RE: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade

[Frank Bulk (iname.com)]

Doesn't Apple do any staggering?

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Wednesday, September 18, 2013 1:35 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade

Our wireless traffic jumped up to 5 times what it was before the update.

On Wed, 18 Sep 2013, Eric T. Barnett wrote:

> Date: Wed, 18 Sep 2013 13:29:55 -0500
> From: Eric T. Barnett 
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
> 
> To: WIRELESS-LAN@listserv.educause.edu
> Subject: [WIRELESS-LAN] Bandwidth utilization and IOS7 upgrade
> 
> So has anyone else seen a HUGE spike in wireless traffic with the IOS7
update? Our wireless had a dramatic shift at exactly 11:55AM CDT that's
still going strong.
>
> Regards,
>
> Eric Barnett
> Senior Network Engineer/Wireless Administrator
> Information and Technology Services
> Arkansas State University
> (870) 680-4243
> http://wireless.astate.edu
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
>
>

-- 
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 802.11k

[Frank Bulk (iname.com)]

Note the distance between RIM's headquarters and Dennis's work.  =)

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald
Sent: Wednesday, November 20, 2013 9:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11k

You have a lot of Z10s? A recent article described Blackberry as "deader than 
paisley flares". I don't think I've even seen *one*. 

--
ian

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: 20 November 2013 14:57
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11k

We have implemented it on all production WLANs for one month. There is only one 
issue: BlackBerry Z10 cannot connect to our 802.1X secure wlan, but it can 
connect to the open wlan. I tested in my lab and confirmed that Z10 can connect 
to the secure wlan without 802.11k. We are considering roll back this change. 

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

- Original Message -
From: "Alan Nord" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, November 20, 2013 9:22:38 AM
Subject: Re: [WIRELESS-LAN] 802.11k


Looked into enabling this after a recent upgrade, but there is one major hurdle 
for my environment: "This feature must be implemented only if you are using one 
controller. The assisted roaming feature is not supported across multiple 
controllers." See here for more detail. 



On Tue, Nov 19, 2013 at 4:32 PM, Mike Albano < mike.alb...@unlv.edu > wrote: 


Curious if others have enabled 802.11k and if doing so has resulted in any 
client connectivity issues for clients that do not support it. Also, for the 
Cisco shops, the same question for "non-802.11k assisted roaming"ie "config 
wlan assisted-roaming prediction {enable | disable} wlan-id" 


Mike Albano 
Network Engineer 
UNLV 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . 





-- 

Alan Nord, CCNA 
Infrastructure Manager 
Information Technology Services 
Macalester College 
1600 Grand Avenue 
St. Paul, MN 55105 ** Participation and subscription information for 
this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: configuration script

[Frank Bulk - iName.com]

There's three options you can take: Windows Policy Editor, ZWLANCFG, and
Aruba's configuration utility.

 

See here:

http://www.networkcomputing.com/blog/dailyblog/archives/2007/03/wireless_pro
pag_9.html

for more details.

 

Frank

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Entwistle, Bruce
Sent: Tuesday, June 02, 2009 5:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] configuration script

 

We are looking at implementing WPA security for our wireless network and
need a simple method of configuring the client computers.  I was considering
a script to configure items such as network authentication, Data Encryption,
EAP type, etc.  Are there any recommendations for scripting such changes, or
perhaps an entirely different process?  I am mainly concerned with the
configuration of the Windows machines.

 

Thank you

Bruce Entwistle

Network Manager

University of Redlands

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193

[Frank Bulk - iName.com]

You would think there should be a near-hitless upgrade process.  Could be as 
simple as temporarily restricting APs from downgrading.  And that doesn't even 
have to be done the AP side, that could be done via a setting on the WLC.

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Dennis Xu
Sent: Wednesday, August 05, 2009 9:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193

I have seen the APs jumping between WLCs running different code levels and 
downloading different codes during upgrade as well. Then I came out this 
upgrade procedure and it seems no more looping:

1. On WLCs management interface vlans, remove the ACL entries which permit APs 
to join the WLCs. 
2. Download new codes to all WLCs from WCS at once.
3. Reboot all WLCs from WCS once.
4. Put the ACL entries back. 

Then you just watch the APs joining WLCs without looping.

Cisco would suggest to shut down all wisms port channels during upgrade and do 
upgrade through service port. That is the same idea to prevent APs from joining 
WLCs before the upgrade finish. 

Dennis Xu
Network Analyst
Computing and Communication Services
University of Guelph
5198244120 x 56217

- Original Message -
From: "John Watters" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, August 5, 2009 10:34:09 AM GMT -05:00 US/Canada Eastern
Subject: [WIRELESS-LAN] FW: [WIRELESS-LAN] WiSM 5.2.193

Sorry, I meant to send this to the list.

-jcw

-
John WattersUA: OIT  205-348-3992


> -Original Message-
> From: Watters, John
> Sent: Wednesday, August 05, 2009 9:33 AM
> To: 'Charles Spurgeon'
> Subject: RE: [WIRELESS-LAN] WiSM 5.2.193
> 
> 
> I upgraded 18 WiSM controllers yesterday & last night that support ~2,000
> APs. I also experienced the delayed joins.
> 
> In addition, I had APs joining controllers in other mobility groups. After
> that it is very hard to get them to move back. (I had a little over 100
> APs join controllers in other mobility groups - about 5%.)
> 
> In addition, I am seeing a lot of looping: When the WiSM controller
> rebooted to do the code upgrade, all its APs joined another controller and
> downloaded the code from that controller even though the controller they
> came from was already running that version (in my case 5.2.178). Then they
> tried to move back to their primary controller (now upgraded to 5.2.193),
> downloaded the new 5.2.193 code and rebooted. They then went back to the
> controller they originally moved to while their primary controller was
> being upgraded. Since that code was at a different level (5.2.178) that
> the new code they had just loaded for the upgraded WiSM, they downloaded
> the 5.3.178 code again & rebooted. They then tried to move back to their
> primary controller (now upgraded to 5.2.193), downloaded the new 5.2.193
> code and rebooted, they then went back to the controller they originally
> moved to while their primary controller was being upgraded. Since that
> code was at a different level (5.2.178) that the new code they had just
> loaded for the upgraded WiSM, they downloaded the 5.3.178 code again &
> rebooted. They then tried to move back to their primary controller
>  do you see the loop here?
> 
> This was finally resolved by just biting the bullet and upgrading all the
> WiSMs as fast as I could (including the suggested emergency boot image).
> That put all the APs into a real mess while it was happening, but really
> gave them no choice in the end except to join a controller running the
> 5.2.193 code which got them to stop downloading different code with every
> join.
> 
> I opened a case with Cisco but got nothing useful back. I have had this
> same problem with other WiSM code upgrades. Surely there is a better way
> to handle this problem of APs moving around to places where they aren't
> wanted.
> 
> If anyone has a workable solution to my problems, please send it along.
> 
> -jcw
> 
> 
> John WattersThe University of Alabama: OIT  205-348-3992
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Charles Spurgeon
> Sent: Wednesday, August 05, 2009 9:12 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] WiSM 5.2.193
> 
> On Tue, Aug 04, 2009 at 09:13:29AM -0500, Hector J Rios wrote:
> >
> >Has anybody upgraded to 5.2.193? Can you provide any feedback?
> 
> We have upgraded 31 WLCs from 4.2.130.0 to 5.2.193.0, with no
> operational issues seen and no problems reported for clients so far.
> 
> We have approx 3,500 APs, and the client count is at its lowest level
> due to summer session with around 3,000 peak simultaneous clients. We
> are installing a number of 1142s, s

RE: iPad Experiences

[Frank Bulk - iName.com]

More here:

http://www.fiercemobileit.com/story/apple-ipad-users-report-wifi-connectivit
y-problems/2010-04-06?utm_medium=nl

&utm_source=internal

 

Frank

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Peter P Morrissey
Sent: Tuesday, April 06, 2010 1:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] iPad Experiences

 

Has anyone seen much iPad action on their networks yet?

I heard today that we have around 10 of them doing Active Sync with email.

We had a couple of support calls early Monday indicating problems with our
Impulse/SafeConnect NAC system identifying them properly. Since then Impulse
put in a patch that apparently fixed it. Our xpressconnect config tool
worked fine using their tool, choosing the same option that configs iPods,
etc. We have also been testing our own iPad today and haven't seen any
issues yet. We noticed that the Apple's auto config worked as well for our
own 802.1x network, with the caveat that it made it possible for someone to
fake the certificate.

 

Pete Morrissey

 

 

  

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps

[Frank Bulk - iName.com]

AFAIK Aruba doesn't insert itself in the IPv6 path, just like Cisco, but it
does bridge the traffic fine (using it right now).  I'm sure Aruba has more
in the works, but I haven't asked/sought for that.

