to only use channels 1,6,
and 11.  That much I think everyone here understands very well.

Now let's move on to a 4-channel scenario. If you put four access points
right up next to each other on channels 1,4,8,and 11, you *will* have
interference. Channel 1 signals will collide with Channel 4, 4 will collide
with 1 and 8, 8 will collide 4 and 11, and 11 will collide with 8,
resulting in reduced performance throughout the spectrum. This is also not
in question.

But what if you separate these four access points... put some distance
between them? Simplistic graphs such as from my earlier link imply that as
the power level of the signal falls over distance you will have a shorter
and therefore narrower skirt. Could careful planning allow you to place
access points so that channel 1 APs are never near channel 4 APs, 4 APs are
never near 1s or 8s, 8s are never near 4s or 11s, and 11s are never near
8s, and in this way increase AP density beyond what you could do with only
three channels, all while still avoiding interference?

The short answer is no. It comes down to the skirts again. Most low-end
tools to measure wireless coverage do a poor job of showing this, but my
understanding is that wifi RF is such that the skirts flare out quickly,
and you have nearly all of the signal overlap even at fairly low power
levels. These wide skirts makes it impractical to try for four channels...
you're almost as bad off as if you tried to use all eleven.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Tue, May 8, 2012 at 11:01 AM, David Gillett gillettda...@fhda.eduwrote:

 **
   Our pilot deployment included four APs in a single fairly-small
 building.  If I recall correctly, I put the two in the middle of the
 building on channels 1 and 11, with the two further out, one on ch8
 (nearest the AP on ch1) and one on ch4 (nearest the AP on ch11).  I'm
 pretty sure these were only doing 802.11b, so even where the interference
 was low, the performance was modest, and nobody yet expected anything
 better  Essentially, I tried to take advantage of physical separation
 where I couldn't rely on channel separation.

   (These days, we use Aruba, and generally let it try to find a selection
 of channels for minimal interference.)

 David Gillett, CISSP CCNP


  --
 *From:* Lee H Badman [mailto:lhbad...@syr.edu]
 *Sent:* Tuesday, May 08, 2012 07:34
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] 4-channels in 2.4 GHz

  With no intent to open a conversational can 'o worms, I'm curious if
 anyone is running a 4-channel plan on their production WLANs, that is
 willing to share their opinions and experiences on the topic.

 Thanks-

 Lee

  Lee H. Badman
 Wireless/Network Engineer, ITS
 Adjunct Instructor, iSchool
 Syracuse University
 315.443.3003
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 4-channels in 2.4 GHz

[Coehoorn, Joel]

Phillippe, this is something I would **love** to be shown to be wrong
about.

I think all of us could benefit from a 4th channel (I know I would), if it
comes with clear guidelines for when and how to use it in a way that will
increase rather than decrease throughput. Right now, the best guidelines we
have say, Stick with 1,6, and 11. Deviation from that is more likely than
not to result in pain.

Perhaps what is needed is more successful 4 channel implementations for
study, but I think we're likely to see mainstream 5ghz make this all
obsolete by then.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Tue, May 8, 2012 at 2:19 PM, Hanset, Philippe C phan...@utk.edu wrote:


  On May 8, 2012, at 3:00 PM, Coehoorn, Joel wrote:

  The short answer is no. It comes down to the skirts again. Most
 low-end tools to measure wireless coverage do a poor job of showing this,
 but my understanding is that wifi RF is such that the skirts flare out
 quickly, and you have nearly all of the signal overlap even at fairly low
 power levels. These wide skirts makes it impractical to try for four
 channels... you're almost as bad off as if you tried to use all eleven.


 Joel,

  You forgot the black magic part of wireless ;-)
 We didn't go with theory back in 2000, but with measurements.
 In a large auditorium  with 100+ users and 4 APs, we were getting better
 throughput with 1-4-8-11
 than with 1-6-11-1. We didn't play with smaller cells.

  Philippe

  Philippe Hanset
 Univ. of TN, Knoxville
 www.eduroamus.org



  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] You knew it was coming...Airplay/Apple TV support for instructors.

[Coehoorn, Joel]

York College is installing an AppleTV in every networked classroom over the
next year.  This is in support of a 1:1 iPod Touch program we use.  We're
tiny relative to U of Iowa, but if any of this helps, here's how we're
making it happen:

Classroom buildings are set so that users in the same building should be on
the same subnet. We're small enough this is not a problem for us.

Where possible, we're using a wired connection to the AppleTV  and setting
it to the same vlan as the wired network.  Right, that's only two rooms,
but the thought of streaming video up to the access point and back to the
AppleTV for a single device makes me cringe.

