Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

I've read anecdotal accounts that some NIC drivers default to 00:11:22:33:44:55 
when an error occurs or when it's unable to determine/set the true Mac address, 
I didn't think that parallels would generate a fake nic though..

---
Justin Hao

On Sep 28, 2010, at 2:39 PM, "Hanset, Philippe C"  wrote:

> One more piece of info on the 00:11:22:33:44:55 weirdness:
> 
> We have a user registered in NetReg with MAC address 00:11:22:33:44:55,
> It is an Imac and was registered on our network in Parallels (browser 
> reference
> is Windows NT 6.1).
> 
> I wonder how many of these strange MAC addresses are generated by virtual 
> environments?
> 
> On Sep 28, 2010, at 11:11 AM, Jeff Wolfe wrote:
> 
>> We tracked one down yesterday and it turned out to be a Windows Mobile phone 
>> running Android. Decidedly not a MAC.. :)
>> 
>> -JEff
>> 
>> 
>> On 9/28/10 10:44 AM, Andrew Clark wrote:
>>> I'm seeing them here at the University of Minnesota as well.  Thanks
>>> for the heads-up!  I'll see what I can discover once I can get a hold
>>> of one of these clients.
>>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

keep in mind that in airwave, the clients are uniquely identified by their mac 
address, so you'll need to check if multiple usernames show up associated to 
this single mac address, if this is the case, most likely it is multiple 
clients with either a manually configured mac address (due to WEP sniffing 
guides on the internet) or with possibly defective wireless NICs.

Airwave (and other monitoring systems) won't be able to show you the "real" 
manufacturer because they're only performing a standard oui lookup on the first 
3 octet.  what James (YorkU) did is the next logical step in trying to identify 
these clients by other metrics (hostname, useragent, etc) depending on how much 
time and interest you have in this.

We've seen at least 4 users all claiming to be 00:11:22:33:44:55 in the past 
week and we're internally discussing options on how to deal with this issue.

-
Justin Hao
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu<mailto:j...@austin.utexas.edu>
-

On Sep 27, 2010, at 9:10 AM, Holland, Ryan C. wrote:

I will second that. I, too, am seeing one client with this mac address, 
reported the same way via Airwave as CIMSYS Inc.

==
Ryan Holland
Network Engineer, Wireless
Office of the Chief Information Officer
The Ohio State University
614-292-9906   holland@osu.edu<mailto:holland@osu.edu>

On Sep 27, 2010, at 9:39 AM, Michael Dickson wrote:

Fascinating. We have one user on campus so far with this address:

00:11:22:33:44:55
Vendor (reported by Airwave): CIMSYS Inc

For Macbooks, the vendor is typically reported as Apple or Apple,Inc.

Mike


Michael Dickson 413.545.9639
Network Analyst Univ. of Massachusetts Amherst


On 9/26/2010 11:34 PM, Watters, John wrote:
I have 7 or 8  machines with this MAC address  on our campus. Is it possible 
that Apple did something not nice with the MAC addresses in the MacBooks? We 
will try to track some of them down, but it won't be easy even using the 
block-it-nd-they-will-come method.

-jcw


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Cortes, Diana 
[dcor...@miami.edu]
Sent: Friday, September 24, 2010 4:17 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

Thought I'd share some interesting news... The student was able to recover
the box where her Macbook Pro came in and indeed the Airport ID printed on
the box is 00:11:22:33:44:55

Diana Cortes, CISSP, CWNA
University of Miami
IT - Telecommunications


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Williams
Sent: Monday, September 20, 2010 7:19 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

Not sure if there is software out there for the mac to change this
automatically, if you just do an "ifconfig en1 ether xx:xx:xx:xx:xx:xx", the
mac address will change, but ONLY stay until you reboot the machine, then it
changes back.  You have to put that command into  a script under
/system/library/starupitems/ and then run
sudo chmod 700 script.sh
sudo defaults write com.apple.loginwindow LoginHook
/System/Library/StartupItems/script.sh

to get it to stick permanently.  So it seems to me like people are probably
doing this intentionally.

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
greg.willi...@uccs.edu<mailto:greg.willi...@uccs.edu>


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C
Sent: Monday, September 20, 2010 4:34 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

it does show up occasionally, and as far as i can tell, this is because
users are following on-line tutorials for cracking WEP passwords (several of
them reference changing your mac interface to "00:11:22:33:44:55" manually
in the instructions to setup traffic sniffing.  If your users are using
these on a production network you may want to follow up as they may have
inadvertently changed their mac address and have no realized they need to
change it back.

or you could be mischievous and block that mac address completely and let
them come forwards to have their machine fixed.  I don't believe this is a
bug, but more user-inflicted.

-
Justin Hao
CCNA
Network Engineer, ITS Networking
The Universit

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

I just found an old apple discussion thread from 2008 where another user claims 
he received this Mac straight from the factory

http://discussions.apple.com/thread.jspa?threadID=1775581

This could be some kind of manufacturing defect? Unless by chance your user has 
the exact MacBook mentioned in the thread

--- 
Justin Hao

On Sep 24, 2010, at 4:17 PM, "Cortes, Diana"  wrote:

> Thought I'd share some interesting news... The student was able to recover
> the box where her Macbook Pro came in and indeed the Airport ID printed on
> the box is 00:11:22:33:44:55
> 
> Diana Cortes, CISSP, CWNA
> University of Miami
> IT - Telecommunications
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Williams
> Sent: Monday, September 20, 2010 7:19 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
> 
> Not sure if there is software out there for the mac to change this
> automatically, if you just do an "ifconfig en1 ether xx:xx:xx:xx:xx:xx", the
> mac address will change, but ONLY stay until you reboot the machine, then it
> changes back.  You have to put that command into  a script under
> /system/library/starupitems/ and then run 
> sudo chmod 700 script.sh
> sudo defaults write com.apple.loginwindow LoginHook
> /System/Library/StartupItems/script.sh
> 
> to get it to stick permanently.  So it seems to me like people are probably
> doing this intentionally.   
> 
> Greg Williams
> IT Security Principal
> University of Colorado at Colorado Springs
> greg.willi...@uccs.edu
> 
> 
> -Original Message-----
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C
> Sent: Monday, September 20, 2010 4:34 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
> 
> it does show up occasionally, and as far as i can tell, this is because
> users are following on-line tutorials for cracking WEP passwords (several of
> them reference changing your mac interface to "00:11:22:33:44:55" manually
> in the instructions to setup traffic sniffing.  If your users are using
> these on a production network you may want to follow up as they may have
> inadvertently changed their mac address and have no realized they need to
> change it back.
> 
> or you could be mischievous and block that mac address completely and let
> them come forwards to have their machine fixed.  I don't believe this is a
> bug, but more user-inflicted.
> 
> -
> Justin Hao 
> CCNA
> Network Engineer, ITS Networking
> The University of Texas at Austin
> j...@austin.utexas.edu
> -
> 
> On Sep 20, 2010, at 5:21 PM, Cortes, Diana wrote:
> 
>> Has anyone encountered any Macbooks with the following MAC addresses:
> 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2 on
> our campus already with the exact same MAC address.
>> 
>> Thank you,
>> 
>> Diana Cortes, CISSP, CWNA
>> University of MIami
>> IT-Telecommunications
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

That's really odd, apple supposedly doesn't own 00:11:22 as an oui, they do own 
00:11:24.. This is drawn from the IEEE.org oui lookup btw. 