In terms of IDS/IPS vendors, I just engaged TippingPoint on this and they
wrote that "the N-Family devices (660N - 5100N) support IPv6, including
tunneled traffic from 4 -> 6, 6 -> 4, etc." and "currently the plan is the
TP10 will be able to support IPv6 sometime around the end of the calendar
year"

As for load balancers, these are my notes:
A10 Networks: today
Barracuda Networks: nothing on website; told one customer in Q1'10 or
earlier that IPv6 is in the works, and when asked for sooner, "they told us
it's based on customer demand and maybe by end of year [2010]."
Foundry (Brocade) ServerIron: they support IPv6 in the 11.x loads.
Coyote: "We can commit to the fact that the Coyote Point Systems Equalizers
in production today (GX platform family) will support IPV6.  I suspect that
the earliest you will see this capability is 4th Quarter 2010."
F5 BigIP: Yes
Kemp: does not have a solution, though it is on the horizon [stated fall of
2009]
Radware: Yes; just bringing out the new image for allowing DS on a single
interface. [stated spring 2010]
Zeus: zxtm has support 
http://www.zeus.com/products/load-balancer/index.html

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee, Steven
Sent: Monday, April 26, 2010 10:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps

James, we are currently running IPv6 on all of our campus wired and wireless
networks (WiSM's).   The WiSM's simply bridge IPv6 traffic to our routers.
Essentialy, there is no IPv6 functionality within the WiSM.  This is
problematic for many reasons, but the biggest is that IPv6 users can bypass
our web authentication if they only use IPv6 services.  Secondly, there is
no mobility solution for IPv6 users which has caused problems for clients.
We peer with "Google over IPv6", therefore any IPv6 problems are noticed
very quickly.  We felt the risk that we assume was acceptable enough for the
short term inorder to help push the IPv6 adoption on campus and to provide a
use case for vendors that aren't there yet.

The WiSM product manager gave us a roadmap on where IPv6 is headed with the
platform, but I think it was under NDA, so you'll need to ask your account
team to get you that info.  

I am not aware of any vendor that currently supports IPv6 for the wireless
space, although Aruba did announce upcoming support for it.  The vendors
seem to be in no hurry to implement it, so keep demanding it as a necessary
feature with every opportunity.  This applies to all vendors, not just
wireless.  An extra loud 'Hello' to IDS/IPS and load balancing vendors!

steve

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of James J J Hooper
Sent: Monday, April 26, 2010 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Feature Gaps

--On Friday, April 23, 2010 12:34:28 PM -0400 Mike King 
wrote:

> I was asked this today, and I didn't have a good answer, looking from 
> other Cisco Wireless Controller users to help me formulate a good 
> response.
>
> What features do you find lacking in the wireless LAN controller that 
> are available in other products?
>
> What is a major source of discontent with the product.
>
> What feature do you wish the product has
>
> I know I have one major source of discontent, the separate mesh 
> releases (which have finally be re-intergrated in the 6.0 release)
>
> What have you guys got?


I'm aware it's supposed to do IPv6, but have heard rumblings on the
grapevine that it doesn't do it in a functional sense -- is anyone using
IPv6 in production with Cisco WLCs (WiSMs in our case)?

If indeed the community believes this to broken, then that would be lacking
feature for me.

Regards,
  James


--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk   http://www.jamesjj.net
--

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] K-12 listserv?

[Frank Bulk - iName.com]

For all things K-12, or wireless for K-12?

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Rich Fulton
Sent: Tuesday, May 18, 2010 11:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] K-12 listserv?

Is anyone aware of a listserv similar to the WLAN Educause group which
focuses on the K-12 area?


Thanks in advance for any help.


-- 


  /rf

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Detecting clients.

[Frank Bulk - iNAME.com]

Try AirMagnet's handheld edition of its software...
 
Frank>>> [EMAIL PROTECTED] Monday, January 05, 2004 10:23:59 PM >>>looking for recommendations...We just spent a couple of hours trying to locate a machine misconfiguredfor interface bridging. The wireless interface was the bad boy, and allthe address we had. I walked around a while with Netstumbler, but onlyfound my access points, not the client I was looking for.Does anyone know of a device or software package (perhaps for the iPaq)that shows reliable signal strength and preferably MAC address at aminimum for ÀLL 802.11 devices in the vicinity?Cal Frye, Network Administrator, Oberlin Collegewww.ouuf.org , www.calfrye.com "MCSE - Minesweeper Consultant and Solitaire Expert"**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Controlling viruses

[Frank Bulk - iNAME.com]

Those of you who have been using Perfigo or Cranite's solution, it would be nice to hear from you how this solution helped control/manage this new MyDoom/Novarg virus outbreak in your Resnet.  Did anyone use a plugin to NetReg/Bradford Campus Managers plugins to de-register students and then re-secure them?  Perhaps by scanning port 3127?
 
Regards,
 
Frank Bulk
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Wireless Management Software

[Frank Bulk - iNAME.com]

Joe:
 
The ones that I am aware of include Cisco's WLSE (Cisco specific), Airwave, Wavelink's Mobile Manager, and Cirond's WiLAN Manager.
 
Frank>>> [EMAIL PROTECTED] Tuesday, February 10, 2004 9:35:46 AM >>>I am looking for what software or appliances others are using to helpmonitor, manage and maintain Cisco or other access points.**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] locate the rogue AP from wired side

[Frank Bulk - iNAME.com]

If you want to do some distributed wireless security monitoring, you might want to look at a solution from AirDefense or AirMagnet.  Network Chemistry has a cheap monitoring solution.
 
As for wire side detection, it's rather difficulty because the Ethernet MAC may or may not be the same as the wireless MAC.  Many times they are within plus/minus 1, but not necessarily.  They could be from two different sets.
 
Probably the easiest way to identify which room is to do some rough triangulation, or, use a laptop, associate to the AP, ping from inside your network to your laptop, and then trace the route to your laptop's MAC.
 
Frank>>> [EMAIL PROTECTED] Tuesday, February 17, 2004 2:23:06 PM >>>Our campus, as all other universities in US, has lots of rogue APs.People spent less than 100 dollars each bought them from Bestbuy orcircuitcity and plug them into the campus wired network. A large portionof the Rogue AP population even don't have WEP on. Everybody agreesthat it could cause security problems. But some people don't care. Wehave repeatedly told them not to do so and they still keep doing so. Ifwe are going to shut them off , how do we physically locate them?With netstumbler or similar tools, it is not difficult to find them,wirelessly. The BSSIDs or MAC addresses of the radio card are easy toget. But is it possible to find those APs from wired side? or morespecifially, locate the port to which this rogue AP connect, providedit is hooked into campus network?What we have: access to the MAC cache of all campus switches, theBSSID/MAC address of the radio card.Anybody has been facing the same problem/needs? Any efficienttools/software available?Thanks a lot!---Sean CheNetwork EngineerNetwork ServicesWayne State UniversityVoice: (313)577-1922Pager: (313)990-5403Email: [EMAIL PROTECTED] -**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] locate the rogue AP from wired side

[Frank Bulk - iNAME.com]

I don't believe that Netstumbler catches devices that hide their SSID.
 
While Cisco's WLSE 2.5 identifies rogues, it's not a solution I would get just to identify rogues.  WLSE remains primarily a configuration system for AP's.  Of course, if you already have Cisco AP's, then WLSE is a no-brainer.  
 
Wireless containment is a nice feature, but few have it; only Aruba's wireless switch can auto-contain.  The rest it's either manual or in consideration for implementation.  The vendors can all do it (it's just a DeAuth), but there are some liability concerns, obvious in situations where your system is on the 10th floor of a 25 floor building.
 
Frank>>> [EMAIL PROTECTED] Tuesday, February 17, 2004 5:44:12 pm >>>Here are a few hints Re: Rogue AP Detection:1. We found that they usually pop up in areas of low or no coverage (ofcampus wireless network). So, generally people will take them home, ifyou provide better coverage at their spot...2. Some WLAN software management tools have introduced Rogue AP detection(via wired), but that is fairly rudimentary: trying SNMP with well knowncommunity strings, telnet, http server - similar to OS fingerprinting.You could devise a plan with all these options, but beware - this isstill very unreliable.3. Netstumbler (and such) is the best method, but you may not catch it ifRogue AP is not on when you survey. Even if you find one, that may not beenough to identify a wired port. In order to catch the port (assuming NATon AP is on) you need to do something like attempt a connection to aserver (or just a ping) you have under control and trace back IP/MAC/port.4. APs doing automatic Rogue AP detection: that is under development oralready released by key players. I haven't seen Cisco WLSE in action, buta few screen captures looked interesting. Proxim AP2K will send a trap,but then you have to do all the processing, etc. You still may not knowwhich port to shut down, but at least it reduces the number of fieldvisits!-predrag-Predrag Radulovic Phone: (865) 974-0301OIT - Network Services Fax: (865) 974-86552339 Dunford HallUniversity of Tennessee, E-mail: [EMAIL PROTECTED] Knoxville, TN 37996 http://web.utk.edu/~prerad -**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] WLAN Operating costs

[Frank Bulk - iNAME.com]

I just read in a Cisco PowerPoint slide that according to a META Group 2003 report, 15% of WLAN's TCO is CapEx, while the last 85% is OpEx.  These numbers are probably more accurate for for-profit corporations, but there is probably some truth for schools, too.  If an organization spends $750 per access point with a 3-year life-cycle, and has a deployment of 300 AP's, that works out to be $425K per year in operational expenses.  That seems quite high.
 