Most of our classrooms are in older buildings. There's only one wired
network drop to the room, and adding more will be problematic. To alleviate
this, we're looking into small switches in rooms, to support the instructor
PC, a wireless access point, a byod network port, the AppleTV, and a
projector connection, and in a few cases a printer all of the same original
drop. At (count 'em) up to 6 devices per room plus the uplink, we think
that will be the better way to go.

Multicast is enabled within each subnet. This is for every subnet across
the board. Again, we try to keep it to exactly one subnet per building, and
as an admin when I enter a building I know which subnet I should get. This
is great for students, because their Apple toys all tend to work the way
they want, but the amount of traffic across campus (especially on
inter-building fiber links) is still reasonable. This is done mainly
because of our 1:1 iPod Touch program... it just wouldn't do to have those
and not be able to use them well, and even PC users will have iTunes. As a
much larger institution, Iowa may need to think about dividing building
into wings or floors, as well.

Make sure to set the AppleTVs to never sleep, and name them after the
classroom.

Make sure to education faculty on how to switch inputs between the computer
and AppleTV. Even faculty who never use the AppleTV will need to know how
to switch a projector back to the computer input after the prior faculty
member left it set to AppleTV.


  Joel Coehoorn
IT Director
York College, Nebraska
402.363.5603
jcoeho...@york.edu






On Fri, Dec 16, 2011 at 11:50 AM, Jeff Kell jeff-k...@utc.edu wrote:

 On 12/16/2011 12:47 PM, Lee H Badman wrote:
  This is where I daydream about the likes of several Apple engineers
 reading this list, thinking Gee, maybe we should consider how to make our
 toys work in the actual enterprise. It seems that these higher ed folks
 have real networks that we don't always play well with at times.
 
  BYOD- bring your own dilemma.

 Yes, we try to counter Bonjour and Rendezvous with Au Revoir :)

 Jeff

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] College deals with wireless issues

[Coehoorn, Joel]

 If we could provide great / sufficient / pervasive non-wired coverage
using
 $40 AP instead of $400 Cisco AP, resident might not want to bring in their
 own $40 AP.

Actually, you can do that. Those cheap $40 access points can be easily
reconfigured to act as a thick access point by just turning off dhcp,
setting a static IP in the correct range, and connecting your uplink line
to a LAN port rather than the WAN port.  Spend about $100 on a
nice buffalo that supports dd-wrt with a customized config file ready to
load, and you can get something close to a vendor system for less than 1/4
the price.

Of course, that means doing a lot of leg work yourself: configuring access
points, setting up subnets/zones, multiple ssids, security, and every
change means a manual deployment to individual access points. I'd love to
see a feature added to dd-wrt that allows polling a config server for those.

But the really big thing you give up here is the reporting. You can make up
for some of that with existing syslog or gateway reporting tools, but some
of the information you'd get from a controller-based solution is just not
replaceable.

Joel Coehoorn
IT Director
402.363.5603



On Fri, Nov 11, 2011 at 10:11 AM, leo song s...@uoguelph.ca wrote:

 **
 If we could provide great / sufficient / pervasive non-wired coverage
 using $40 AP instead of $400 Cisco AP, resident might not want to bring in
 their own $40 AP.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Access points with very low performance when multiple users connect their computers at the same time.

[Coehoorn, Joel]

Your problem is probably air time density.

The issue is that you only have 3 non-overlapping channels to work with in
the 2.4Ghz space, most users won't have 5Ghz-capable laptops, each channel
only supports about 25 clients from a practical standpoint, each access
point is likely only listening on one specific channel, and you have up to
400 users trying to connect all at about the same time.  That's just not
going to work.  Things get better a few minutes after a class starts
because some students will just give up, and most others will settle down
to only use air time only in short bursts, as they load and then pause to
read pages.

The typical solution is turning down the transmit power, such that signal
for each access point does not leave it's own classroom, and then add
access points to each classroom such that you're listening on more of the
available channels within the rooms. The goal is to reduce the cell size
(and therefore number of clients) served by each access point, and increase
the available channels. You can do this by adding access points, or by
getting single access points with multiple independent radios that are
capable of using the additional channels simultaneously.

Even here, you'll likely still have issues as many of the laptops will not
turn down power to their own radios and still clutter up the air space.  It
would be like trying to listen to the professor if most students in the
classroom were also having conversations among each other at their normal
speaking volume.