---
Justin Hao

On Sep 24, 2010, at 4:17 PM, "Cortes, Diana"  wrote:

> Thought I'd share some interesting news... The student was able to recover
> the box where her Macbook Pro came in and indeed the Airport ID printed on
> the box is 00:11:22:33:44:55
> 
> Diana Cortes, CISSP, CWNA
> University of Miami
> IT - Telecommunications
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Greg Williams
> Sent: Monday, September 20, 2010 7:19 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
> 
> Not sure if there is software out there for the mac to change this
> automatically, if you just do an "ifconfig en1 ether xx:xx:xx:xx:xx:xx", the
> mac address will change, but ONLY stay until you reboot the machine, then it
> changes back.  You have to put that command into  a script under
> /system/library/starupitems/ and then run 
> sudo chmod 700 script.sh
> sudo defaults write com.apple.loginwindow LoginHook
> /System/Library/StartupItems/script.sh
> 
> to get it to stick permanently.  So it seems to me like people are probably
> doing this intentionally.   
> 
> Greg Williams
> IT Security Principal
> University of Colorado at Colorado Springs
> greg.willi...@uccs.edu
> 
> 
> -Original Message-----
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C
> Sent: Monday, September 20, 2010 4:34 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
> 
> it does show up occasionally, and as far as i can tell, this is because
> users are following on-line tutorials for cracking WEP passwords (several of
> them reference changing your mac interface to "00:11:22:33:44:55" manually
> in the instructions to setup traffic sniffing.  If your users are using
> these on a production network you may want to follow up as they may have
> inadvertently changed their mac address and have no realized they need to
> change it back.
> 
> or you could be mischievous and block that mac address completely and let
> them come forwards to have their machine fixed.  I don't believe this is a
> bug, but more user-inflicted.
> 
> -
> Justin Hao 
> CCNA
> Network Engineer, ITS Networking
> The University of Texas at Austin
> j...@austin.utexas.edu
> -
> 
> On Sep 20, 2010, at 5:21 PM, Cortes, Diana wrote:
> 
>> Has anyone encountered any Macbooks with the following MAC addresses:
> 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2 on
> our campus already with the exact same MAC address.
>> 
>> Thank you,
>> 
>> Diana Cortes, CISSP, CWNA
>> University of MIami
>> IT-Telecommunications
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Help on remote sensor data capturing

[Hao, Justin C]

the lack of power is probably your biggest challenge, a similar project I 
assisted with in the past involved data collection at remote sites using at&t 
cellular edge/3g connections riding a digikey vpn modem connection back to 
campus.. but the power.. maybe a large ups and a timer of some sort? how long 
does he need to monitor this location for? and how is his monitoring device 
planning on receiving it's power?

-Justin Hao
University of Texas at Austin

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Manuel Amaral 
[manuel.ama...@olin.edu]
Sent: Wednesday, September 22, 2010 5:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Help on remote sensor data capturing

I'm hoping someone can help identify some reasonable ideas for this.   One of 
our faculty members is working on a project where he needs to collect remote 
environmental data.  He needs to capture temperature and humidity readings at 
an outdoor location, with no power, roughly 1500 feet from campus.  Ideally, 
he'd like to be able to transmit the data back to campus wirelessly at least 
once a day where the data can be stored and made accessible via a website.  And 
he'd like to keep the costs relatively low.  Has anyone had any experience with 
something like this?

Manny
---
Manuel (Manny) Amaral
Associate Director, Information Technology
Franklin W. Olin College of Engineering
Direct:   781-292-2433


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

it is highly unlikely that the original mac address on the box is 
00:11:22:33:44:55 as this block belongs to CIMsys which is a korean company 
that produces wireless adapters for analog/serial conversion/relay as well as 
wireless repeaters and zigbee APs.  They don't produce wireless adapters/cards 
for computers as far as i can tell, and is even more unlikely to be the 
manufacturer of the wireless card of a macbook. (those are all atheros and 
broadcom i believe?)

-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Sep 20, 2010, at 6:02 PM, Cortes, Diana wrote:

> Thanks... we actually visited the student and saw that this was the MAC
> address configured on the system. The student also claims this is the MAC
> address on the box but we are still waiting to verify... (i.e. see the box)
> 
> Thanks for the feedback...
> 
> Diana
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C
> Sent: Monday, September 20, 2010 6:34 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses
> 
> it does show up occasionally, and as far as i can tell, this is because
> users are following on-line tutorials for cracking WEP passwords (several of
> them reference changing your mac interface to "00:11:22:33:44:55" manually
> in the instructions to setup traffic sniffing.  If your users are using
> these on a production network you may want to follow up as they may have
> inadvertently changed their mac address and have no realized they need to
> change it back.
> 
> or you could be mischievous and block that mac address completely and let
> them come forwards to have their machine fixed.  I don't believe this is a
> bug, but more user-inflicted.
> 
> -
> Justin Hao 
> CCNA
> Network Engineer, ITS Networking
> The University of Texas at Austin
> j...@austin.utexas.edu
> -
> 
> On Sep 20, 2010, at 5:21 PM, Cortes, Diana wrote:
> 
>> Has anyone encountered any Macbooks with the following MAC addresses:
> 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2 on
> our campus already with the exact same MAC address.
>> 
>> Thank you,
>> 
>> Diana Cortes, CISSP, CWNA
>> University of MIami
>> IT-Telecommunications
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

your wlc logs go back to may and june? wow.. our wlc logs barely contain 
information from the last hour much less a day or more.. heh (i'm assuming you 
have the logs pushed somewhere else for long term storage)

-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Sep 20, 2010, at 5:36 PM, Nick Kartsioukas wrote:

> On Mon, 20 Sep 2010 18:21:37 -0400, "Cortes, Diana" 
> said:
>> Has anyone encountered any Macbooks with the following MAC addresses:
>> 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2
>> on our campus already with the exact same MAC address.
> 
> That's the same MAC address I have on my luggage!
> 
> I just checked through all of our Cisco WLC logs, that address made
> several appearances in May and June of last year, but not since then.
> --
> Nick Kartsioukas
> Cuesta College Computer Services
> 805-546-3248
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Macbooks with odd Airport MAC addresses

[Hao, Justin C]

it does show up occasionally, and as far as i can tell, this is because users 
are following on-line tutorials for cracking WEP passwords (several of them 
reference changing your mac interface to "00:11:22:33:44:55" manually in the 
instructions to setup traffic sniffing.  If your users are using these on a 
production network you may want to follow up as they may have inadvertently 
changed their mac address and have no realized they need to change it back.

or you could be mischievous and block that mac address completely and let them 
come forwards to have their machine fixed.  I don't believe this is a bug, but 
more user-inflicted.

-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Sep 20, 2010, at 5:21 PM, Cortes, Diana wrote:

> Has anyone encountered any Macbooks with the following MAC addresses: 
> 00:11:22:33:44:55? We believe this may be an Apple bug as we have found 2 on 
> our campus already with the exact same MAC address.
> 
> Thank you,
> 
> Diana Cortes, CISSP, CWNA
> University of MIami
> IT-Telecommunications
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Size of LWAPP management subnet

[Hao, Justin C]

some other interesting documentation regarding the phasing out of layer 2 mode 
which seems to contradict itself, in 6.0.199.0 we noticed that the WAPs don't 
look for cisco-lwapp-controller anymore if cisco-capwap-controller doesn't 
respond. i would assume that if they took out the lwapp dns lookup, then they 
may have also removed the lwapp fallback completely.

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

"Note: After 60 seconds of trying to join a controller with CAPWAP, the access 
point falls back to using LWAPP. If it cannot find a controller using LWAPP 
within 60 seconds, it tries again to join a controller using CAPWAP. The access 
point repeats this cycle of switching from CAPWAP to LWAPP and back again every 
60 seconds until it joins a controller."