Frank>>> [EMAIL PROTECTED] Thursday, March 04, 2004 1:40:49 PM >>>


I’m trying to get a sense of the costs associated with operating a WLAN, specifically as it relates to “physical” maintenance of a network with 100s of APs.
In other words: 

How often does one need to “touch” an AP for maintenance purposes (upgrade, replacement, configuration, debug, reset, etc.) ? 
How much time does one typically “spend” with the AP in the above cases and how is that time impacted by the fact the AP is in a hard-to-reach place (e.g. ceilings) ? 
 
Can anyone share their experience and/or statistics ?
 
 
Yair
 
 

 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. 
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] locating 'hidden' SSIDs etc.

[Frank Bulk - iNAME.com]

AirMagnet, both handheld, laptop, and distributed can do the same thing.  
 
Frank>>> [EMAIL PROTECTED] Friday, March 12, 2004 9:19:06 AM >>>Hi,Has anyone found a method of identifying the presence of hidden (nonbroadcast) SSIDs? NetStumbler locates all broadcast SSIDs but not hidden ones.The alternative, I guess, is to go the spectrum analyzer route and look forsources in the 2.4g range. There was a discussion quite some time ago (endof '01) about these devices. Does anyone have some recent advice/suggestions.thanks in advanceJamieJames Savage York UniversitySenior Com. Tech. 108 Steacie Bldg.[EMAIL PROTECTED] 4700 Keele Streetphone: 416-736-2100 ext.22605 Toronto, Ontariofax: 416-736-5701 M3J 1P3, CANADA/\ /\ /\ /\/ \ / \ / \ / \\ / \ / \ /\/ \/ \/**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] AP Bandwidth Question

[Frank Bulk - iNAME.com]

Eric:
 
That is not the case.  Each client can talk to the AP at different speeds.
 
Frank>>> [EMAIL PROTECTED] Friday, March 26, 2004 3:22:22 PM >>>


Hello,
 
I’m new to the listserv.  I read somewhere that the AP’s maximum speed for all clients is equal to the lowest connected speed, i.e. if one person connects at 1Mb then all users on that AP connect at 1Mb.  Is this true?  If so, that would explain why some of my clients end up with low speeds and great signal strength.  If this is vendor specific, we are using Cisco 350 and 1200’s on campus.
 
Thanks,
 
Eric Barnett, CCNA
Wireless Administrator
Information and Technology Services
Arkansas State University
870-972-3033
 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. 
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] [WIRELESS] Most un-wired campuses

[Frank Bulk - iNAME.com]

The study includes several aspects, if you look at the bottom of the link:

"The "Most Unwired College Campuses" survey findings are based on the number of hotspots, the number of undergraduates, number of computers and the computer to student ratio. The results were also based on the percentage of each college campus that is covered by wireless technology. The data was collected from university interviews and documents, and a variety of industry sources."

 
I was surprised to see that Syracuse University was included, considering that the wireless coverage here is not 100%.  It shows that 100% campus coverage is not a prerequisite to getting on this list, and shows the relatively lack of deployment in colleges and universities nationwide.
 
Frank>>> [EMAIL PROTECTED] Thursday, April 08, 2004 10:21:09 AM >>>Agreed. Not only UT, what Carnegie Mellon and others? I happen to knowthat UT Austin has about the same number of AP¹s deployed over their wholecampus as we do in our student apartments?? Not to know Austin, which iscoming along very nicely, just that the study is flawed/skewed.Doug JacksonFrom: Dewitt Latimer < [EMAIL PROTECTED] >Organization: Univ of Notre DameReply-To: "802.11 wireless issues listserv"**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Fwd: [Wi-Fi Net News] T-Mobile Launches Semi-Private Hotspots at American University

[Frank Bulk - iNAME.com]

For this list's interest
 
Frank>>> [EMAIL PROTECTED] Friday, April 16, 2004 10:42:48 AM >>>By Glenn FleishmanSpecial to Wi-Fi Networking NewsPermanently archived item < http://wifinetnews.com/archives/003223.html >[1] T-Mobile installs its service at Washington's American University: This unique relationship benefits T-Mobile enormously, but it's ambiguous what the university gets out of it. The release makes it clear that T-Mobile isn't overlaying a network on the existing wireless LAN at the university, but has installed its own network in 10 buildings. Students, faculty, and staff will receive discounted rates on T-Mobile's cell and Wi-Fi service off-campus, which is a more significant revenue opportunity for the No. 6 cell carrier than the potential revenue from an on-campus for-fee WLAN.The university's only benefit is that they don't have to bear the cost of installing and maintaining a guest-only WLAN and handling access to it. I've heard horror stories from various conferences, including one at Stanford of all places, where attendees had to send in their wireless adapter's MAC address ahead of time to gain free access during the event.Still, it means that guests to American University will be paying for Wi-Fi on campus and it will only be accessible in certain locations on campus. At other institutions, universities have built virtual LAN infrastructure and entirely or partially opened a partitioned guest-only Wi-Fi network everywhere.URLs referenced:[1] < http://bizyahoo.com/bw/040416/165172_1.html >--You can reach Wi-Fi Networking News at < [EMAIL PROTECTED] >Our postal address: 115 N. 85th St., Suite 205, Seattle WA 98103
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Wireless site survey tool

[Frank Bulk - iNAME.com]

Title: Wireless site survey tool


Nas:
 
I've tested Surveyor, and it works quite well.  It's based on the concept of active and passive surveys.  The active survey associates to an AP and record packet loss, signal strength, and connection speed.  The passive site survey listens for all APs and their beacons, and can only record each AP's signal strength from where it is.  While the product can't auto-discover, it is amazing to see that with a good 'walk', you can narrow down the location of the AP to about a 20' x 20' area.  The heat map shows it quite clearly.
 
Maps can be based on bitmap, jpeg's, and as well as AutoCAD drawings.  The product does require the use of one their support cards, so it is somewhat vendor specific.  Supported cards should be on their website.
 
I think that Ekahau's product can do something very similar, but for a few more dollars.  Trapeze's RingMaster is more a site planning tool.
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, June 03, 2004 10:32:43 AM >>>

AirMagnet has a new tool called Surveyor that they demonstrated at InterOp; I think it's out, and the list price was in the $2K range.  Runs on a laptop. I haven't looked at it yet but it does look like a good tool for site surveys.  I don't think it (or any product for that matter) can "auto discover" the exact location of an AP, but the resulting survey of signal strength and distribution should be enough to "figure out" where it is.
 
Greg
 

- Original Message - 
From: Mukhar, **
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Cisco's new WLSM

[Frank Bulk - iNAME.com]

Cisco released their new WLSM module for the Catalyst 6500 a few weeks ago.  I work for a magazine and we are examining this product and it's related components. 
 
Is anyone on this listserv actually planning on deploying the WLSM?  Is the requirement of a SUP720 a limitation for it's consideration?  What are your impressions of the WSLM?
 
I would be interested in some commentary and feedback on this product and your perception of Cisco's architecture, if possible.  If you are not familiar with it, here is a link:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00802252ba.html
 
Thanks,
 
Frank Bulk
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

RE: [WIRELESS-LAN] Cisco's new WLSM

[Frank Bulk - iNAME.com]

Matt:
 
That's a good question about the SUP720 requirement, the same one that we had.
- From what what we were told, previous SUP's did not have support for hardware-assisted Multipoint GRE tunnels.  There is a tunnel for each mobility group associated with an access point.  Mobiltiy groups are somewhat equivalent to wireless VLANs or SSID's.  So if your network has three SSID's on each of your 100 AP's, you would have 300 multipoint GRE tunnels.
 
Besides this performance requirement for tunneling, there are also the benefits of:
- user based rate limiting
- resource limiters
 
There are likely more reasons, but I have forgotten.  
 
As for inter-WLSM roaming, that's correct.  If you have 500 access points you'll need to associate half the AP's with one WLSM, and the other half with the second WLSM.  Roaming times in the 50 ms range (using CCX v2.0 cards, of course) will only occur between AP's associated to the same WLSM.  I expect Cisco to increase the number of AP's they support per line card as well as solve or mitigate the inter-WLSM roaming issue.  Of course, there is no guarantee of that, but it's a reasonable assumption.
 
Regards,
 
Frank>>> Thursday, July 01, 2004 7:47:07 AM >>>


Frank,
 What is the requirement of a SUP720 about? Can you explain this more?  I also heard you can’t roam from 6500 to 6500. Is that true?
-Matt
 




From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk - iNAME.comSent: Wednesday, June 30, 2004 9:51 PMTo: [EMAIL PROTECTED]Subject: [WIRELESS-LAN] Cisco's new WLSM
 

Cisco released their new WLSM module for the Catalyst 6500 a few weeks ago.  I work for a magazine and we are examining this product and it's related components. 

 

Is anyone on this listserv actually planning on deploying the WLSM?  Is the requirement of a SUP720 a limitation for it's consideration?  What are your impressions of the WSLM?