As for distributing traffic, there are different load-balancing options out
there depending on your vendor.  But even with generic thick access points
you'll see quite of bit of load balancing happens naturally, without you
having to do anything special so encourage it.  You ought to be able to
just add the access points without needing to do much of anything for load
balancing.

Joel Coehoorn
IT Director
York College
402.363.5603



On Thu, Nov 10, 2011 at 11:09 AM, Ethan Sommer somm...@gac.edu wrote:

  With almost any manufacturer you can set a max number of clients per
 radio. You could set the max per radio to 25ish and put (capacity of
 classroom/25) APs per classroom.



 On 11/10/2011 10:54 AM, Luis Fernando Valverde wrote:

 Hello,

 we have four adjacent classrooms (two in front of two and 5 meters between
 each one) with capacity to 80-100 students each one.Each classroom has
 its own Cisco Aironet 1240 AG Access Point.

 When all the students inside the classroom connect their computers to the
 wireless network, response time behaves very slowly for several minutes,
 until the traffic network stabilizes and reaches a better performance.   We
 have tested other AP including Ruckus (802.11 b/g/n) and the problem
 remains.

 We could install two AP by classroom, but we would need to distribute the
 connections between each one.  Does someone know a solution without having
 to use different SSIDs to distribute traffic among multiple access points?
 Does someone have any suggestion to solve this issue, including other
 access point manufacturer?

 Any comment is welcome.

 Thanks,

 ---
 Luis Fernando Valverde
 Director de Tecnología de Información y Comunicaciones
 INCAE Business School
 Tel: 506+ 24 37 23 38
 www.incae.edu

 
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



 --
 Ethan Sommer
 Associate Director of Core Services
 Gustavus Technology Services
 somm...@gustavus.edu
 507-933-7042
  ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless in dorms

[Coehoorn, Joel]

That Altitude 4511 product looked interesting. I'm curious to know the
per-unit price on those, as quick google and amazon searches didn't bring
anything up in that regard. I'd also like to see one with a pass-through
port, so I can put one over an existing port in a student's room or
classroom and still connect the existing wired device at the same location.

We also were unable to find the budget for a traditional controller-based
system, but we managed to do pretty well for ourselves using APs from
Engenius (ECB-9500).  They run under $100 each, vs $400, $600, or more for
enterprise level access points, and we run them without a controller,
instead using existing infrastructure.  The cheaper APs plus no controller
put us in at about 1/10 what were quoted for a traditional Aruba or Cisco
system.

Of course, at that price we made a few compromises:

   - Reporting. This is huge. I don't get to know who's using what spectrum,
   and I often have to wait for students to tell me an access point isn't
   working in an area before I know about, rather than being proactive about
   it. We work around this because we have good er
   - Multiple SSIDs per access point. Our system actually will support this,
   but we haven't had the time to set it up yet.  We do have some basic
   divisions by geographical area on campus to split up broadcast domains, but
   that's it.
   - Fixed cell sizes (limited air space). My understanding is that more
   advanced systems can be set to automatically turn down transmission power
   based on the power from the neighboring access points, and thereby reduce
   the amount of airspace used by each client. We get by because we're small.
   Hand in hand with this is the need to manually tune channels. The access
   points we have support DD-WRT, which would allow us to tune this manually,
   but that would also mean buying and deploying more access points that we
   don't have budget for.
   - Limited to 50 access points for radius purposes with Windows Standard
   Server. Of course, we need more than 50 access points and so had to open up
   our dorm wifi (no encryption there at all :( ). Our administrative and
   classroom buildings are encrypted, though; we're small enough to be able to
   do it that way.  I'm working right now on a FreeRADIUS implementation that
   should fix this for us soon, but honestly our students **really like** the
   open wifi. We haven't had problems with campus neighbors and others leeching
   bandwidth, I have zero reports of abuse from tools like firesheep, and so
   while this is something I'm working on I'm not as rushed about it as I
   should be.

We're up to 78 access points now. Add in wiring some PoE injectors, and we
still spent less than $10,000 to unwire the whole campus.

Joel Coehoorn
York College IT Director
402.363.5603



On Mon, Sep 19, 2011 at 2:17 PM, Garry Peirce pei...@maine.edu wrote:

 2 cents from someone in a similar boat.

 ** **

 Unfortunately, some of our campuses have been unable to support ubiquitous
 wireless in dorms due to cost.

 In some cases they have only common areas covered.

 That being the case , with wireless being the preferred access method along
 with a lack of local campus policy in this regard they’ve understandably
 connected SOHO wireless routers.

 ** **

 Some our of ResHalls caused us significant problems on the wired side at
 the start of this semester.

 Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we
 weren’t able to corral an issue until implementing blocking of unknown
 unicast (cisco UUFB) on the ResHall subnets.  This being a wireless forum,
 I’ll omit the details but in a nutshell, the issues were ICMP
 redirect/ARP-amplification related and would intermittently peg the
 attaching campus router’s CPU.

 I think efforts to searchfix offending devices or train students is
 entering a never ending battle.

 ** **

 As cheaper devices will not have A radios (not that many clients will
 either….) co-channel interference is likely common.

 Add in interference , ex. assuming a fair # of microwave ovens, and I’d
 think their wireless experience is less than spectacular with no one to
 reach out to for insight/support.

 ** **

 I feel such devices in ResHalls  add an unmanaged infrastructure that not
 only underserves the users but may also have consequences for the managed
 infrastructure it connects to.   I suppose by allowing them to use such
 devices, one can remove themselves from wireless infrastructure/client
 support, but I’d rather be in a position where we could supply the needed
 wireless service in a managed way and avoid their need to use them.

 ** **

 ** **

 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ray DeJean
 *Sent:* Monday, September 19, 2011 11:04 AM

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] Wireless 

Re: [WIRELESS-LAN] Alternative POE injector for Ubiquiti wireless gear

[Coehoorn, Joel]

A quick check on Amazon shows they list for a mere $17 each:
http://www.amazon.com/Ubiquiti-POE-24-Power-Over-Ethernet/dp/B004EFHN66/ref=sr_1_8?ie=UTF8qid=1311170318sr=8-8

At that price, your solution might just be to get a stock of them so you can
switch them out quickly, and keep RMAing them.  Do that enough and the
company will get tired of fixing them and find a way to get you good stuff.


Joel Coehoorn
IT Director
402.363.5603



On Wed, Jul 20, 2011 at 8:35 AM, James F Eyrich eyr...@illinois.edu wrote:

 Laird


 On 7/20/2011 8:16 AM, Nathan Hay wrote:

 We have several point-to-point wireless links on our campus using Ubiquiti
 Bullet wireless access points.  These use a non-standard 24 V POE injector
 to power them.

 Less than a year after the install, almost all our POE injectors died.
  We've been RMAing them, but it takes a long time and now the RMA units are
 dying on me after just a few weeks.

 Has anyone found a replacement injector from another company to use with
 the Ubiquiti Bullets?

 Thanks,

 Nathan

 Nathan P. Hay
 Network Engineer | Information Technology
 Cedarville University | www.cedarville.edu
 937-766-7905
 twitter:  @nathanphay

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at 
 http://www.educause.edu/**groups/http://www.educause.edu/groups/
 .


 --
 James Eyrich
 Team Lead Network Design
 Wireless Service Manager
 CITES - Networking - Network Design and Support - Network Design Group
 University of Illinois

 eyr...@illinois.edu
 217-265-6867


 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at 
 http://www.educause.edu/**groups/http://www.educause.edu/groups/
 .


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iOS devices on wireless

[Coehoorn, Joel]

The issue here is that students are here to do academic work, and the
network needs to support that first.  But I think that while they are doing
that academic work they are still... here.  This is their home, and we can't
forget that. If it were just another corporate network we would do things
like block all ports except 80 and a few friends and be done with it.

To those who feel like grouping by residential area can't be done, I say you
haven't tried hard enough.  We're small enough here that it's not a problem
for me personally, but I have visited much larger campuses where this
problem is solved.  If residence halls themselves are too large, group it by
floor or wing.  It does require more work up front getting the settings
right for features like vlan tunnelling with roaming, but once you've got it
done right the first time it doesn't take anything more keeping it there.  I
sympathize with those trying to avoid NAT.  That makes this much harder, but
I think it is still doable. It may be that you need a separate SSID that
serves out non-routable IPs to those wanting to use bonjour.

And as for bonjour/mDNS itself -- my opinion is that it's a great streaming
pile of a protocol that Apple never should have put into production, but
they did and so now I get to support it, at least in the sense where it's
not specifically forbidden.

Joel Coehoorn
IT Director
York College Nebraska
402.363.5603



On Fri, Jun 24, 2011 at 9:05 AM, Johnson, Neil M neil-john...@uiowa.eduwrote:

 Even on on our wired side we have multiple L2 networks in the same dorm
 building. Our dorms are substantially bigger (800+ residents). When you
 only have two /16's for the entire campus and a desire not to do NAT, you
 have to make compromises.