-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 30, 2010, at 2:56 PM, Mike King wrote:

> FYI,
> 
> Newer model AP's don't support Layer 2 mode..   More specifically,
> CAPWAP does not HAVE a layer 2 mode.  (So the 1140's are out)
> 
> I know for a fact the 1131 does not:
> http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
> (3/4 of the way down)
> 
> 
> On Mon, Aug 30, 2010 at 3:12 PM, Hao, Justin C  wrote:
>> a bit of reverse curiousity, how many *are* you running in a single 
>> broadcast domain? all of our WLCs and APs are in their own management 
>> subnets, i imagine WLC discovery is easier in your setup since a layer 2 
>> broadcast is all that's needed versus dhcp/43 or dns lookup. I think the 
>> airespace product was originally designed to only work in a layer 2 
>> environment so i imagine there's a pretty high limit already in the design..
>> -
>> Justin Hao
>> CCNA
>> Network Engineer, ITS Networking
>> The University of Texas at Austin
>> j...@austin.utexas.edu
>> -
>> 
>> On Aug 30, 2010, at 2:08 PM, Earl Barfield wrote:
>> 
>>> I'm curious about how many LWAPP access points and controllers my peers
>>> are running in a single vlan/broadcast domain?
>>> 
>>> Cisco engineers keep telling me that they recommend a maximum of 100
>>> APs in a subnet and to keep the WLCs on a different subnet/vlan from
>>> the LWAPP APs.  That would be a lot of router interfaces to setup in my
>>> environment.  Maybe that's their goal, eh?  :-)
>>> 
>>> We're still got the "one big vlan" model leftover from the thick AP
>>> days.  We've split up the user space into several smaller vlans/subnets
>>> depending on SSID, WPA vlan override, etc., but the management
>>> interfaces and WLCs are still in the "big ole' vlan" that spans all
>>> over campus.
>>> 
>>> This configuration has worked well for us.  The simplicity of it makes
>>> troubleshooting and switch management much easier.  The LWAPP network is
>>> back-end and has no router interface, only the APs, WiSMs, Airwave
>>> Management Platform have interfaces on it.
>>> 
>>> We're still running 5.2.193.0 code and starting to consider a migration
>>> path to the newer 7.0 WLC code.  My nightmare scenario is that the 7.0
>>> code introduces some additional latency sensitivity or multicast
>>> traffic or broadcast traffic that overwhelms our network and it all
>>> grinds to a halt.
>>> 
>>> I can't really get any usable advice from Cisco because their engineers
>>> tend to fall over when I tell them how many APs I'm running in a single
>>> broadcast domain.  :-)
>>> 
>>> Am I the only one still out here on this limb?
>>> 
>>> 
>>> --
>>> Earl Barfield -- Academic & Research Tech / Information Technology
>>> Georgia Institute of Technology, Atlanta Georgia, 30332
>>> Internet: earl.barfi...@oit.gatech.edue...@gatech.edu
>>> 
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent 
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Size of LWAPP management subnet

[Hao, Justin C]

a bit of reverse curiousity, how many *are* you running in a single broadcast 
domain? all of our WLCs and APs are in their own management subnets, i imagine 
WLC discovery is easier in your setup since a layer 2 broadcast is all that's 
needed versus dhcp/43 or dns lookup. I think the airespace product was 
originally designed to only work in a layer 2 environment so i imagine there's 
a pretty high limit already in the design.. 
-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 30, 2010, at 2:08 PM, Earl Barfield wrote:

> I'm curious about how many LWAPP access points and controllers my peers
> are running in a single vlan/broadcast domain?
> 
> Cisco engineers keep telling me that they recommend a maximum of 100
> APs in a subnet and to keep the WLCs on a different subnet/vlan from
> the LWAPP APs.  That would be a lot of router interfaces to setup in my
> environment.  Maybe that's their goal, eh?  :-)
> 
> We're still got the "one big vlan" model leftover from the thick AP
> days.  We've split up the user space into several smaller vlans/subnets
> depending on SSID, WPA vlan override, etc., but the management
> interfaces and WLCs are still in the "big ole' vlan" that spans all
> over campus.
> 
> This configuration has worked well for us.  The simplicity of it makes
> troubleshooting and switch management much easier.  The LWAPP network is 
> back-end and has no router interface, only the APs, WiSMs, Airwave 
> Management Platform have interfaces on it.
> 
> We're still running 5.2.193.0 code and starting to consider a migration
> path to the newer 7.0 WLC code.  My nightmare scenario is that the 7.0
> code introduces some additional latency sensitivity or multicast
> traffic or broadcast traffic that overwhelms our network and it all
> grinds to a halt.
> 
> I can't really get any usable advice from Cisco because their engineers
> tend to fall over when I tell them how many APs I'm running in a single
> broadcast domain.  :-)
> 
> Am I the only one still out here on this limb?
> 
> 
> -- 
> Earl Barfield -- Academic & Research Tech / Information Technology
> Georgia Institute of Technology, Atlanta Georgia, 30332
> Internet: earl.barfi...@oit.gatech.edue...@gatech.edu
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Campus WLAN Design Question

[Hao, Justin C]

I just noticed all the typos, thank you iPhone autocorrect.

---
Justin Hao

On Aug 27, 2010, at 1:02 PM, "Hao, Justin C"  wrote:

> So users roaming between ap groups will be tunneled I believe, I'd have to go 
> back to the documentation to give you the reference pages, but users should 
> not necessarily need to change ip arrested if it is a roaming event.  If they 
> have to do a full re-authentication or whatever reason run they would 
> probably be assigned a new address.
> 
> ---
> Justin Hao
> 
> On Aug 27, 2010, at 12:52 PM, "Anthony Grevich" 
>  wrote:
> 
>> Here is a quick diagram of the original WLAN layout for Floor 1.
>> 
>> 3 Different subnets / interfaces.
>> 
>> Now Floor 2 has only 1 10.0.x.0 /23 as Well as a single AP Group, for 
>> instance AP GROUP 4, which includes all APs installed upstairs.
>> 
>> All AP Groups broadcast the student WLAN.
>> 
>> If a student currently in the area of AP Group 3, gets an IP of 10.0.3.50 
>> and then  roams to any other AP GROUP, their IP must change and it is my 
>> assumption that any applications that maintain some sort of session would 
>> break.
>> 
>> Am I correct.
>> 
>> The changes I made are:
>> 
>> Create 1 /23 and add both 1st floor and 2nd floor APs to one AP Group, 
>> broadcasting the student WLAN.
>> 
>> I really appreciate the help,  if I am not including enough info or jumping 
>> around a bit, I’ve had like 3 cups of coffee.
>> 
>> Anthony Grevich | Network Administrator | Touro University Nevada
>> o: 702.777.3054
>> m: 702.371.9957
>> e: anthony.grevich[at]tun.touro.edu<mailto:anthony.grev...@tun.touro.edu>
>> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: 
>> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.:
>> CCNA | MCSE | CSCS | CHP
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 

Re: [WIRELESS-LAN] Campus WLAN Design Question

[Hao, Justin C]

It should be fine in his case as it is a single controller environment, so no 
rf group really.

---
Justin Hao

On Aug 27, 2010, at 1:10 PM, Dennis Xu  wrote:

> You also need to make sure the two APs involved in user roaming hand-off can 
> see each other as neighbors and they are controlled by the same RF group 
> leader. Otherwise users will change IP during roamings.
> 
> Dennis Xu
> Network Analyst
> Networking and Security Cluster
> Computing and Communication Services
> University of Guelph
> 5198244120 x 56217
> 
> - Original Message -
> From: "Justin C Hao" 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Sent: Friday, August 27, 2010 1:59:36 PM
> Subject: Re: [WIRELESS-LAN] Campus WLAN Design Question
> 
> So users roaming between ap groups will be tunneled I believe, I'd have to go 
> back to the documentation to give you the reference pages, but users should 
> not necessarily need to change ip arrested if it is a roaming event.  If they 
> have to do a full re-authentication or whatever reason run they would 
> probably be assigned a new address.
> 
> ---
> Justin Hao
> 
> On Aug 27, 2010, at 12:52 PM, "Anthony Grevich" 
>  wrote:
> 
>> Here is a quick diagram of the original WLAN layout for Floor 1.
>> 
>> 3 Different subnets / interfaces.
>> 
>> Now Floor 2 has only 1 10.0.x.0 /23 as Well as a single AP Group, for 
>> instance AP GROUP 4, which includes all APs installed upstairs.
>> 
>> All AP Groups broadcast the student WLAN.
>> 
>> If a student currently in the area of AP Group 3, gets an IP of 10.0.3.50 
>> and then  roams to any other AP GROUP, their IP must change and it is my 
>> assumption that any applications that maintain some sort of session would 
>> break.
>> 
>> Am I correct.
>> 
>> The changes I made are:
>> 
>> Create 1 /23 and add both 1st floor and 2nd floor APs to one AP Group, 
>> broadcasting the student WLAN.
>> 
>> I really appreciate the help,  if I am not including enough info or jumping 
>> around a bit, I’ve had like 3 cups of coffee.
>> 
>> Anthony Grevich | Network Administrator | Touro University Nevada
>> o: 702.777.3054
>> m: 702.371.9957
>> e: anthony.grevich[at]tun.touro.edu
>> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: 
>> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.:
>> CCNA | MCSE | CSCS | CHP
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Campus WLAN Design Question