 

I would be interested in some commentary and feedback on this product and your perception of Cisco's architecture, if possible.  If you are not familiar with it, here is a link:

http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00802252ba.html

 

Thanks,

 

Frank Bulk** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

RE: [WIRELESS-LAN] Cisco's new WLSM

[Frank Bulk - iNAME.com]

Matt:
 
Has Cisco's solution ever been cheap? ;)  
 
Let me detail a few of the list price costs (educational institutions should be able to get at least 35 and up to 45 points off list).
WLSM: $18K
minimal incremental licensing costs to go from 150 to 300 AP's: $8K
Firewall module: $35K
SUP720: $28K
Cisco's point is that their competitors don't scale, so for a deployment of several hundred AP's, where their competitors would need to add management/control boxes, Cisco wouldn't.  Of course, their competitors claim scaling in the 20 to 130 range.  Whose numbers do you believe? I really don't have the answer for that.
 
I didn't see any user monitoring per-se with the solution, but I can imagine that the WLSE box (another $5K, I believe) can do something user related.  I'll have to look at this.
 
Each GRE tunnel can be prioritized on a per tunnel or per packet basis, and rate limiting of the contents can be done via their SUP720's support for user-based rate limiting which can one an IP address or a larger group.
 
Although the WLSM is the actual aggregrator of the RF measurements and rogue information, administrator interaction concerning rogue detection, power levels, RF management is done via the WLSE box's web interface.
 
Regards,
 
Frank>>> Thursday, July 01, 2004 8:53:18 AM >>>


Frank:
    Thanks for the information, but it sounds like a pricey solution. A couple more questions if you happen to know. Can you do any monitoring of users with it? I don’t see how that would happen. Also using GRE there is no way to rate limit traffic at the IP level has it passed through your other routers. What does the solution do for Rogue detection and other goodies?
-Matt
 




From: Frank Bulk - iNAME.com [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 8:40 AMTo: [EMAIL PROTECTED]Subject: RE: [WIRELESS-LAN] Cisco's new WLSM
 

Matt:

 

That's a good question about the SUP720 requirement, the same one that we had.

- From what what we were told, previous SUP's did not have support for hardware-assisted Multipoint GRE tunnels.  There is a tunnel for each mobility group associated with an access point.  Mobiltiy groups are somewhat equivalent to wireless VLANs or SSID's.  So if your network has three SSID's on each of your 100 AP's, you would have 300 multipoint GRE tunnels.

 

Besides this performance requirement for tunneling, there are also the benefits of:

- user based rate limiting

- resource limiters

 

There are likely more reasons, but I have forgotten.  

 

As for inter-WLSM roaming, that's correct.  If you have 500 access points you'll need to associate half the AP's with one WLSM, and the other half with the second WLSM.  Roaming times in the 50 ms range (using CCX v2.0 cards, of course) will only occur between AP's associated to the same WLSM.  I expect Cisco to increase the number of AP's they support per line card as well as solve or mitigate the inter-WLSM roaming issue.  Of course, there is no guarantee of that, but it's a reasonable assumption.

 

Regards,

 

Frank>>> Thursday, July 01, 2004 7:47:07 AM >>>

Frank,
 What is the requirement of a SUP720 about? Can you explain this more?  I also heard you can’t roam from 6500 to 6500. Is that true?
-Matt
 




From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk - iNAME.comSent: Wednesday, June 30, 2004 9:51 PMTo: [EMAIL PROTECTED]Subject: [WIRELESS-LAN] Cisco's new WLSM
 

Cisco released their new WLSM module for the Catalyst 6500 a few weeks ago.  I work for a magazine and we are examining this product and it's related components. 

 

Is anyone on this listserv actually planning on deploying the WLSM?  Is the requirement of a SUP720 a limitation for it's consideration?  What are your impressions of the WSLM?

 

I would be interested in some commentary and feedback on this product and your perception of Cisco's architecture, if possible.  If you are not familiar with it, here is a link:

http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00802252ba.html

 

Thanks,

 

Frank Bulk
** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Cisco's new WLSM

[Frank Bulk - iNAME.com]

Jeff:
 
Let's be clear that the WLSM is not superset of WLSE's features.  The WLSM is an advanced WDS, and the WLSE will continue to play an extended role in managing access points, monitoring for rogues, load-balancing power, etc.  You don't need the WLSE to run the new WLSM blade, but most organizations will use that 1-U management solution.  
 
You make a valid point about vendors and the numbers of AP they support.  I think the reason they are so flexible is that the number is so variable.  It's dependent on how much traffic will traverse the switch, how many client sessions it needs to maintain, what kind of encryption will be used, the rate of roams, if clients are using just 802.11b or 802.11a/g as well, etc.  There is so much variety that all the vendors numbers can be qualified.  Each vendor will have some kind of bottleneck, whether it's the encryption processor, host processor, the data plane (a 100 Mb link could theoretically scale only to 4 saturated hi-speed links), or the control plane.  So vendors aren't being totally arbitrary when they crank up their numbers to get a deal or hammer out a licensing agreement.  Each organizations environment will be different.  In all of this there is a subtle warning: don't run the demo or pilot and prematurely call it a success.  Dense and pervasive deployments (both of AP's and clients) will likely discover the limits of these systems, so it's wise to deploy carefully, with plans to change the ratio of AP's/clients to controllers if performance becomes a problem.  I've had several vendors share customer stories in which the pilot ran well, but once they got into a dense deployments (or started using VoWLAN) the problems started appearing, and they decided to move to a new vendor or change their site design.
 
Of course Cisco shops will experience the best integration of Cisco-specific features between the wired and wireless networks, but that's to be expected, and why some organizations go with a single-vendor solution.  It's the client side of the wireless world that's difficult to control, most apparent in an educational environment.  I know that Syracuse University strongly recommends the Cisco 350 card, but that doesn't mean that's the only card students use.  As you stated, once you use non-CCX cards the roaming benefits of the Cisco solution are mostly lost.  But you still have the management of AP's and traffic control.
 
Competing solutions like from wireless infrastructure switch vendors have to be vendor-agnostic because they don't control any other part of the wired network.  You may call them Cisco-proprietary features, while Cisco will says it's the extra value it adds to the solution...they might even say that they provide a superset of features.  They might also say that the reason that some thing are proprietary is because Cisco has to provide solutions in response to customer demands while standards move slowly through the standard bodies.  It's the same thing in every product and industry.  At the end of the day, the customer needs to choose for themselves what's appropriate.
 
Could you elaborate a bit more on "Ask Cisco to demonstrate all their Aruba and Airespace -alike features when the only clients on the network are authenticating with EAP-TTLS/PAP"?
 
Regards,
 
Frank>>> Thursday, July 01, 2004 3:20:15 PM >>>On Thu, 2004-07-01 at 07:58, Frank Bulk - iNAME.com wrote:> Yes, a lot of people feel the same way. There a few differences, with> varying importance depending on the organization and/or person:> - places that have a large installed base of Cisco wireless gear could> take advantage of managing itAllegedly, this is what the WLSE does.. I've not seen consistent visionfron Cisco on whether all of the WLSE functions will be integrated intothe WLSM or whether you'll need to have both, or whether there will be aWLSE module for the cat.> - Cisco-shops that only buy Cisco will be ready to move into wirelessCan't dispute that.. :)> - Cisco's equipment should be able to scale within one box up to at> least 300 access points, and likely much more. Their competitors,> like Aruba, peak out in the low 100 range.Well, that's marketing. When you get down to brass tacks, some vendorsare willing to throw out the "we can't go more than 32 APs on this boxbecause it's a performance limit" and jack up the licensed number ofusers to accommodate your budget requirements. A Vendor sat in front ofus and swore that the AP limits on their switches were for performanceand were hard limits. When we started talking $$ numbers and I balked atthe pricing, they immediately switched to a config where they hadoversubscribed one of their "switches" by 100%. "We'll just tweak thelicense. The box has lots of headroom". So which is i

Re: [WIRELESS-LAN] Wireless AV Equipment- Any Success Stories?

[Frank Bulk - iNAME.com]

Lee:
 
Are you asking for non-802.11 wireless AV stuff?  I'm not familiar with that space, but I'm sure a tech head theatre arts would know...supposedly that stuff is regularly used for rock concerts, tours, etc, anything where there is a lot of travelling.
 
Frank>>> [EMAIL PROTECTED] Sunday, July 11, 2004 9:08:58 pm >>>Looking for some input on any wireless AV successes, mainly in wireless projection. There's a growing range of gear, but seems like a hard space to really read. Does anyone have wireless AV equipment living alongside wireless LAN gear with proper security, non-interference, etc.?LeeLee H. BadmanCWSP, CWNA (CWNP011288)Network EngineerComputing and Media Services (NSS)250 Machinery HallSyracuse UniversitySyracuse, NY 13244(315) 443-3003 Voice(315) 443-1621 Fax**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://wwweducause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] anyone try an ap-8 yet?

