TLS cert, and profile installation problems

2015-04-23 Thread David Ziemba 
All, we're currently using EAP-PEAP and making plans to change to EAP-TLS. 
We've noticed in testing, only about half of devices we've tried are accepting 
the profile and installing it successfully.

We've found iOS devices will always accept the profile and install it 
successfully. We have mixed success with Android devices using the easy connect 
application. Problems across the board on Windows PCs.

Most of the troubles are due to the OS's approach to installing a certificate 
and they seem outside our control where students can bring any type of device.

Has anyone found an approach on the client OS in getting the profile installed, 
or have found a less-onerous manual installation of the profile?


Regards,
David Ziemba

Senior Network Engineer
719.389.6063
z...@coloradocollege.edu<mailto:z...@coloradocollege.edu>

ITS: Innovations & Solutions



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks

2015-02-27 Thread David Ziemba 
Agreed. We have LH still in production, came up from the 160’s (supermicro), 
2060’s (dell), and 4300’s (HP). LH was amazing with support, and an easy 
front-range trip to make to their support center / labs. HP support is terrible 
with LH products, and we are also no longer an LH customer.


Regards,
David Ziemba

Senior Network Engineer
719.389.6063
z...@coloradocollege.edu<mailto:z...@coloradocollege.edu>

ITS: Innovations & Solutions

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Holley
Sent: Thursday, February 26, 2015 3:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks

A little off topic, but…I was a LeftHand SAN customer several years ago.  
Awesome mid-tier solution…bought by HP.  HP decided that their in-house 
technical support could do a better job off supporting the product than the 
folks who had all the knowledge.  We went for two years having to figure things 
out ourselves.  The LeftHand products are still in existence, but HP has now 
priced them in the stratosphere.

I no longer am a LeftHand/HP customer…

   Brian

Brian Holley • Assistant VP / CSO
Middle Tennessee State University • mtsu.edu<http://www.mtsu.edu/>
Office 615-898-2228 • Cell 615-601-2025


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean
Sent: Thursday, February 26, 2015 2:34 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] HP is reportedly trying to buy Aruba Networks

On Thu, Feb 26, 2015 at 2:25 PM, Coehoorn, Joel 
mailto:jcoeho...@york.edu>> wrote:
> I do think this can be good for Aruba  If integrated well, HP could have 
> a compelling

We'll see how it works out. We had a 3Com system once upon a time. Remember 
3Com?

HP doesn't have a good track record for "integrating well" with the products it 
acquires. I remember 3com well. We were all 3com. After a few years of the 
HP/3com mess, we're Brocade now. And last year, stopped buying Aruba in favor 
of Ruckus. :)

Ray



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Problem with auth, Aruba, Bradford, and IAS

2011-10-18 Thread David Ziemba 
So, We've been noticing some troubles, and I'm curious if anyone has seen 
anything like this lately. It'll happen to mobile devices, laptops, just about 
anything that connects to our enterprise wireless (wpa2-enterprise).

We're running Aruba 3.4.4.3 across three controllers (sup2), Bradford 
4.1.1.280.P13, and IAS on Windows 2003 server. Once clients associate to an 
access point (within 2 seconds), it takes anywhere from 15-40 seconds to 
successfully authenticate. We haven't found anything consistent per device if 
it takes longer or shorter to pass auth, and even the same device might 
associate/auth in 5 seconds, and then associate/auth in 40 seconds.

On Bradford, the log turned over recently, and in the last 26 hours, there have 
been clients with 4200 radius requests, and the top 25 clients have between 
1200-3500 radius requests. Looking at the debug on the controller, we see 14 
eap requests and 14 radius requests for one client, and on the 14th radius 
request, there is a radius/eap accept/success. This one took about 15 seconds 
to pass auth:

Oct 18 16:06:51  station-up *  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  -- wpa2 aes
Oct 18 16:06:51  eap-id-req<-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  15
Oct 18 16:06:51  eap-id-resp   ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  112jsmith
Oct 18 16:06:51  rad-req   ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  19   165
Oct 18 16:06:53  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  19   77
Oct 18 16:06:53  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  26
Oct 18 16:06:53  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  2136
Oct 18 16:06:53  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  94   314
Oct 18 16:06:54  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  94   1175
Oct 18 16:06:54  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  31096
Oct 18 16:06:54  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  36
Oct 18 16:06:54  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  127  184
Oct 18 16:06:56  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  127  1175
Oct 18 16:06:56  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  41096
Oct 18 16:06:56  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  46
Oct 18 16:06:56  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  81   184
Oct 18 16:06:57  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  81   1175
Oct 18 16:06:57  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  51096
Oct 18 16:06:57  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  56
Oct 18 16:06:57  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  223  184
Oct 18 16:06:58  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  223  1175
Oct 18 16:06:58  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  61096
Oct 18 16:06:58  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  66
Oct 18 16:06:58  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  215  184
Oct 18 16:06:59  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  215  1175
Oct 18 16:06:59  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  71096
Oct 18 16:06:59  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  76
Oct 18 16:06:59  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  233  184
Oct 18 16:07:00  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  233  1175
Oct 18 16:07:00  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  81096
Oct 18 16:07:00  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  86
Oct 18 16:07:00  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  191  184
Oct 18 16:07:00  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  191  1006
Oct 18 16:07:00  eap-req   <-  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  9929
Oct 18 16:07:00  eap-resp  ->  04:1e:64:AA:AA:AA  00:0b:86:BB:BB:BB 
  9332
Oct 18 16:07:00  rad-req   ->  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  54   512
Oct 18 16:07:01  rad-resp  <-  04:1e:64:AA:AA:AA  
00:0b:86:BB:BB:BB/Bradford-PRI  54   124
Oct 18 16:07:01  eap-req   <-  04:1e:64:AA:AA:AA