[Hao, Justin C]

So users roaming between ap groups will be tunneled I believe, I'd have to go 
back to the documentation to give you the reference pages, but users should not 
necessarily need to change ip arrested if it is a roaming event.  If they have 
to do a full re-authentication or whatever reason run they would probably be 
assigned a new address.

---
Justin Hao

On Aug 27, 2010, at 12:52 PM, "Anthony Grevich"  
wrote:

> Here is a quick diagram of the original WLAN layout for Floor 1.
> 
> 3 Different subnets / interfaces.
> 
> Now Floor 2 has only 1 10.0.x.0 /23 as Well as a single AP Group, for 
> instance AP GROUP 4, which includes all APs installed upstairs.
> 
> All AP Groups broadcast the student WLAN.
> 
> If a student currently in the area of AP Group 3, gets an IP of 10.0.3.50 and 
> then  roams to any other AP GROUP, their IP must change and it is my 
> assumption that any applications that maintain some sort of session would 
> break.
> 
> Am I correct.
> 
> The changes I made are:
> 
> Create 1 /23 and add both 1st floor and 2nd floor APs to one AP Group, 
> broadcasting the student WLAN.
> 
> I really appreciate the help,  if I am not including enough info or jumping 
> around a bit, I’ve had like 3 cups of coffee.
> 
> Anthony Grevich | Network Administrator | Touro University Nevada
> o: 702.777.3054
> m: 702.371.9957
> e: anthony.grevich[at]tun.touro.edu
> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: 
> :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.:
> CCNA | MCSE | CSCS | CHP
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 

Re: [WIRELESS-LAN] Campus WLAN Design Question

[Hao, Justin C]

Howdy Anthony,

Your cisco controller should handle any layer 2/layer 3 roaming with it's own 
tunneling protocols, however this mostly applies to inter-controller roaming 
and not a single controller environment.  i assume you currently have a single 
WLAN/SSID with single/multiple subnets assigned?  if you have changed your 
design to a single WLAN/SSID/VLAN with a single /23 you should be able to add 
another /23 as a secondary interface on that vlan w/o any issues.  I am curious 
how you had your wlan vlan design configured before with a different set of 
subnets for the second vs the 1st floor if you were using a single SSID? or 
were you utilizing seperate WLANs per floor? we currently use /23 sized subnets 
with over 20 /23s on our largest WLAN/VLAN.. so i'm pretty sure you'd be ok 
with 2-4 /23s on a single wlan.

The cisco controller handles broadcasts to a certain extent by converting them 
to unicast, and in some cases filtering them completely.  You can also 
filter/drop/forward peer-to-peer(wireless client cross-communication, not the 
p2p filesharing we're accustomed to) via your controller configuration.

best of luck with your deployment, and if you have any other questions or 
comments, feel free to contact me.

-
Justin Hao
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 26, 2010, at 6:27 PM, Anthony Grevich wrote:

I’d first like to note that I have never designed a WLAN for a small to medium 
sized higher ed. campus.

With the disclaimer out of the way here is a list of hardware I am working with.

Also I may jump around a bit as well in this email.

1 Cisco 4402 (6.0 FW) and 39 Cisco 1142N LWAPs.

Our initial campus WLAN VLAN Design was segmented as such, covering specific 
areas of the building prior to me starting at this school:

1st Floor had 3 /23 networks shared by students and faculty
2nd Floor had 1 /23 network shared by students and faculty

4 different networks total.

Our goal is to have wireless coverage across our campus, which just happens to 
be 1, 2 story building, nothing too crazy.

We currently support around 500 WLAN users at a given time.

My initial thought was the VLAN / Subnet segmentation (having 4 subnets) would 
break roaming especially for services that depend on some kind of session 
maintenance.. for instance you could be in one /23 and roam into another 
(possibly sitting the same place, depending on signal strength), obviously 
changing your IP.

So what I did was get rid of all the /23 networks and replaced it with one /23, 
which also helped me simplify any type of ACL, 1 subnet instead of having 4.

Well now my concerns are:

1.   I am almost maxing out my scope and to try my best to avoid that made 
the lease times 2 hours, and it looks like I may need them shorter.
2.   With all users on 1 /23 what are the negative effects? Broadcast 
traffic is the first thing that comes to mind.

My questions are:

How does the Cisco handle roaming intra-controller between subnets for instance 
our original multi-subnet configuration?

What are the best practices for WLANs with a large amount of users, I know 500 
isn’t that many, but if I need to support more, do I modify that one subnet or 
add a second one and in a way revert to the way things were prior to my changes?

Thank you, I tried to comb the archives but didn’t find much.

Anthony Grevich | Network Administrator | Touro University Nevada
o: 702.777.3054
m: 702.371.9957
e: anthony.grevich[at]tun.touro.edu
:.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: :.: 
:.: :.: :.: :.: :.: :.: :.: :.: :.: :.:
CCNA | MCSE | CSCS | CHP

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] RRM on Cisco 7.0.98.0

[Hao, Justin C]

have you played with the "new" threshold settings?

-
Justin Hao
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 26, 2010, at 5:11 PM, Lee H Badman wrote:

Wondering if anyone else is seeing or thinking that the RRM in 7.0.98.0 might 
be too aggressively turning power down?

I have no hard proof, but a growing body of anecdotal evidence.

Thanks-

Lee

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Adjunct Instructor, iSchool
Syracuse University
315 443-3003



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips

[Hao, Justin C]

forgot to mention, this was with an cisco capwap AP 1142 running 6.0.199.0 code.

-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 25, 2010, at 4:29 PM, Hao, Justin C wrote:

> I ran into a similar issue today while troubleshooting in the field.  The 
> user was using an HP Pavilion dv5z-1000 model laptop with an Atheros AR5007 
> chipset.  The failure actually occurred after WPA2/EAP authentication and 
> during DHCP request/reply/offer.  What i saw in my logs was a DHCP offer that 
> was ignored/not responded to, and the client never completed DHCP, and after 
> a timeout period the controller deleted the client due to the DHCP offer 
> timeout which restarted the entire authentication process.
> 
> Updating the user's driver to the newest available on hp's website seemed to 
> have fixed the issue.  I don't have the version number for the failed driver, 
> but i do recall it was from 07/2008.  The "newest" driver is listed as 
> 2009-03-04 Version 3.00A from hp.com.  This was on Windows Vista 32-bit.
> 
> http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=2093&lc=en&cc=us&dlc=en&sw_lang=&product=3759541#N2434
> 
> -
> Justin Hao 
> CCNA
> Network Engineer, ITS Networking
> The University of Texas at Austin
> j...@austin.utexas.edu
> -
> 
> On Aug 23, 2010, at 7:56 AM, Schomer, Michael J. wrote:
> 
>> All,
>> 
>> The AR5007 chipset appears to be b/g only, not 5 GHz.  Not using DHCP proxy. 
>>  Tried ClientLink on and off.  Tried CleanAir on and off.  No difference.
>> 
>> -Mike
>> 
>> 
>> 
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
>> Sent: Sunday, August 22, 2010 7:28 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips
>> 
>> Another question- are you using DHCP proxy in the controllers?
>> 
>> -Lee Badman
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler 
>> [j...@scrippscollege.edu]
>> Sent: Sunday, August 22, 2010 7:47 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips
>> 
>> Mike,
>> 
>> 
>> Is this to both 802.11b and 802.11a? Do you have band steering enabled?
>> 
>> 
>> I've got a few 3500's in production so I'll test a AR5007 client on Monday.
>> 
>> 
>> Jeff
>> 
>>>>> "Schomer, Michael J."  08/22/10 12:22 PM >>>
>> Hi all,
>> 
>> I'm seeing a problem with Atheros AR5007 wireless chipsets and the new Cisco 
>> 3502i access points we put in our residence halls this summer.  AR5007 
>> clients are able to authenticate and associate to our WPA2/AES/802.1x 
>> network, but never receive an IP address.  Trying to connect to 
>> WPA/TKIP/802.1x fails to associate completely.  The same behavior can be 
>> seen when trying to connect to our WPA/WPA2/PSK network.  Open networks, 
>> such as our wireless portal, appear to be fine.  The clients connect fine to 
>> different model Cisco APs (1131, 1142, 1252) on the same WLC.  We are 
>> running WLC software version 7.0.98 (required by the 3500 series access 
>> points.)
>> 
>> It's move-in weekend for the residence halls and we are seeing a number of 
>> laptops with this chipset.
>> 
>> Anybody else have a similar environment noticing issues?
>> 
>> -Mike
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips

[Hao, Justin C]

I ran into a similar issue today while troubleshooting in the field.  The user 
was using an HP Pavilion dv5z-1000 model laptop with an Atheros AR5007 chipset. 
 The failure actually occurred after WPA2/EAP authentication and during DHCP 
request/reply/offer.  What i saw in my logs was a DHCP offer that was 
ignored/not responded to, and the client never completed DHCP, and after a 
timeout period the controller deleted the client due to the DHCP offer timeout 
which restarted the entire authentication process.

Updating the user's driver to the newest available on hp's website seemed to 
have fixed the issue.  I don't have the version number for the failed driver, 
but i do recall it was from 07/2008.  The "newest" driver is listed as 
2009-03-04 Version 3.00A from hp.com.  This was on Windows Vista 32-bit.

http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=2093&lc=en&cc=us&dlc=en&sw_lang=&product=3759541#N2434

-
Justin Hao 
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Aug 23, 2010, at 7:56 AM, Schomer, Michael J. wrote:

> All,
> 
> The AR5007 chipset appears to be b/g only, not 5 GHz.  Not using DHCP proxy.  
> Tried ClientLink on and off.  Tried CleanAir on and off.  No difference.
> 
> -Mike
> 
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
> Sent: Sunday, August 22, 2010 7:28 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips
> 
> Another question- are you using DHCP proxy in the controllers?
> 
> -Lee Badman
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [wireless-...@listserv.educause.edu] On Behalf Of Jeffrey Sessler 
> [j...@scrippscollege.edu]
> Sent: Sunday, August 22, 2010 7:47 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Cisco 3500 APs and Atheros AR5007 chips
> 
> Mike,
> 
> 
> Is this to both 802.11b and 802.11a? Do you have band steering enabled?
> 
> 
> I've got a few 3500's in production so I'll test a AR5007 client on Monday.
> 
> 
> Jeff
> 
 "Schomer, Michael J."  08/22/10 12:22 PM >>>
> Hi all,
> 
> I'm seeing a problem with Atheros AR5007 wireless chipsets and the new Cisco 
> 3502i access points we put in our residence halls this summer.  AR5007 
> clients are able to authenticate and associate to our WPA2/AES/802.1x 
> network, but never receive an IP address.  Trying to connect to 
> WPA/TKIP/802.1x fails to associate completely.  The same behavior can be seen 
> when trying to connect to our WPA/WPA2/PSK network.  Open networks, such as 
> our wireless portal, appear to be fine.  The clients connect fine to 
> different model Cisco APs (1131, 1142, 1252) on the same WLC.  We are running 
> WLC software version 7.0.98 (required by the 3500 series access points.)
> 
> It's move-in weekend for the residence halls and we are seeing a number of 
> laptops with this chipset.
> 
> Anybody else have a similar environment noticing issues?
> 
> -Mike
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLAN Authentication

[Hao, Justin C]

WPA/WPA2 802.1x authentication is now pretty widely recommended/required by a 
growing number of institutions.

Web-based authentication is a method for guest/temporary access on open access 
ssids.

and VPN based authentication was a "secure" access solution in the "olden" days 
of open ssids/PSK.

I would say WPA/WPA2 802.1x is the road most people are on as it provides 
numerous advantages over web-based authentication/vpn tunneling.

-
Justin Hao
CCNA
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

On Jul 14, 2010, at 6:14 PM, Perry Mizota wrote:


I am doing research on behalf of a Silicon Valley-based startup company that is 
developing a solution for higher ed students.  We are trying to understand how 
student authentication happens on a campus WLAN.  Do students receive a unique 
ID and then log in via a browser-based login screen, or do they have to put 
software onto their computers (a la VPNs)?

Based on some secondary research we have conducted, it seems like most 
colleges/universities are using the browser-based approach and that the VPN 
approach is not common.  What are your experiences in this area?

Much thanks in advance,
Perry Mizota
Consultant
pe...@abovethenoise.com

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Princeton determines cause of an iPad problem

[Hao, Justin C]

The ipads we've seen before actually have a different oui prefix than  
the rest of apple's products. Don't know how unique though.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 20, 2010, at 9:28 PM, "Ryan Holland"  wrote:

> If the iPad is like the rest of Apple's product line, there's no way  
> to distinguish it from other Apple products based on mac address.
>
> --
> Ryan Holland
> Network Engineer, Wireless
> Office of the Chief Information Officer
> The Ohio State University
> 614-292-9906   holland@osu.edu
>
> On Apr 20, 2010, at 9:34 PM, Frank Bulk wrote:
>
>> Another idea is provide long(er) lease times just to the Apple  
>> iPads, based
>> on OUI.
>>
>> Frank
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Jeffrey  
>> Sessler
>> Sent: Monday, April 19, 2010 10:28 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Princeton determines cause of an iPad  
>> problem
>>
>> It would seem that Princeton could temporarily (or permanently)  
>> avoid the
>> problem, and thus all the media hype and blocking of the iPads, by  
>> simply
>> increasing their DHCP lease time from their stated 1-3 hour time to
>> something more reasonable. Unless your base of devices include a  
>> large
>> number of drive-bys (devices seen only once and never again), I'm  
>> not sure
>> that a lease time of 1-3 hours will result in better DHCP IP  
>> address pool
>> use than say a lease time of 24 hours.
>>
>> We toyed with extremely short leases years ago but found they  
>> resulted it
>> various device anomalies. We now run with lease times of at least  
>> 24 hours
>> and our average IP address consumption changed very little.
>>
>> Jeff
>>
> "Zeller, Tom S"  04/18/10 8:54 PM >>>
>> http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-le
>> ase-keeps-using-IP-address.html
>>
>> iPad gets DHCP lease.  If iPad happens to be sleeping during the  
>> renewal
>> time it awakens and uses the IP number forever (until shut down of  
>> unit or
>> WiFi or going out of range)
>>
>> Tom Zeller
>> Indiana University
>>
>> **
>> Participation and subscription information for this EDUCAUSE  
>> Constituent
>> Group discussion list can be found at http://www.educause.edu/ 
>> groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE  
>> Constituent
>> Group discussion list can be found at http://www.educause.edu/ 
>> groups/.
>>
>> **
>> Participation and subscription information for this EDUCAUSE  
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/ 
>> .
>>
>>
>> -- 
>> BEGIN-ANTISPAM-VOTING-LINKS
>> --
>>
>> Teach CanIt if this mail (ID 1028524510) is spam:
>> Spam:https://antispam.osu.edu/b.php?i=1028524510&m=8e500edfb024&c=s
>> Not spam:https://antispam.osu.edu/b.php?i=1028524510&m=8e500edfb024&c=n
>> Forget vote: https://antispam.osu.edu/b.php?i=1028524510&m=8e500edfb024&c=f
>> --
>> END-ANTISPAM-VOTING-LINKS
>>
>
> **
> Participation and subscription information for this EDUCAUSE  
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ 
> .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

[Hao, Justin C]

Heh cisco never allowed me to pull one open cuz that violates the  
"warranty". I have seen the innards of a cracked AP125 though.  The  
cisco aps are solidly constructed from what can be told on the  
outside. And they do seem a lot less likely to suffer from physical  
damage.  The point I was trying to make was that internal chipset  
temperature cannot be determined by external enclosure (hot to the  
touch) temperature.