[Frank Bulk - iNAME.com]

Chris:
 
This URL:
http://wifinetnews.com/archives/004024.html
reviews some recent rulings from the FCC concerning antennas, and talks a bit about a relaxing in the 5 GHz spectrum that allows antennas in all three UNII bands (4th last paragraph)
 
Frank>>> [EMAIL PROTECTED] Monday, July 26, 2004 1:00:15 pm >>>I find the 802.11a antenna connection to be interesting. I have hadseveral vendors give me different stories about 802.11a antennas on APs.Does anyone know if using the 802.11a antennas is legal in the US? (Orwas the port put on there for use by other countries.) And if it islegal, where can you get antennas for it? I spoke with Maxrad atInterop, and they didn't seem to have any antennas that would do it.Thanks!--Chris "Spanky" Hessing NetworkingUniversity of Utah[EMAIL PROTECTED] Marriott LibraryFriends are people that know everything about you, but love you anyway.On Mon, 26 Jul 2004, Michael Griego wrote:> It's the same product as the Proxim AP-4000. If you're using the> Proxim/Avaya equipment, then the AP-4000 is a good upgrade. The .11G> performance in my testing has been more solid than the performance of> the .11G upgrade kit for the AP-2000 (Avaya AP-3). Other than that, the> management interface is identical to the AP-2000/AP-3. Having antenna> connectors for the 11A side is a nice new feature of the 4000s/8s.>> -->> --Mike>> ---> Michael Griego> Wireless LAN Project Manager> The University of Texas at Dallas On Mon, 2004-07-26 at 08:23, Matt Ashfield (UNB) wrote:> > Hi All> >> > We currently use Avaya's Access Points on our campus, and the latest product> > they've released is the AP-8. I've read the pdf's and heard the supplier's> > details, but just thought I'd ask this group if anyone has used it and if> > so, what are their impressions?> >> > Any info you can provide is greatly appreciated.> >> > Thanks> >> > Matthew Ashfield> > Network Analyst> > Integrated Technology Services> > University of New Brunswick> > (506) 447-3033> >> > **> > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .>> **> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .>**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Syllabus article

[Frank Bulk - iNAME.com]

I received the following SBC-sponsored link in a Syllabus (a higher education magazine) electronic newsletter.
http://www.syllabus.com/connectedcampus/index.asp
 
While I found two technical inaccuracies, the most interesting thing I took away from the article was that the network folk continue to see wired costs (per port?) increasing all the while deploying their wireless networks.  I would be interested in hearing the reaction from the members of this listserv.  Perhaps you can characterize the relationship between your wired and wireless budget (or expenditure) dollars over the last year.
 
Regards,
 
Frank Bulk
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Kansas State highlighted

[Frank Bulk - iNAME.com]

For all those interested, Kansas State's wireless network was highlighted in the latest Syllabus e-newsletter.
http://www.kstatecollegian.com/article.php?a=2395
 
Frank
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Wireless DHCP Server

[Frank Bulk - iNAME.com]

Clark:
 
Did you ever consider an appliance like InfoBlox's DNS One or BlueCat Networks' Adonis DNS/DHCP Appliance?  I believe that both of these provide high availabilty via failover, and both have good front ends for management.
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, September 02, 2004 10:39:43 pm >>>When we began doing production DHCP for our campus, our interest was for a complete campus solution, with emphasis on our 8000-9000 residential users; most of our remaining 17,000 or so ports continue to use static assignment, but DHCP is available in all of the 150 or so networks. This was about five years ago. Along the way, wireless throngs joined the mix.At that time we did a rather thorough analysis of ISC, Lucent's QIP, Nortel's NetID, Cisco Network Registrar, and Microsoft's built-in DHCP server. We decided on NetID, and we have been largely very satisfied with it for the five or so years that we have been running it. Our runner up was QIP, which is also a very impressive product. However, we returned to ISC this year as its fail-over and load-balancing features have come a long way and we wanted to move away from Solaris to Linux. We currently run both NetID and ISC, but our wireless network (about 5300 users and 830 APs) is being served by ISC. We intend to phase out NetID for our campus by year's end.ISC is a very good option, and you can't beat the price or the ubiquity. It probably has more road time than any of the others; I'd venture to guess that only Microsoft could come close in terms of installs. I don't know anyone using Microsoft for a significant deployment, so in terms of users served, it is ISC, hands down, imho.ISC still has many shortcomings, however. Some notable points are its relatively poor support for a database engine backend and its virtually non-existant user interface front-end. There are lots and lots of tools for it, though, as it has been around in the open-source community for so long, and it is extremely stable. I encourage you to consider ISC, NetID, and QIP.Consider the choice of failover carefully. Even 700 users is significant enough that you don't want any downtime for your DHCP server ... this is just as important as any piece of equipment in your core network, because if it breaks your users don't work. We've had occassional anomolies, but for all intents and purposes we've had 100% uptime for five years (in that, for the last five years, no user has every failed to get an address due to server unavailability). This is the mark you must hit for DHCP. Consider carefully the platform you run on relative to that mark.Clark GaylordCommunications Research EngineerVirginia Tech[EMAIL PROTECTED] 540-231-2347- Original Message -From: "Patel, Amish" < [EMAIL PROTECTED] >Date: Thursday, September 2, 2004 11:35 amSubject: [WIRELESS-LAN] Wireless DHCP Server> We have a 700 user wireless network at the law school. Students are> setup with a VPN connection to allow them to access the network here.> Can anyone recommend a good DHCP server that has feature that will> allowus to manage the wireless network here better? Thanks, Amish Patel>> Computer Services>> The John Marshall Law School>> [EMAIL PROTECTED] >> 312-427-2737 x550> **> Participation and subscription information for this EDUCAUSE> Constituent Group discussion list can be found at> http://www.educause.edu/cg/ .**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Fwd: [Wi-Fi Net News] University of Texas Forbids Independent Wi-Fi

[Frank Bulk - iNAME.com]

My reading of the FCC document leads me to things that student residence halls and dormitories are exempt from the FCC's recent clarification.  Housing is not leased in such a way as the student owns it, rather, it's rented.  In fact, it seems that most schools reserve the right to enter the premises at any time.  That seems to put student housing on a different level than TGI Friday's in Chicago's O'Hare Airport.
 
Are there any other schools that have discussed this issue with their legal department, and arrived at an interpretation?
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, September 09, 2004 1:18:32 PM >>>By Nancy GohringSpecial to Wi-Fi Networking NewsPermanently archived item < http://wifinetnews.com/archives/004124.html >[1] The University of Texas at Dallas has instituted a new policy that forbids students from setting up their own Wi-Fi networks: The university says the many independent networks cause problems for students trying to connect to the university provided wireless network. I'd like to know why so many students are setting up their own hotspots if the university offers free access--perhaps the university needs to improve their network so that students won't have the need to build their own. It will be interesting to see how students react to the new policy. As noted on Slashdot, this appears to be a case where an organization other than the FCC is attempting to regulate the airwaves. The FCC has recently clarified that it is the only body that controls the airwaves. URLs referenced:[1] < http://slashdot.org/article.pl?sid=04/09/09/1252213 >--You can reach Wi-Fi Networking News at < [EMAIL PROTECTED] >Our postal address: 115 N. 85th St., Suite 205, Seattle WA 98103
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Authentication/Encryption revisited

[Frank Bulk - iNAME.com]

Don't some SSL VPN's require some kind of ActiveX control to provide encryption for non-web-based applications?  That would neccesitate a Windows computer.
 
Of course, if the service being provided is web-based and can do SSL, then it's a nice easy way to secure your traffic Layer-3.  But your Layer-2 traffic is still in the clear.
 
Phillipe Hanset makes a good point about 802.1X's ubiquity.  68% of our ResNET uses Windows XP, 3% use Windows 2000, and 3% use Mac OS 9/X.  Thirteen percent recorded 'don't know', so many of them could be Win2K/XP.  That means at least 3/4's of the student population can use their OS' native 802.1X client.  Wait until next academic year and the numbers will be much better.  For the other older Windows computer there is even WIRE1x:
http://wire.cs.nthu.edutw/wire1x/
 
Add Cisco's ACS to provide the intermediate LDAP authentication, and you have a solution.
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, September 09, 2004 3:39:57 pm >>>Let me throw this out to the group, though it has been touched onbefore... I have some options in hand, but want to make sure none arebeing overlooked. Looking for options for authentication/encryptionbased on following requirements:- NO client software required for encryption- Operating system agnostic (work with any and all OS')- Directly compatible with LDAP- Scale to two thousand or more users, 750 APs eventuallySorta points to SSL VPN, I know. But again, am I overlooking any othersolutions that meet these requirements? If any of you use SSL-VPN, whosedo you use, and what do you like/dislike about it?This is a great group to follow, by the way :)LeeLee H. BadmanCWSP, CWNA (CWNP011288)Network EngineerComputing and Media Services (NSS)250 Machinery HallSyracuse UniversitySyracuse, NY 13244(315) 443-3003 Voice(315) 443-1621 Fax**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://wwweducause.edu/cg/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.

Re: [WIRELESS-LAN] Fwd: [Wi-Fi Net News] University of Texas Forbids Independent Wi-Fi

[Frank Bulk - iNAME.com]

Someone from resnet-l listserv posted a good response on this.  The only question I have left is if the Waterview apartments are leased or if they are dormitory housing.
 