 In addition, most of our dorms are right next to other academic buildings,
 so we have intra-building roaming to worry about. That can result in more
 complaints about connectivity issues than complaints about Bonjour not
 working.

 We have had some people expect to have Bonjour work between wired and
 wireless networks and have had to explain how that wasn't going to happen.

 -Neil

 --
 Neil Johnson
 Network Engineer
 The University of Iowa
 Phone: 319 384-0938
 Fax: 319 335-2951
 Mobile: 319 540-2081
 E-Mail: neil-john...@uiowa.edu






 On 6/23/11 1:53 PM, Jeffrey Sessler j...@scrippscollege.edu wrote:

 Bruce,
 
 I'm not sure I'm advocating large wireless networks at all... At the
 minimum, ensuring a given user's devices are all in the same L2 network
 doesn't change your desire to use smaller /23 subnets, it only requires
 additional back-end support to ensure those devices are placed together.
 Probably more work for IT staff, and potentially less efficient IP pool
 use, but I'd argue it will provide a better customer experience.
 
 Even the desire to group devices within a given residential hall together
 doesn't mandate a change in the size of your subnets, although I suspect
 that would depend more on the size of your housing units. Our residential
 halls are 80-100 beds, so an easy fit within smaller subnets.
 
 Jeff
 
  Osborne, Bruce W bosbo...@liberty.edu 6/23/2011 5:32 AM 
 Jeff,
 
 Large wireless subnets increase airtime consumed by broadcast traffic.
 That is why we use a VLan pool of /23 subnets.
 
 The clients are distributed automatically based on a hash of the mac
 address  the number of subnets in the pool, so we cannot easily control
 which subnet a user gets.
 
 Changing the number of subnets in the pool recalculates everybody's
 subnet too, so we make sure we have plenty of capacity.
 
 
 Bruce Osborne
 Wireless Network Engineer
 IT Network Services
 
 (434) 592-4229
 
 LIBERTY UNIVERSITY
 40 Years of Training Champions for Christ: 1971-2011
 
 
 -Original Message-
 From: Jeffrey Sessler [mailto:j...@scrippscollege.edu]
 Sent: Wednesday, June 22, 2011 4:30 PM
 Subject: Re: iOS devices on wireless
 
 Bruce,
 
 You could, by any number of technical solutions, ensure that students
 within a given residential space were all on the same L2 network. That is
 to say, if a given residence hall is made up of 200 students, then it's
 not technically difficult to ensure all the residential wireless devices
 within that area are placed in the same VLAN. Or, at a minimum, to ensure
 that a user's device(s) will always be in the same L2 network so that
 they can see each other. If one can't do that, then I wouldn't consider
 the wireless solution to be very flexible, especially given the trend in
 devices wanting/needing to talk to each other.
 
 On my campus, students spend four years of their life in what we consider
 a residential setting, and it seems only logical to me that the
 experience should, to the extent possible, mimic home life. That is, it's
 reasonable to me to expect a student's wireless devices to see each
 other, and that they should be able to share/collaborate with the other
 users within their residential hall.
 
 I know that if I was back in 

Re: [WIRELESS-LAN] High client density WiFi?

[Coehoorn, Joel]

 Depends really what they're trying to do with the connectivity. The
 odd bit of web/email ought to be OK, but interactive 3D video might
 not if all of them were doing it at once :)

+1 for that.  We're a very small school with about 450 students, a 1:1 iPod
Touch program, and mandatory daily chapel.  That means typically around 400
wifi devices in the same room at the same time sitting in students pockets
every morning, most of them still 802.11g.  We serve it all off a single
access point.  The key is that students are really not supposed to be
checking the devices during chapel, and so it's almost all just background
traffic like push notifications.  This would fall apart in a heartbeat if
they tried doing anything more complicated.  This summer we'll be adding a
few access points to the space for when it sees use for other purposes.


Joel Coehoorn
IT Director
402.363.5603



On Thu, Apr 21, 2011 at 10:31 AM, Ian McDonald i...@st-andrews.ac.uk wrote:

 We've been asked to do this before, in a large lecture theatre. In the
 event, not that many people tried to use it.

 We deployed 4 on 2.4Ghz G on 1,5,9,13 and then 8 Aps on 5G, auto channel
 assignment.
 I'm pretty sure you could simply tell your N access points that 2.4G was
 right out and do similar.

 FWIW, we have large theatres (mostly 350/300 or so), and we provide
 connectivity in them using wireless (normally 4 1142N's in the ceiling) and
 it appears to work OK, and we don't get whinging.
 Depends really what they're trying to do with the connectivity. The odd bit
 of web/email ought to be OK, but interactive 3D video might not if all of
 them were doing it at once :)


 Thanks

 --
 ian


 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Palmer J.D.F.
 Sent: 21 April 2011 16:12
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] High client density WiFi?