Yes, I agree that all things should be considered when making  
selections, but caution has to be exercised when extrapolating  
hardware performance from surface examination.  Lots of devices rely  
on convection cooling in harsh environments. And in most cases a hot  
enclosure means the device is properly wicking heat away from the  
chipset. If both the enclosure and chipset run consistantly hot the  
there should be concern.

I just don't like the "this one feels hefty so it must be more  
reliable" line of reasoning. I would rather see test numbers and  
chipset operating temperature/etc.  I make no claims that one AP is  
definitively better than the other in that regard as I don't have any  
of that test info.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 12, 2010, at 4:04 PM, "Jeffrey Sessler"  
 wrote:

> Justin,
>
> No heat-related rumors started at all. The point here was that the
> construction of APs differ from vendor to vendor. We pulled apart  
> every
> AP we got, and when it came to which would likely be more durable over
> the long haul, the Cisco devices won. Others may come to a different
> decision, and that's why careful evaluation is important. Have you
> pulled apart a Cisco 1142 and a Aruba AP? If not, I highly recommend  
> it.
>
>
> Since I've had the AP's apart, it's my opinion that the Cisco is  
> better
> built. If I deployed one of each (Aruba and Cisco) in a demanding
> location, say a moist/lint filled laundry area in a residential area,
> I'd bet on the Cisco's ventless design every time.
>
> Jeff
>
>>>> "Hao, Justin C"  4/11/2010 8:14 PM >>>
> Uhm, last I checked we have a box of broken 1142s.  Everyone's APs
> fail. But rumors of heat related failure versus actual failure rate
> are just that. Rumors. I could easily start rumors regarding the
> "auto" radio reset and failure rate of some 1142 APs.
>
> ---
> Justin Hao
> j...@austin.utexas.edu
> University of Texas
> ITS - Networking
>
> On Apr 11, 2010, at 8:24 PM, "Jeffrey Sessler"
>  wrote:
>
>> Lifetime warranty is great, but it still costs time/money to have an
>
>> IT
>> staff member mount/dismount the AP and send it back for replacement.
>
>> All
>> things being equal, I'd rather mount the AP once, and the next time
> I
>> visit it will be when it is life-cycled and replaced with the latest
>> standard.
>>
>> Jeff
>>
>>>>> Todd Lane  4/11/2010 5:46 PM >>>
>> We don't worry about our Aruba APs. They're covered by a lifetime
>> warranty unlike the Cisco APs we were buying.
>>
>> Aruba Lifetime Warranty*
>> The following Aruba indoor enterprise-grade wireless access points
> are
>>
>> covered by Aruba’s Lifetime Warranty if purchased after May 21,
>> 2009:
>> ● AP-60
>> ● AP-61
>> ● AP-65
>> ● AP-65WB
>> ● AP-70
>> ● AP-105
>> ● AP-120
>> ● AP-120abg
>> ● AP-121
>> ● AP-121abg
>> ● AP-124
>> ● AP-124abg
>> ● AP-125
>> ● AP-125abg
>> ● RAP-5
>> ● RAP-5WN
>> * Aruba Lifetime Warranty coverage remains in place for as long as
> you
>>
>> own the product, up to five years following Aruba announcement of
>> end-of-sale of that product.
>>
>>
>> Todd Lane
>> University of North Carolina at Chapel Hill
>>
>>
>> On 4/11/2010 6:31 PM, Jeffrey Sessler wrote:
>>> Ethan,
>>>
>>> Where I would suggest spending some evaluation time is on the AP
>>> construction. Having had time to evaluate both the Aruba and Cisco
>> AP's,
>>> there were doubts as to the Aruba's life-span when placed in our
>>> residential halls. The design (this was their 802.11n product),
>> relied
>>> on venting and convection cooling, and it was unknown what would
>> happen
>>> as dust-bunnies and other obstructions settled on those vents. Even
>> in
>>> our "lab" the Aruba AP got hot, so much so that the metal shield on
>> the
>>> ethernet connector was uncomfortable to the touch. The Cisco AP's
> on
>> 

Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

[Hao, Justin C]

The clarity is provided by the Antenna radiation patten.  Which also  
highlights a shortcoming of the "saucer" shape of the 1142.  The  
pattern for each spectrum is a lopsided circle viewed from above.  
Lopsided depeding on which side of the ap each radio is on becase the  
central body of the ap itself blocks each radio(and there's no easy  
way to tell which way the antenna are oriented).  This skews your  
coverage, although the effect is minor, it's not what I prefer to see  
in an "omni" design.  The 1142 also is definately not designed for  
wall mount.  It's vertical plane is flattened (as expected for a  
ceiling mount ap). As well they don't offer a vertical mount (that I'm  
aware) of for the 1142.

Feel free to ask your Cisco SE For the radiation pattern spec sheets  
for the 1142. They're also available on the cisco website but are poor  
visual quality.

  There should be very little reason for ever mounting an 1142 in a  
vertical orientation.  Unless you just really enjoy buying more Cisco  
APs to make up for the oddly shaped and sized coverage.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 11, 2010, at 8:36 PM, "Lee H Badman"  wrote:

> To your point, Justin- in my mind I still don't feel that Cisco has  
> done a good job of providing clarity about the topic of wall- 
> mounting. Sometimes that's all you can do, and the world doesn't  
> come crashing to a halt. Would be nice to see them change their tune  
> on this.
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv  
> [wireless-...@listserv.educause.edu] On Behalf Of Hao, Justin C  
> [j...@austin.utexas.edu]
> Sent: Sunday, April 11, 2010 8:19 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki
>
> In the same line of examination you want to pay attention to ap
> performance and features. Cisco's 1142 does not have orientable
> antennas and does not support wall mount(vertical) placement.  Also
> note the 2x3 mimo vs the 3x3 mimo between Cisco and Aruba.  Cisco's
> only current option for wall mount 802.11n w/ discrete antennas is the
> monster 1250.  The 1142 is also significantly larger than the AP125.
>
> So consider your installation environment and mounting options when
> selecting your Vendor.
>
> ---
> Justin Hao
> j...@austin.utexas.edu
> University of Texas
> ITS - Networking
>
> On Apr 11, 2010, at 5:32 PM, "Jeffrey Sessler"
>  wrote:
>
>> Ethan,
>>
>> Where I would suggest spending some evaluation time is on the AP
>> construction. Having had time to evaluate both the Aruba and Cisco
>> AP's,
>> there were doubts as to the Aruba's life-span when placed in our
>> residential halls. The design (this was their 802.11n product),  
>> relied
>> on venting and convection cooling, and it was unknown what would
>> happen
>> as dust-bunnies and other obstructions settled on those vents. Even  
>> in
>> our "lab" the Aruba AP got hot, so much so that the metal shield on
>> the
>> ethernet connector was uncomfortable to the touch. The Cisco AP's on
>> the
>> other hand were 100% sealed, stayed cool, and the large aluminum
>> casing
>> is the heat sink. Between the two, it was felt the Cisco would be
>> maintenance free while the Aruba might require attention (dusting  
>> off)
>> from time to time. Point being, as you look at Aruba, HP, Meru, etc.
>> make sure to keep the AP's design and planned deployment locations in
>> mind.
>>
>> Jeff
>>
>>>>> Ethan Sommer  4/2/2010 6:25 PM >>>
>> As I said in another post we selected our "finalists" based on what
>> others colleges seem happy with (which by a wide margin seems to be
>> mostly cisco, aruba, and meru) and HP because we already have a HP
>> infrastructure.
>>
>> My assumption is that all of you are smart and there is a reason you
>> all
>> chose to go with those products.
>>
>> We are on a tight budget, so based on initial pricing we eliminated
>> Cisco and Meru who seemed to be the most expensive (plus we don't  
>> like
>>
>> cisco for a number of other reasons).
>>
>> (As an aside, after posting here meru contacted me _and my boss_,
>> which
>>
>> I believe is not allowed under this list's rules. In any case, I told
>> them if they could provide a quote for a 200 dual radio complete
>> system
>>
>> in the same ballpark as the other systems we're looking at, then  
>> we

Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

[Hao, Justin C]

Uhm, last I checked we have a box of broken 1142s.  Everyone's APs  
fail. But rumors of heat related failure versus actual failure rate  
are just that. Rumors. I could easily start rumors regarding the  
"auto" radio reset and failure rate of some 1142 APs.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 11, 2010, at 8:24 PM, "Jeffrey Sessler"  
 wrote:

> Lifetime warranty is great, but it still costs time/money to have an  
> IT
> staff member mount/dismount the AP and send it back for replacement.  
> All
> things being equal, I'd rather mount the AP once, and the next time I
> visit it will be when it is life-cycled and replaced with the latest
> standard.
>
> Jeff
>
 Todd Lane  4/11/2010 5:46 PM >>>
> We don't worry about our Aruba APs. They're covered by a lifetime
> warranty unlike the Cisco APs we were buying.
>
> Aruba Lifetime Warranty*
> The following Aruba indoor enterprise-grade wireless access points are
>
> covered by Aruba’s Lifetime Warranty if purchased after May 21,
> 2009:
> ● AP-60
> ● AP-61
> ● AP-65
> ● AP-65WB
> ● AP-70
> ● AP-105
> ● AP-120
> ● AP-120abg
> ● AP-121
> ● AP-121abg
> ● AP-124
> ● AP-124abg
> ● AP-125
> ● AP-125abg
> ● RAP-5
> ● RAP-5WN
> * Aruba Lifetime Warranty coverage remains in place for as long as you
>
> own the product, up to five years following Aruba announcement of
> end-of-sale of that product.
>
>
> Todd Lane
> University of North Carolina at Chapel Hill
>
>
> On 4/11/2010 6:31 PM, Jeffrey Sessler wrote:
>> Ethan,
>>
>> Where I would suggest spending some evaluation time is on the AP
>> construction. Having had time to evaluate both the Aruba and Cisco
> AP's,
>> there were doubts as to the Aruba's life-span when placed in our
>> residential halls. The design (this was their 802.11n product),
> relied
>> on venting and convection cooling, and it was unknown what would
> happen
>> as dust-bunnies and other obstructions settled on those vents. Even
> in
>> our "lab" the Aruba AP got hot, so much so that the metal shield on
> the
>> ethernet connector was uncomfortable to the touch. The Cisco AP's on
> the
>> other hand were 100% sealed, stayed cool, and the large aluminum
> casing
>> is the heat sink. Between the two, it was felt the Cisco would be
>> maintenance free while the Aruba might require attention (dusting
> off)
>> from time to time. Point being, as you look at Aruba, HP, Meru, etc.
>> make sure to keep the AP's design and planned deployment locations
> in
>> mind.
>>
>> Jeff
>>
>>
> Ethan Sommer 4/2/2010 6:25 PM>>>
>
>> As I said in another post we selected our "finalists" based on what
>> others colleges seem happy with (which by a wide margin seems to be
>> mostly cisco, aruba, and meru) and HP because we already have a HP
>> infrastructure.
>>
>> My assumption is that all of you are smart and there is a reason you
>> all
>> chose to go with those products.
>>
>> We are on a tight budget, so based on initial pricing we eliminated
>> Cisco and Meru who seemed to be the most expensive (plus we don't
> like
>>
>> cisco for a number of other reasons).
>>
>> (As an aside, after posting here meru contacted me _and my boss_,
> which
>>
>> I believe is not allowed under this list's rules. In any case, I
> told
>> them if they could provide a quote for a 200 dual radio complete
> system
>>
>> in the same ballpark as the other systems we're looking at, then
> we'll
>>
>> talk.)
>>
>> Our next steps are
>> * To get quotes
>> * And bring in the systems to do test runs in real life conditions.
>> (We're going to try each out in one of the dorms and the library,
> each
>>
>> of which currently have 10 APs.)
>>
>> If we aren't in love with any of those systems, we'll widen our
>> search.
>>
>> We have very limited resources, so if one comes in much cheaper than
>> the
>> others the question will be "is that system good enough for us."
>> Otherwise we'll pick the system that we think will work best for us.
>>
>> Based on talking with schools running Aruba and Meraki, I think
> either
>>
>> would be a great move forward for us. I've yet to hear of a school
> who
>>
>> chose either and regretted it.
>>
>> Ethan
>>
>>
>>
>> Mike Hydra wrote:
>>
>>> What I personally find interesting is the wide choice not from a
>>> manufacturing point of view but more from a Wi-Fi technology point
> of
>>>
>>
>>> view.
>>>
>>> Aruba – Controller based (aka controller based)
>>> All data goes through the controller, centralized architecture.
>>>
>>> HP – decentralized (Controller in not directly essential)
>>> Data path is separated from the management path.
>>>
>>> Meraki – Cloud computing
>>> Centralized Cloud, not having to own controller hardware inside
> your
>>>
>>
>>> own network.
>>>
>>> All three very different solutions.
>>>
>>> I’m looking forward to follow this email threat with the
> comments,
>>>
>>
>>> thanks for sharing.
>>> I would recommend writing down a proof of concept and invite the
>>> vendors of your choic

Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

[Hao, Justin C]

In the same line of examination you want to pay attention to ap  
performance and features. Cisco's 1142 does not have orientable  
antennas and does not support wall mount(vertical) placement.  Also  
note the 2x3 mimo vs the 3x3 mimo between Cisco and Aruba.  Cisco's  
only current option for wall mount 802.11n w/ discrete antennas is the  
monster 1250.  The 1142 is also significantly larger than the AP125.

So consider your installation environment and mounting options when  
selecting your Vendor.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 11, 2010, at 5:32 PM, "Jeffrey Sessler"  
 wrote:

> Ethan,
>
> Where I would suggest spending some evaluation time is on the AP
> construction. Having had time to evaluate both the Aruba and Cisco  
> AP's,
> there were doubts as to the Aruba's life-span when placed in our
> residential halls. The design (this was their 802.11n product), relied
> on venting and convection cooling, and it was unknown what would  
> happen
> as dust-bunnies and other obstructions settled on those vents. Even in
> our "lab" the Aruba AP got hot, so much so that the metal shield on  
> the
> ethernet connector was uncomfortable to the touch. The Cisco AP's on  
> the
> other hand were 100% sealed, stayed cool, and the large aluminum  
> casing
> is the heat sink. Between the two, it was felt the Cisco would be
> maintenance free while the Aruba might require attention (dusting off)
> from time to time. Point being, as you look at Aruba, HP, Meru, etc.
> make sure to keep the AP's design and planned deployment locations in
> mind.
>
> Jeff
>
 Ethan Sommer  4/2/2010 6:25 PM >>>
> As I said in another post we selected our "finalists" based on what
> others colleges seem happy with (which by a wide margin seems to be
> mostly cisco, aruba, and meru) and HP because we already have a HP
> infrastructure.
>
> My assumption is that all of you are smart and there is a reason you
> all
> chose to go with those products.
>
> We are on a tight budget, so based on initial pricing we eliminated
> Cisco and Meru who seemed to be the most expensive (plus we don't like
>
> cisco for a number of other reasons).
>
> (As an aside, after posting here meru contacted me _and my boss_,  
> which
>
> I believe is not allowed under this list's rules. In any case, I told
> them if they could provide a quote for a 200 dual radio complete  
> system
>
> in the same ballpark as the other systems we're looking at, then we'll
>
> talk.)
>
> Our next steps are
> * To get quotes
> * And bring in the systems to do test runs in real life conditions.
> (We're going to try each out in one of the dorms and the library, each
>
> of which currently have 10 APs.)
>
> If we aren't in love with any of those systems, we'll widen our
> search.
>
> We have very limited resources, so if one comes in much cheaper than
> the
> others the question will be "is that system good enough for us."
> Otherwise we'll pick the system that we think will work best for us.
>
> Based on talking with schools running Aruba and Meraki, I think either
>
> would be a great move forward for us. I've yet to hear of a school who
>
> chose either and regretted it.
>
> Ethan
>
>
>
> Mike Hydra wrote:
>> What I personally find interesting is the wide choice not from a
>> manufacturing point of view but more from a Wi-Fi technology point of
>
>> view.
>>
>> Aruba – Controller based (aka controller based)
>> All data goes through the controller, centralized architecture.
>>
>> HP – decentralized (Controller in not directly essential)
>> Data path is separated from the management path.
>>
>> Meraki – Cloud computing
>> Centralized Cloud, not having to own controller hardware inside your
>
>> own network.
>>
>> All three very different solutions.
>>
>> I’m looking forward to follow this email threat with the comments,
>
>> thanks for sharing.
>> I would recommend writing down a proof of concept and invite the
>> vendors of your choice.
>> In this way you’ve tested your requirement (out of your proof on
>> concept) therefore convinced around the solution you buy is the right
> one.
>> Good luck...
>>
>>
>> Mike Hydra
>>
>> Cell: +31 6 29 07 18 96
>> Tel: +31 252 62 61 20
>> Fax: +31 252 68 88 37
>> E-mail: mhy...@2fast4wireless.com
>> Skype: Flying-Wireless-Dutchman
>> Web: www.2fast4wireless.com
>>
>>
>>
>>
> --- 
> -
>> *From: *Peter P Morrissey 
>> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv
>> 
>> *Date: *Fri, 2 Apr 2010 22:47:26 +0200
>> *To: *
>> *Subject: *Re: Aruba vs HP vs Meraki
>>
>> OK, so I'll ask. Why did you eliminate Cisco already?
>> Pete M.
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan
> Sommer
>> Sent: Friday, April 02, 2010 2:21 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS

Re: [WIRELESS-LAN] Aruba vs HP vs Meraki

[Hao, Justin C]

And in the thread of management and monitoring I highly recommend you  
take a look at airwave(now owned by aruba). It's a relatively vendor  
neutral management and monitoring platform that i find really useful  
(it will manage and monitor a variety of vendors, cisco, Aruba, etc).  
Ask your Aruba sales contact for an airwave demo if they haven't  
offered yet. It is comparable to cisco's wcs offering (but better IMO)

  and lee is right, almost all of those solutions should be  
transparent to your users. YOU will have to deal with the  
administration and performance quirks so decide with that in mind.

---
Justin Hao
j...@austin.utexas.edu
University of Texas
ITS - Networking

On Apr 2, 2010, at 8:30 PM, "Lee H Badman"  wrote:

> As for trying them- from the client perspective they will be  
> indistinguishable if set up right. The big difference will be in  
> management and monitoring- that's where you should concentrate.
>
> One man's Oh-Pinion.
>
> -Lee
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv  
> [wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer  
> [somm...@gac.edu]
> Sent: Friday, April 02, 2010 9:25 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Aruba vs HP vs Meraki
>
> As I said in another post we selected our "finalists" based on what
> others colleges seem happy with (which by a wide margin seems to be
> mostly cisco, aruba, and meru) and HP because we already have a HP
> infrastructure.
>
> My assumption is that all of you are smart and there is a reason you  
> all
> chose to go with those products.
>
> We are on a tight budget, so based on initial pricing we eliminated
> Cisco and Meru who seemed to be the most expensive (plus we don't like
> cisco for a number of other reasons).
>
> (As an aside, after posting here meru contacted me _and my boss_,  
> which
> I believe is not allowed under this list's rules. In any case, I told
> them if they could provide a quote for a 200 dual radio complete  
> system
> in the same ballpark as the other systems we're looking at, then we'll
> talk.)
>
> Our next steps are
> * To get quotes
> * And bring in the systems to do test runs in real life conditions.
> (We're going to try each out in one of the dorms and the library, each
> of which currently have 10 APs.)
>
> If we aren't in love with any of those systems, we'll widen our  
> search.
>
> We have very limited resources, so if one comes in much cheaper than  
> the
> others the question will be "is that system good enough for us."
> Otherwise we'll pick the system that we think will work best for us.
>
> Based on talking with schools running Aruba and Meraki, I think either
> would be a great move forward for us. I've yet to hear of a school who
> chose either and regretted it.
>
> Ethan
>
>
>
> Mike Hydra wrote:
>> What I personally find interesting is the wide choice not from a
>> manufacturing point of view but more from a Wi-Fi technology point of
>> view.
>>
>> Aruba – Controller based (aka controller based)
>> All data goes through the controller, centralized architecture.
>>
>> HP – decentralized (Controller in not directly essential)
>> Data path is separated from the management path.
>>
>> Meraki – Cloud computing
>> Centralized Cloud, not having to own controller hardware inside your
>> own network.
>>
>> All three very different solutions.
>>
>> I’m looking forward to follow this email threat with the comments,
>> thanks for sharing.
>> I would recommend writing down a proof of concept and invite the
>> vendors of your choice.
>> In this way you’ve tested your requirement (out of your proof on
>> concept) therefore convinced around the solution you buy is the  
>> right one.
>> Good luck...
>>
>>
>> Mike Hydra
>>
>> Cell: +31 6 29 07 18 96
>> Tel: +31 252 62 61 20
>> Fax: +31 252 68 88 37
>> E-mail: mhy...@2fast4wireless.com
>> Skype: Flying-Wireless-Dutchman
>> Web: www.2fast4wireless.com
>>
>>
>>
>> --- 
>> -
>> *From: *Peter P Morrissey 
>> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv
>> 
>> *Date: *Fri, 2 Apr 2010 22:47:26 +0200
>> *To: *
>> *Subject: *Re: Aruba vs HP vs Meraki
>>
>> OK, so I'll ask. Why did you eliminate Cisco already?
>> Pete M.
>>
>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> [mailto:wireless-...@listserv.educause.edu] On Behalf Of Ethan Sommer
>> Sent: Friday, April 02, 2010 2:21 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Aruba vs HP vs Meraki
>>
>> We are considering replacing our 200+ AP wireless infrastructure  
>> with a
>> controller based 802.11n system.
>>
>> I believe we have narrowed it down to Aruba, HP Procurve (we use HP
>> switch gear), and Meraki.
>>
>> I have two questions:
>>
>> 1. Are there any hidden costs we should watch out for with any of  
>> these
>> (particularl

WiFi Tags / RTLS

[Hao, Justin C]

Howdy,

Has anyone done any evaluation or research with some of the wifi tags on the 
market today?  There seems to be two major flavors, CCX/non-CCX enabled tags.  
If anyone has any insights or recommendations for things to evaluate for or 
things they've discovered in past evaluations I'd appreciate the information. I 
think we'd be mostly interested in CCX enabled tags as we're an all cisco 
controller based infrastructure.

-
Justin Hao
Network Engineer, ITS Networking
The University of Texas at Austin
j...@austin.utexas.edu
-

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.