##
I have found ACUTA (Association of College and UniversityTelecommunications Administrators) to be exceptionally helpful in thepast at recognizing and clarifying these regulation issues. SinceTelecommunications (in spite of "deregulation") has been historically alegally complex area they spend a lot of time and effort lobbying andclarifying various issues. I think you will find this excerpt from theSeptember ACUTA Newsletter especially helpful:
 
=>From ACUTA Headquarters - Jeri Semer, CAEACUTA Executive Director
 
FCC Clarifies OTARD Rules: College Dorm Exemption Still Applies=
 
On June 24, the Federal Communications Commission’s Office of Engineering and Technology (OET) issued a Public Notice (DA 04-1844) concerning the use of unlicensed devices (such as WiFi access points). The Public Notice stated that unlicensed devices are subject to the same consumer protections for the installation and use of consumer antennas under the FCC’s Over-the-Air Reception Devices (OTARD) rules as, for example, satellite TV dishes. The OTARD rules allow tenants to install such devices in areas subject to their exclusive use and control.
 
ACUTA immediately contacted the OET staff on this matter, due to our concern about the potentially negative impact of “rogue access points” on campus wireless networks. The FCC had stated in a previous Order that campus dormitory housing is exempt from the OTARD rules, because it is not a typical residential lease situation. Through our attorney, we contacted the OET staff to express our concerns regarding the Public Notice, and to seek clarification that the exemption for college dorms was applicable to unlicensed devices.
 
We are pleased to report the OET staff response that, “…the Public Notice does not change prior Commission interpretations of the extent to which college dormitories are, or are not, covered for a particular customer antenna installation.”
 
Thus, colleges and universities may continue to legally prohibit students residing in campus dormitories from placing unauthorized antennas for licensed services (such as broadcast or satellite television) or unlicensed services (such as WiFi).
 
However, in cases where the institution enters into an actual lease of residential property (such as student apartments or faculty homes), the exemption does not apply. In such cases, the resident would have the right to place antennas within their leased property.
 
ACUTA continues to carefully watch FCC actions, report on important developments, and represent your interests. Feel free to contact me at [EMAIL PROTECTED] if you have questions about this or other matters.
 

 
The full text of the newsletter is available in HTML form at:http://www.acuta.org/relation/DownloadFile.cfm?DocNum=965 or in PDF form at:http://www.acuta.org/relation/DownloadFile.cfm?DocNum=964 
 
--David P. AllenAsst. Dir., Network & Communication SystemsPacific Lutheran University##
Regards,
 
Frank Bulk
>>> "Frank Bulk - iNAME.com" <[EMAIL PROTECTED]> Thursday, September 09, 2004 2:05:00 pm >>>

My reading of the FCC document leads me to things that student residence halls and dormitories are exempt from the FCC's recent clarification.  Housing is not leased in such a way as the student owns it, rather, it's rented.  In fact, it seems that most schools reserve the right to enter the premises at any time.  That seems to put student housing on a different level than TGI Friday's in Chicago's O'Hare Airport.
 
Are there any other schools that have discussed this issue with their legal department, and arrived at an interpretation?
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, September 09, 2004 1:18:32 PM >>>By Nancy GohringSpecial to Wi-Fi Networking NewsPermanently archived item < http://wifinetnews.com/archives/004124.html >[1] The University of Texas at Dallas has instituted a new policy that forbids students from setting up their own Wi-Fi networks: The university says the many independent networks cause problems for students trying to connect to the university provided wireless network. I'd like to know why so many students are setting up their own hotspots if the university offers free access--perhaps the university needs to improve their network so that students won't have the need to build their own. It will be interesting to see how students react to the new policy. As noted on Slashdot, this appears to be a case where an organization other than the FCC is attempting to regulate the airwaves. The FCC has recently clarified that it 

Re: [WIRELESS-LAN] Fwd: [Wi-Fi Net News] University of Texas Forbids Independent Wi-Fi

[Frank Bulk - iNAME.com]

I found the answer, they are privately held:

http://www.utdallas.edu/utdgeneral/utdmaps/waterview.html
http://www.utdallas.edu/student/slife/housing/
http://www.utdallas.edu/student/slife/housing/general/
 
Frank>>> "Frank Bulk - iNAME.com" <[EMAIL PROTECTED]> Thursday, September 09, 2004 8:37:19 pm >>>

Someone from resnet-l listserv posted a good response on this.  The only question I have left is if the Waterview apartments are leased or if they are dormitory housing.
 
##
I have found ACUTA (Association of College and UniversityTelecommunications Administrators) to be exceptionally helpful in thepast at recognizing and clarifying these regulation issues. SinceTelecommunications (in spite of "deregulation") has been historically alegally complex area they spend a lot of time and effort lobbying andclarifying various issues. I think you will find this excerpt from theSeptember ACUTA Newsletter especially helpful:
 
=>From ACUTA Headquarters - Jeri Semer, CAEACUTA Executive Director
 
FCC Clarifies OTARD Rules: College Dorm Exemption Still Applies=
 
On June 24, the Federal Communications Commission’s Office of Engineering and Technology (OET) issued a Public Notice (DA 04-1844) concerning the use of unlicensed devices (such as WiFi access points). The Public Notice stated that unlicensed devices are subject to the same consumer protections for the installation and use of consumer antennas under the FCC’s Over-the-Air Reception Devices (OTARD) rules as, for example, satellite TV dishes. The OTARD rules allow tenants to install such devices in areas subject to their exclusive use and control.
 
ACUTA immediately contacted the OET staff on this matter, due to our concern about the potentially negative impact of “rogue access points” on campus wireless networks. The FCC had stated in a previous Order that campus dormitory housing is exempt from the OTARD rules, because it is not a typical residential lease situation. Through our attorney, we contacted the OET staff to express our concerns regarding the Public Notice, and to seek clarification that the exemption for college dorms was applicable to unlicensed devices.
 
We are pleased to report the OET staff response that, “…the Public Notice does not change prior Commission interpretations of the extent to which college dormitories are, or are not, covered for a particular customer antenna installation.”
 
Thus, colleges and universities may continue to legally prohibit students residing in campus dormitories from placing unauthorized antennas for licensed services (such as broadcast or satellite television) or unlicensed services (such as WiFi).
 
However, in cases where the institution enters into an actual lease of residential property (such as student apartments or faculty homes), the exemption does not apply. In such cases, the resident would have the right to place antennas within their leased property.
 
ACUTA continues to carefully watch FCC actions, report on important developments, and represent your interests. Feel free to contact me at [EMAIL PROTECTED] if you have questions about this or other matters.
 

 
The full text of the newsletter is available in HTML form at:http://www.acuta.org/relation/DownloadFile.cfm?DocNum=965 or in PDF form at:http://www.acuta.org/relation/DownloadFile.cfm?DocNum=964 
 
--David P. AllenAsst. Dir., Network & Communication SystemsPacific Lutheran University##########
Regards,
 
Frank Bulk
>>> "Frank Bulk - iNAME.com" <[EMAIL PROTECTED]> Thursday, September 09, 2004 2:05:00 pm >>>

My reading of the FCC document leads me to things that student residence halls and dormitories are exempt from the FCC's recent clarification.  Housing is not leased in such a way as the student owns it, rather, it's rented.  In fact, it seems that most schools reserve the right to enter the premises at any time.  That seems to put student housing on a different level than TGI Friday's in Chicago's O'Hare Airport.
 
Are there any other schools that have discussed this issue with their legal department, and arrived at an interpretation?
 
Regards,
 
Frank>>> [EMAIL PROTECTED] Thursday, September 09, 2004 1:18:32 PM >>>By Nancy GohringSpecial to Wi-Fi Networking NewsPermanently archived item < http://wifinetnews.com/archives/004124.html >[1] The University of Texas at Dallas has instituted a new policy that forbids students from setting up their own Wi-Fi networks: The university says the many independent networks cause problems for students trying to connect to the university provided wireless network. I'd like to know why so many students are setting up their own hotspots if the university offers free access--perhaps the un

Interview about the OPEN1X project

[Frank Bulk - iNAME.com]

About our own Chris Hessing's work
http://www.macdevcenter.com/pub/a/mac/2004/09/21/open1x.html
 
Frank
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Vanderbilt Residential Housing RFI

[Frank Bulk - iNAME.com]

I guess what my concern is that if you make 48 Mbps your minimum rate you'll need an access point in each room. ;)
Even at 36 Mbps, I'm guessing an AP in every second or third room.
 
VoWLAN can be accomplished via several means.  One way is to use one band for it, ie 802.11a for voice, and then 802.11b/g for data.  
 
Another way is to enable QoS.  The reality is that Cisco phones can handle only 6 or 7 active calls per 802.11b/g AP, and the Spectralink phones about 10 to 12 calls.  A G.711 call takes only 70 to 80 kbps on the wired Ethernet side, and if you add the overhead of the larger 802.11 frames, ACKs, etc, it's in the low hundreds of kbps per media flow (two flows per phone, of course, one upstream and one downstream).  RF contention is the issue rather than bandwidth as more phones are added.  When 802.11e is ratified it should include scheduling, which WMM does not have, which should allow for higher handset densities.  In the meantime, Meru Networks claims that with their own unique scheduling algorithms they have the ability to increase the density of handsets by at least 5x.
 