 Hello,

 I've been posed a tricky question by someone on a planning committee for a
 new campus building.
 ...is it actually feasible for 500 simultaneous WiFi connections in a
 lecture room?

 I was hoping that there would be someone that might have experience of
 answering (or providing a solution to) such a question who could offer some
 input as to whether this is possible, or how close to the figure of
 500 could we realistically achieve with the technology currently available?

 We are Cisco a site so ideally any solution would need to be one Cisco is
 capable of delivering, but if there are other vendors that are proven to be
 able to provide this kind of coverage to good effect, then I'd be glad to
 hear of your experiences.

 All the best,
 Jezz Palmer.

 -
 Jezz Palmer
 Library  Information Services
 Swansea University
 Singleton Park
 Swansea
 SA2 8PP
 -

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.11 in Parking Decks

[Coehoorn, Joel]

I'm not a fan of range extenders or wireless mesh options, but this may be a
good candidate, rather than trying to provide a network drop for the access
points.  I can't imagine a parking garage getting a lot of traffic, so the
wireless signal might have enough throughput to handle the backhaul as well.

Joel Coehoorn
IT Director
402.363.5603



On Wed, Dec 8, 2010 at 10:52 AM, David Blahut dabla...@vassar.edu wrote:

 I have no experience providing 802.11 in a parking deck but it sounds like
 a good candidate for a DAS or “leaky coax” deployment.



 -d



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 wireless-...@listserv.educause.edu] *On Behalf Of *Rick Brown
 *Sent:* Wednesday, December 08, 2010 11:11 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* [WIRELESS-LAN] 802.11 in Parking Decks



 Sorry for the repeat post.  I wanted to clarify the type of wireless
 coverage.


 Has anyone designed and provided 802.11 a/b/g/n wireless coverage to their
 parking lots and parking decks?  If so, do you have any tips or tricks,
 successes and/or failures that you would be willing to share?

 Thanks!

 Rick

 --

 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiFi blockers in classrooms

[Coehoorn, Joel]

I don't think it's an instructor issue or a technical issue.  It's a student
issue.  Some students will use wifi to goof off in class.  Some will use it
to help them take better notes or in other ways to help them do better.
 Others won't use it all.  The point here is that it's a tool; perhaps a
tool in immature hands, but a tool nonetheless.

I remember my last year of school I managed to acquire a Windows 3.1 laptop
for free that the prior owner had written off as broken.  I used it to take
notes some, but used in class a lot more to play solitaire.  I'm
unapologetic for this, because playing solitaire in class helped me to do
better.  No instructor can engage 100% of students 100% of the time, and
having the ready distraction available to keep my mind active helped prevent
me from zoning out entirely.  I'm sure that at times it distracted more than
it helped, but my feeling was that overall it ended in a big net positive
and probably bought me almost a full letter grade in every class where I was
able to use it.

Joel Coehoorn
IT Director, York College
402.363.5603



On Fri, Nov 19, 2010 at 5:50 PM, Brooks, Stan stan.bro...@emory.edu wrote:

  And if you offer guest access, that is another end run that students will
 find and use.  We prefer to keep the students authenticated and using an
 encrypted connection as a matter of general security - anyone heard of
 Firesheep?

 Addressing this issue with technology really is a losing proposition.
 Students will find ways around any method we use to limit there access.
 In my day, it was the comic or other book inside the textbook, passing
 notes, or skipping class.  Today it's the Internet, Facebook, IM, and
 texting.  It really needs to be addressed in the classroom by the
 instructors and the students.

 On a lighter note, I have this Doonesbury cartoon on my cube wall to remind
 me of what the students are really doing with Wi-Fi (or 3/4G) access.

 http://www.gocomics.com/doonesbury/2008/04/27

 There was an HP laptop TV ad from about the same time that highlighted this
 issue as well (motocross bikes and rock bands in the lecture hall), but I've
 not been able to find it online.  If anyone remembers it and has a link,
 please share!

   - Stan Brooks - CWNA/CWSP
   Emory University
   University Technology Services
   404.727.0226
 AIM/Y!/Twitter: WLANstan
MSN: wlans...@hotmail.com
 GoogleTalk: wlans...@gmail.com
--
 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
 wireless-...@listserv.educause.edu] on behalf of John Rodkey [
 rod...@westmont.edu]
 *Sent:* Friday, November 19, 2010 4:20 PM

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] WiFi blockers in classrooms

  And the law of unintended consequences strikes again:  Students figure
 this out and exchange credentials with those who aren't supposed to be in
 class at the time.
 End result:  not only do you have student using the network, but you've now
 compromised the passwords of any number of students.