Frank>>> "John J. Brassil" <[EMAIL PROTECTED]> Saturday, October 30, 2004 4:06:39 PM >>>That's pretty much what I'm shooting for - if we need to relax to 36 mpbsin a few spots to save another AP that's fine, but if figure if we're goingto support VoFi we're going to need that kind of density/bandwidth anyway.--On Friday, October 29, 2004 11:14 PM -0500 Frank Bulk < [EMAIL PROTECTED] >wrote:>> Do you think asking for 48 Mbps as a minimum rate for 802.11a/g is> reasonable? My experience is that you really need to be within a few> feet of the AP or in direct LOS to get those rates.>> Kind regards,>> FrankJohn J. Brassil | Network Engineer, Vanderbilt Data/Video Engineeringvoice 615.322.2496 | ICQ 9660375**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Vanderbilt Residential Housing RFI

[Frank Bulk - iNAME.com]

John:
 
I'm impressed that you get the higher rates that you do, but drywall likely helps a lot.  When you mention the 60 to 80 foot radius, what do you consider the higher 11a date rates to be?  24 and up?
 
I know of one other Meru implementation at a university, but they are not on this listserv.  Another school using Meru is Auburn University Engineering School and SUNY Stony Brook, but again, I don't think they are on this listserv, either.
 
Anyone else out there want to share who your wireless vendors are?  I've heard a lot about Chantry, Cisco, Enterasys, Proxim and some of Airespace, but not Legra, Aruba, Foundry, or Extreme.
 
Frank>>> "John J. Brassil" <[EMAIL PROTECTED]> Sunday, October 31, 2004 12:27:46 PM >>>--On Saturday, October 30, 2004 6:55 PM -0500 Frank Bulk < [EMAIL PROTECTED] >wrote:> I guess what my concern is that if you make 48 Mbps your minimum rate> you'll need an access point in each room. ;)> Even at 36 Mbps, I'm guessing an AP in every second or third room.We've got about 50 a/g APs on campus - our Law and Business schools areboth seamless a/g environments, although there are some places in eachbuilding where's there's only g or even in a few spots just b. But in allthe areas people actually use the stuff, we're soaking them with bothmicrowave flavors. With interior drywall construction you can still hit adecent 60-80 foot radius at high 11a data rates, masonry interiors arepretty much line of sight.>> VoWLAN can be accomplished via several means. One way is to use one> band for it, ie 802.11a for voice, and then 802.11b/g for data.>> Another way is to enable QoS. The reality is that Cisco phones can> handle only 6 or 7 active calls per AP, and the Spectralink phones about> 10 to 12 calls. A G.711 call takes only 70 to 80 kbps on the wired> Ethernet side, and if you add the overhead of 802.11 frames, ACKs, etc,> it's around 120 to 150 kbps per media flow (two per phone, of course,> one upstream and one downstream). RF contention is the issue rather> than bandwidth as more phones are added. When 802.11e is ratified it> should include scheduling, which WMM does not have, which should allow> for higher handset densities. In the meantime, Meru Networks claims> that with their own unique scheduling algorithms they have the ability> to increase the density of handsets by at least 5x.Yeah, I've see all this stuff in the trades and I know for a fact Meru isgoing to respond to our RFI, so it will be interesting to see what peopleand they in particular come up with.So if you haven't guessed by now, my design philosophy is lots of smallhigh-speed cells wherever and whenever possible. We fixed all our 11bcells at 11mpbs in keeping with that approach and it's worked pretty wellfor us.JohnJohn J. Brassil | Network Engineer, Vanderbilt Data/Video Engineeringvoice 615.322.2496 | ICQ 9660375**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educauseedu/groups/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLSM- Anyone tried it?

[Frank Bulk - iNAME.com]

According to the documentation found here:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00802252ba.html#wp1002247
it only works with the 1100 and 1200 series APs.
 
Frank>>> [EMAIL PROTECTED] Monday, December 20, 2004 9:48:05 AM >>>Will the WLSM work with 350 series access points?Michael HiznyAssistant Director of NetworkingBinghamton University607-777-4739 (voice)607-777-4009 (fax)[EMAIL PROTECTED] -Original Message-From: 802.11 wireless issues listserv[mailto:[EMAIL PROTECTED] On Behalf Of Michael DicksonSent: Friday, December 17, 2004 4:14 PMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco WLSM- Anyone tried it?Lee, do you use WLSE to discover and monitor switches? We only use itfor AP's here. CWSI handles the switches and routers.Mike***Michael Dickson Phone: 413-545-9639Network Analyst Fax: 413-545-3203University of Massachusetts Email: [EMAIL PROTECTED] Network Systems and Services***Lee Badman wrote:> Todd->> Thanks for the response- the WLSE is administrative (we have it, too-> works great), but the WLSM is Cisco's version of a "wireless switch"-a> router blade that services some 300 APs per blade, does things like> secure L3 roaming and the like- kinda like Cisco's answer to Airespace> and Aruba doing "wireless switches"- only been out around 6 or 7months-> hence my interest in anyone's experiences with WLSM- not WLSE.>> By the way- WLSE is at 2.9 now. 2.9.1 coming in January, which will> discover 3560 switches...>> Lee>> [EMAIL PROTECTED] 12/17/2004 3:18:04 PM > We have used both the 1105 and traded it in on an 1130. For Managing> a> large number of Cisco APs it has been wonderful. I am able to make> software upgrades and configuration changes easy.>> todd>> Todd Joyce> Network Services> Radford University - Investing In Lifeimes> [EMAIL PROTECTED] > (540) 831->> There are 336 dimples on a golf ball> -Original Message-> From: 802.11 wireless issues listserv> [mailto:[EMAIL PROTECTED] On Behalf Of Lee Badman> Sent: Friday, December 17, 2004 11:41 AM> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Cisco WLSM- Anyone tried it?>> Looking for any feedback on this relative newcomer to Cisco wireless> environments.>> Lee Badman>> Lee H. Badman> CWSP, CWNA (CWNP011288)> Network Engineer> Computing and Media Services (NSS)> 250 Machinery Hall> Syracuse University> Syracuse, NY 13244> (315) 443-3003 Voice> (315) 443-1621 Fax>> **> Participation and subscription information for this EDUCAUSE> Constituent> Group discussion list can be found at http://www.educause.edu/groups/ .>> **> Participation and subscription information for this EDUCAUSE> Constituent Group discussion list can be found at> http://www.educause.edu/groups/ .>> **> Participation and subscription information for this EDUCAUSEConstituent Group discussion list can be found athttp://www.educause.edu/groups/ .**Participation and subscription information for this EDUCAUSE ConstituentGroup discussion list can be found at http://www.educause.edu/groups/ .**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless Management

[Frank Bulk - iNAME.com]

The 'brains', if I understand what you are describing, are already offered by the wireless switch vendors.  They are past L2-roaming and on to L3-roaming, and if you use Cisco's stuff with CCKM, you'll get fast secure L3 roaming.  
 
How big is everyone's L2 wireless domain getting?  The nice thing about identity-based access, which Airespace, Aruba, and Trapeze all offer to different extents, is that wireless users can use just a single SSID, but based on a RADIUS attribute be put into a specific VLAN.  That offers some managment advantages over creating separate SSIDs for every department.  But I'm still in accord that a separate (and broadcasted) guest/visitory SSID is appropriate.
 
Regards,
 
Frank
>>> [EMAIL PROTECTED] Monday, December 20, 2004 12:29:22 PM >>>
 

beyond AP management:The idea came from the fact that we didn't want an in-line deviceon our flashy new GigE/10GigE network and most of the usefulcapabilities that PC-Gateways (ver, Blue, Rov, Per/Cis...) provide can beenabled with the combination of smart-APs, switches and routers, OFF-Line!(OFF-Line in this context refers to no-addition of a extra BOX betweenusers and routers)A "brain to control it" is required, a central server that collectsstats on APs, on DHCP, on LDAP, on Switches, in ARPs...correlates allthat and takes action (ACL on routers, RADIUS-MAC, deny MACson Switches, RADIUS-802.1x etc.)The action will be IN-Line but fromdevices that have ASICS designed for that purpose and that we already paidfor. A "standard WLSM" sort of speak...without the GRE tunnels though!It doesn't fix IP-Mobility, but again, routers should take care of that(Cisco has things like Mobile IP, Mobile ARP...)And about Mobility, at UTK, I will try a different concept:Our gigantic layer2 domain for Wireless is getting too big, no doubt.Instead of chopping it in geographic subnets, we will try to chop it inSSIDs subnets, in order to limit the geographical division and providedecent layer2 roaming.One SSID for 802.1x, one for visitors and registration with limitedaccess, one for MAC-Radius authentication, and one for VoIP (with QoSon APs)What happens when everyone uses 802.1x, back to square 1?Season's Greetings to all of you,Philippe HansetUniv. of TNOn Fri, 17 Dec 2004, Cal Frye wrote:> Mike,> We're an Enterasys shop, too, and just installed Perfigo over the summer. I'm> also a bit nervous but remain optimistic regarding the Perfigo/Cisco> relationship. I've now heard two Cisco reps claim their attraction to Perfigo> stems from the ability to manage user authentication in a platform-neutral> manner, i.e. they can sell to non-Cisco shops. We'll see what that means in the> long run, but in the near-term, they're saying all the right things I want to hear.>> --Cal Frye, Network Administrator, Oberlin College> www.ouuf.org , www.calfrye.com >> "News is what somebody somewhere doesn't want you to know. Everything else> is just publicity." -- Lord North.>>> Ruiz, Mike wrote:> > We have recommended that we implement a central gatekeeper and> > originally chose Perfigo to provide that service for wired and wireless> > ports (via MAC Auth and 802.1x) but in a non-inline solution using port> > authentication. With the acquisition of Perfigo by Cisco I am concerned> > and while I am currently holding steadfast on the choice we shall see> > what happens as we approach the summer.>> **> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ .>**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ .
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Access On Wireless

[Frank Bulk - iNAME.com]

With Cisco's APs you can only broadcast one SSID, and you only have one BSSID.  It's in situations like you are describing that this becomes a weakness in comparison to vendors such as Airespace, Aruba, Symbol, Trapeze, etc that support multiple BSSIDs.
 