 On Fri, Nov 19, 2010 at 8:50 AM, Methven, Peter J p.j.meth...@hw.ac.ukwrote:

  Greg, your suggestion makes sense in many ways especially as those
 students should be in the class! If they are not in class their “punishment”
 is no internet on campus... I would have a concern about what happens when a
 class location is moved (room or time), or a student changes
 class/module/course midterm whether this information is fed back correctly
 and in a timely manner. However this would be easy to implement as long as
 the student records systems had accurate information. (Which of course they
 always do ;-) )



 Many Thanks
 Peter



 Mr Peter Methven, Network Specialist

 Information Technology (IT)

 Allen McTernan Building, Edinburgh Campus

 Tel:  0131 451 3516



 For IT support queries or requests, please email ith...@hw.ac.uk or phone
 ext 4045, with full details of your query or request and your contact
 details.



 http://www.hw.ac.uk/it





 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 wireless-...@listserv.educause.edu] *On Behalf Of *Greg Schaffer
 *Sent:* 19 November 2010 16:35

 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] WiFi blockers in classrooms



 David,
 that's an interesting perspective.  I have had the opposite experience
 when I have taught.  Now, I should say that I am in IT and taught as an
 adjunct one intro networking class to 25-35 students.  At the beginning of
 the first class I told them that I am not going to regulate use of
 electronic devices in class; if they wanted to watch videos all during the
 class that was their decision *so long as it did not interfere with the
 class or other students*.  I also made it clear that they were responsible
 for all work in class and not paying attention in class was not a valid
 reason for extra attention during office hours.  It worked well, but it
 might have been 

Re: [WIRELESS-LAN] DHCP lease times?

[Coehoorn, Joel]

We're running a whopping 3 *days *now.  I like it because addresses stay
consistent among the student body.  If I see an IP addresses involved in
something I can often know who it came from.

A year ago it was just 5 minute leases, because we had a 255.255.254.0
subnet for wifi.  Bumped that to 255.255.248.0, increased the lease time,
and we've had zero problems.

But we're a small school (500 students) in a small town, and so lease space
really isn't an issue.

Joel Coehoorn
IT Director, York College
402.363.5603



On Tue, Sep 14, 2010 at 10:32 AM, James F Eyrich eyr...@illinois.eduwrote:

 Has any one looked at running significantly longer lease times?

 We are looking at the possibility of NATing our wireless service, moving to
 large private IP subnets for the clients and not needing to recycle
 addresses so often. We have discussed moving from the current 1 hour lease
 to 8 or 12 hours.

 thoughts?

 --
 James Eyrich
 Team Lead Network Design
 Wireless Service Manager
 CITES - Networking - Network Design and Support - Network Design Group
 University of Illinois

 eyr...@illinois.edu
 217-265-6867




 On 9/14/2010 10:13 AM, Methven, Peter J wrote:

 We run on half an hour lease times at Heriot-Watt University, Edinburgh as
 well. I had the lease time set to 15 minutes for a while, but this didn’t
 seem to release IP addresses in any great numbers at peak times when we most
 needed the leases available and just put more load on our DHCP servers.

 Many Thanks
 Peter

 Mr Peter Methven, Network Specialist
 Information Technology (IT)
 Allen McTernan Building, Edinburgh Campus
 Tel:  0131 451 3516

 For IT support queries or requests, please email ith...@hw.ac.ukmailto:
 ith...@hw.ac.uk  or phone ext 4045, with full details of your query or
 request and your contact details.


 http://www.hw.ac.uk/it


 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 wireless-...@listserv.educause.edu] On Behalf Of heath.barnhart
 Sent: 14 September 2010 16:01
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] DHCP lease times?

 30 minutes at Washburn as well. We had the same issue as what you
 described. No issues with the shorter lease time since we changed it 3 years
 ago.

 Heath

 On 9/13/2010 4:47 PM, Marcelo Lew wrote:
 What do you guys use for DHCP lease times on your wireless networks
 (external DHCP server)?
 We have an issue were our DHCP server (Cisco) reports subnets almost full,
 however, the Aruba Controller shows plenty IPs available. I think the issue
 might be related with devices getting on the network for a very short time,
 going off line, but the DHCP server still holds that lease. We have lease
 times set at 1hour for the wireless network.
 Shorter lease times maybe?

 Thanks,

 Marcelo

 Marcelo Lew
 Wireless Enterprise Administrator
 University Technology Services
 University of Denver
 Desk: (303) 871-6523
 Cell: (303) 669-4217
 Fax:  (303) 871-5900
 Email: m...@du.edumailto:m...@du.edu


 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.




 --

 Heath Barnhart, CCNA

 Network Administrator

 Information Systems and Services

 Washburn University

 Topeka, KS 66621
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 
 Heriot-Watt University is a Scottish charity registered under charity
 number SC000278.
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.


 **

 Participation and subscription information for this EDUCAUSE Constituent
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Student Wireless Printers in Dorms

[Coehoorn, Joel]

Where I'm at we're working on an alternative to basically remove the
temptation.  It's not ready yet, but hopefully by next semester our students
should be able to connect to computer lab printers from their personal
computers via the web printing feature in windows server.  This is a better
solution for most people than having a printer in the room, as there's no
ink to buy.  We have a software solution (pcounter) that layers over the
typical IP printer port to track print jobs via students' user ids to
prevent abuse - we can bill students for excessive printing and if it
becomes necessary have records of who was sending print jobs where and when
for tracking other badness.

Joel Coehoorn




On Thu, Aug 26, 2010 at 10:44 PM, Frank Bulk frnk...@iname.com wrote:

 Google is already on to that:
 http://blog.chromium.org/2010/04/new-approach-to-printing.html

 Frank

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
 Sent: Thursday, August 26, 2010 8:21 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Student Wireless Printers in Dorms

 Hi Stan-

 Your thoughts are a carbon copy of my own, and your approach mirrors what
 we
 are doing now. At the same time, a lot of parents and those who want to
 keep
 them happy would love to see a silver bullet emerge that somehow makes it
 all work. I'm picturing some not yet existent protocol/framework developed
 just for higher ed by the printer folks and WLAN makers.

 And I'd like a pony and some ice cream and to win the lottery:)

 -Lee

 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [wireless-...@listserv.educause.edu] On Behalf Of Brooks, Stan
 [stan.bro...@emory.edu]
 Sent: Thursday, August 26, 2010 6:50 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Student Wireless Printers in Dorms

 Lee,

 The answer is buy a Bluetooth printer or get a USB cable.

 At Emory, we do not support or allow wireless printers on our network.
 There is no easy way to manage these devices.  They don't support 802.1x
 authentication, so they would have to go on either an open or WPA-PSK
 wireless network.  Even if they got connected, there is no guarantee that
 the student would find their printer since we don't do static IPs on our
 wireless network and we use Aruba's VLAN pooling to provide manageable
 subnets on our controllers, so a wireless user and their wireless printer
 may end up on separate subnets.

 An additional disincentive for wireless printing is that others could see
 and print pages to the student's printer.  While this may make an
 interesting practical joke, I think the student who ends up with 100's of
 pages of garbage spewing from their printer will not be amused at the waste
 of paper and ink.

 If we see wireless printers, we ask the students to turn off the wireless
 interface and strongly recommend that they invest in a USB cable for
 printing.

  - Stan Brooks - CWNA/CWSP
  Emory University
  University Technology Services
  404.727.0226
 AIM/Y!/Twitter: WLANstan
   MSN: wlans...@hotmail.commailto:wlans...@hotmail.com
GoogleTalk: wlans...@gmail.commailto:wlans...@gmail.com

 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
 Sent: Thursday, August 26, 2010 6:08 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Student Wireless Printers in Dorms

 Is not the first time this topic has been put out there, but the semester
 opening once again pushes it out front and center.

 Has anyone found a supportable, comfortable way to squeeze hundreds of $40
 wireless printers into your carefully designed and tuned 802.1x-auth/secure
 residential WLANs? They tend not to run enterprise security profiles, and
 even if they did, there are still a lot of questions about how you'd use
 them as authorized clients.

 Thanks-

 Lee Badman




 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 
 This e-mail message (including any attachments) is for the sole use of
 the intended recipient(s) and may contain confidential and privileged
 information. If the reader of this message is not the intended
 recipient, you are hereby notified that any dissemination, distribution
 or copying of this message (including any attachments) is strictly
 prohibited.

 If you have received this message in error, please contact
 the sender by reply e-mail message and destroy all copies of the
 original message (including attachments).
 ** Participation and subscription information for this EDUCAUSE
 Constituent Group discussion list can be found at
 http://www.educause.edu/groups/.

 **
 Participation and