Frank>>> Robinson, Ronald<[EMAIL PROTECTED]> Tuesday, January 04, 2005 2:38:30 PM >>>
Phil,On your "guest" vlan are you able to use broadcast SSID?I have been prototyping this same scenario for implementation here, butfind that I need to have the encrypted vlan SSID set to broadcast inorder for 802.1x to function properly.  Am I missing something?--Ron Robinson, Network Architect, Bradley University1501 West Bradley Ave.  |   E-Mail: [EMAIL PROTECTED]Morgan Hall Room 205F   |   Phone:  (309) 677-3350Peoria, Illinois 61625  |   FAX:    (309) 677-3460-Original Message-From: 802.11 wireless issues listserv[mailto:[EMAIL PROTECTED] On Behalf Of Phil TrivilinoSent: Tuesday, January 04, 2005 1:45 PMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Guest Access On WirelessSt. Lawrence has, just, implemented a wireless vlan infrastructure usingCisco 1200 series APs, 802.1x with Verisign Cert. on MS IAS andAuthentication on MS Active Directory.  Working great - our "guest" vlanand access is set to be the same as someone might have from a cableconnection in their home.  Basically, internet access with a fewexceptions.  The guest vlan requires no authentication and offers noencryption.  This system is only available (with no client softwarerequirements) to Win-XP and MAC OS-X 10.3 clients.  That covers all ofour users anyway.  The other vlans are set for authentication andencryption. Phil**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Mobilepipeline: Big WLAN on Campus

[Frank Bulk - iNAME.com]

A worthwhile read about university wireless:
http://www.mobilepipeline.com/56900296
 
Glenn hits all the relevant issues about lack of device control, flexibility, and heterogeneity.  No mention was made of wireless switch players, so either this hasn't take hold in the higher-ed sector, or they were inadvertently missed or unstated.
 
Regards,
 
Frank Bulk
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Access On Wireless

[Frank Bulk - iNAME.com]

By 'user' security, do you mean on a per IP address, or dynamically tied back to an authenticated session?  That's what Aruba Wireless' system seems to do more clearly than most others.
 
Frank>>> Ruiz, Mike<[EMAIL PROTECTED]> Wednesday, January 05, 2005 8:25:05 AM >>>
I would add to this discussion that Enterasys R2 and the upcoming newrelease support multiple user policies on a single SSID.  Also the system from Meru Networks supports multiple SSID and BSSID'sbut doesn't do the user security policy yet, it leaves that to thenetwork/router ACLS or policy settings.mike--Michael RuizNetwork and Enterprise Systems EngineerHobart and William Smith CollegesInformation TechnologyP 315-781-3711 F 315-781-3409-HWS Faculty, Staff, Students and AlumsCan purchase technology online and with an HWS DISCOUNT!http://www.cdwg.com/hws-Original Message-From: 802.11 wireless issues listserv[mailto:[EMAIL PROTECTED] On Behalf Of Jonn MartellSent: Wednesday, January 05, 2005 9:22 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Guest Access On WirelessThe latest hardware and software supports multiple BSSIDs (up to 16).They have finally corrected this although there might be some issueswith QOS. The software revision is from last month and you need to havethe more recent radios to support this feature.We broadcast out main SSID (used by guests) and plan to startbroadcasting our WPA/PEAP SSID Jonn Martell, UBC, Manager IT and Network StrategyFrank Bulk - iNAME.com wrote:>With Cisco's APs you can only broadcast one SSID, and you only have oneBSSID.>It's in situations like you are describing that this becomes a weaknessin>comparison to vendors such as Airespace, Aruba, Symbol, Trapeze, etcthat>support multiple BSSIDs.>>Frank>> >>> Robinson, Ronald<[EMAIL PROTECTED]> Tuesday, January 04, 20052:38:30>PM Phil,>>On your "guest" vlan are you able to use broadcast SSID?>>I have been prototyping this same scenario for implementation here, but>find that I need to have the encrypted vlan SSID set to broadcast in>order for 802.1x to function properly.  Am I missing something?>>-->Ron Robinson, Network Architect, Bradley University>>1501 West Bradley Ave.  |   E-Mail: [EMAIL PROTECTED]>Morgan Hall Room 205F   |   Phone:  (309) 677-3350>Peoria, Illinois 61625  |   FAX:    (309) 677-3460>>>-Original Message->From: 802.11 wireless issues listserv>[mailto:[EMAIL PROTECTED] On Behalf Of Phil Trivilino>Sent: Tuesday, January 04, 2005 1:45 PM>To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>Subject: Re: [WIRELESS-LAN] Guest Access On Wireless>>>St. Lawrence has, just, implemented a wireless vlan infrastructureusing>Cisco 1200 series APs, 802.1x with Verisign Cert. on MS IAS and>Authentication on MS Active Directory.  Working great - our "guest"vlan>and access is set to be the same as someone might have from a cable>connection in their home.  Basically, internet access with a few>exceptions.  The guest vlan requires no authentication and offers no>encryption.  This system is only available (with no client software>requirements) to Win-XP and MAC OS-X 10.3 clients.  That covers all of>our users anyway.  The other vlans are set for authentication and>encryption. Phil>>**>Participation and subscription information for this EDUCAUSEConstituent Group>discussion list can be found at http://www.educause.edu/groups/.>** Participation and subscription information for this EDUCAUSE>Constituent Group discussion list can be found athttp://www.educause.edu/groups/.>>**Participation and subscription information for this EDUCAUSE ConstituentGroup discussion list can be found at http://www.educause.edu/groups/.**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Single mode/single fiber connectivity options?

[Frank Bulk - iName.com]

I know that a service provider vendor, Calix, also has a GBIC to do this.

It's not an uncommon thing to do anymore.

Frank

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of acarl...@hot.rr.com
Sent: Friday, January 16, 2009 11:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Single mode/single fiber connectivity options?

Hi,

I need to connect a building to our campus that is about 5-6 miles away. We
will be leasing a single mode fiber connection to the location, and
connecting a Cisco 3750 stack back to our Core 6509. Using a single fiber
instead of a dual fiber connection will save us $12,000/yr.

In looking of ways to do this (connecting GBIC in the core to the SFP in
the 3750), I came accross the following:

http://www.championone.net/pdfs2/SingleFiber40km.pdf

They have a single mode/single fiber GBIC that can connect to their single
mode/single fiber SFP. I called the company, and they said the applicaiton
should work, we would just need to add an antenuator to the fiber
connection since it is rated for 40 km.

Has anyone used this company, or have other ways of making this connection.

Thanks,
Alan Carlson


mail2web LIVE - Free email based on MicrosoftR Exchange technology -
http://link.mail2web.com/LIVE

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Seeking recommendation for wireless bridge product

[Frank Bulk - iName.com]

I second the QuickBridge.  The Alvarion B-series of products should be looked 
at, too.

 

Frank

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Wednesday, March 11, 2009 8:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Seeking recommendation for wireless bridge product

 

Lih-Er,

We have used the Proxim Tsunami Quickbridge product for some time now and are 
very happy with it.  However, it's going to cost you at least twice what you 
have budgeted.

- Original Message -
From: "Lih-Er Wey" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, March 10, 2009 5:54:41 PM GMT -05:00 US/Canada Eastern
Subject: [WIRELESS-LAN] Seeking recommendation for wireless bridge product




I need to bring network to a structure (2-story) in a field from a building 
(about 1000 feet away, 7-story).

It does not need high bandwidth. I would like to hear any product 
recommendation from you.

The budget range is under a $1000 for a pair of wireless bridge. I am more 
concern about the reliability and security sides

of the product.

By the way, does anyone have experience with NanoStation5 from Ubiquiti 
network?  It is quite inexpensive ($160 a pair).

Thanks!

Lih-Er Wey

Wireless Project, Network Management

Academic Technology Services

Michigan State University

 

__ Information from ESET NOD32 Antivirus, version of virus signature 
database 3924 (20090310) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.