RE: Anyone have experience with wireless lighting and contol systems?

[Hector J Rios]

I know Lutron is a great company with great products but I also know they are 
very expensive. Unlike Eaton, Lutron also uses proprietary frequencies (I 
believe Clear Connect works in the 400s), which from a wireless coexistence 
perspective is excellent, but it comes with the higher price tag. Zigbee and 
Z-wave are two very popular communication protocols and are very affordable. 
Zigbee in particular does share the spectrum with WiFi, but only in the 2.4GHz 
band. The short article below provides good information on the coexistence of 
these two protocols.

https://www.metageek.com/training/resources/zigbee-wifi-coexistence.html

Best,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Dickson
Sent: Thursday, May 17, 2018 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Anyone have experience with wireless lighting and 
contol systems?


Hi Manny,



I'm curious, why is your facilities department looking to replace Lutron? We 
are being asked to look at them as a lighting control solution on our campus.



Thanks,

Mike


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Manuel Amaral 
>
Sent: Tuesday, April 3, 2018 2:45 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Anyone have experience with wireless lighting and 
contol systems?


Our facilities department is looking to upgrade some of our lighting 
infrastructure to use lower power LED light fixtures.  One of the proposals is 
to replace all the lighting and the existing Lutron lighting control system 
with a relatively new Eaton WaveLinx wireless lighting system.



Unfortunately, the vendors who came in couldn't even explain what spectrum(s) 
the infrastructure would run on.  A quick review indicates that the controllers 
operate on WiFi or wired LAN for control access and 802.15.4 for communication 
(@ 2.4MHz) between all the various devices (dimmers, switches, occupancy 
sensors, lights, etc).  Each controller currently operates as a standalone 
since they still don't have a centralized management environment and they're 
single user access only.



We're particularly concerned about any potential interference issues that might 
arise within our existing and future wireless environments.  I was wondering 
whether anyone has any familiarity with this or similar environments and 
whether you'd be willing to share your thoughts and experiences on them.





Regards,

Manny

---

Manuel (Manny) Amaral

Director, Information Technology Operations

781-292-2433 | www.olin.edu



[Olin_Identifier_Gradient_Standard_Blue_RGB]



Leading the Revolution in Engineering Education

twitter | 
facebook | 
youtube



We will never ask you for your password!




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Need help

[Hector J Rios]

Thank you for sharing this Dennis.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Tuesday, April 24, 2018 8:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help


Hector,



We have two 8540s running 1 + 1, 8.2.160.0, 2900 
APs(2802,1810W,3702,3602,1140). All 2900 APs associate to the primary WLC with 
the secondary WLC as the backup in normal situation. Our controller run into an 
issue that suddenly the controller is not pingable from time to time. When this 
happens, all APs would failover to the secondary WLC automatically. This 
failover has happened many times, and all APs can always associate to the 
secondary WLC without issues when this happens. I have not seen the issue what 
you have described. Cisco does not have conclusive words for this issue either. 
We will upgrade to 8.3MR4 and hope that will resolve this issue.


Dennis Xu | Analyst III, Network Infrastructure
Computing and Communications Services (CCS) | University of Guelph
University Centre | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56217 | d...@uoguelph.ca<mailto:d...@uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | twitter.com/ccsnews | 
facebook.com/CCSUofG
[1502995318012_PastedImage]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Sent: Tuesday, April 24, 2018 9:37:07 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Need help

I have not received a response from Cisco yet. I think they are scratching 
their heads too. This is a very elusive problem.

For the APs that would not stay connected to their primary controller, the AP 
Join stats would not provide any type of reason or explanation.

Moving APs group by group seems to be the only option we will have for now.

-H

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Yahya M. Jaber
Sent: Tuesday, April 24, 2018 12:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Need help

Hi Hector,

What did Cisco Say? Did they find any CAPWAP stale entries? What I usually do 
is to move the AP's group by group keeping an eye if anything goes wrong.

If there are stale entries you will have to reload the WLC to clear them.

Yahya Jaber.
Sr. Wireless Engineer
IT Network & Communications - Engineering Building 14, Level 3, Rm 308-WS07 
KAUST 23955-6900 Thuwal, KSA

Email yahya.ja...@kaust.edu.sa<mailto:yahya.ja...@kaust.edu.sa>
Office +966 (0) 12 8081237
Mobile +966 (0) 558697555
On Call Rotation Mobile: +966 54 470 1177


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Monday, April 23, 2018 21:31
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Need help

Christina,

The port-channels on every physical controller go to interfaces that live on 
both of our physical 6500s. We have looked at the interfaces on the 6500s, but 
have not seen anything concerning. And no, we have not looked at the traffic 
across the VSS. I'm attaching a picture of what our physical setup looks like

-H

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christina Klam
Sent: Monday, April 23, 2018 11:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Need help

Hector,

Are the port-channels split between the two physical 6500s or is one controller 
connected to one switch and the other controller on the second?  When you are 
having the issue, have you looked at the traffic across the VSS or compared 
what is coming into the 6500s vs what is leaving it?  In other words, have you 
been able to isolate the issue as being on  the controllers and not the VSS?

--Christina

Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
+1 609-734-8154
ck...@ias.edu<mailto:ck...@ias.edu>


From: "Hector J Rios" <hr...@lsu.edu<mailto:hr...@lsu.edu>>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Monday, April 23, 2018 11:54:42 AM
Subject: Re: [WIRELESS-LAN] Need help

Our controllers connect to a pair of 6500s (SUP2Ts) in VSS mode. Each 
controller pair has two 10G interfaces in a port-channel.

-H

From: The EDUCAUSE Wireless Issues Constituent Grou

RE: Need help

[Hector J Rios]

I have not received a response from Cisco yet. I think they are scratching 
their heads too. This is a very elusive problem. 

For the APs that would not stay connected to their primary controller, the AP 
Join stats would not provide any type of reason or explanation. 

Moving APs group by group seems to be the only option we will have for now. 

-H

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Yahya M. Jaber
Sent: Tuesday, April 24, 2018 12:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help

Hi Hector,

What did Cisco Say? Did they find any CAPWAP stale entries? What I usually do 
is to move the AP's group by group keeping an eye if anything goes wrong.

If there are stale entries you will have to reload the WLC to clear them.

Yahya Jaber.
Sr. Wireless Engineer
IT Network & Communications – Engineering Building 14, Level 3, Rm 308-WS07 
KAUST 23955-6900 Thuwal, KSA

Email yahya.ja...@kaust.edu.sa
Office +966 (0) 12 8081237
Mobile +966 (0) 558697555
On Call Rotation Mobile: +966 54 470 1177


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Monday, April 23, 2018 21:31
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help

Christina,

The port-channels on every physical controller go to interfaces that live on 
both of our physical 6500s. We have looked at the interfaces on the 6500s, but 
have not seen anything concerning. And no, we have not looked at the traffic 
across the VSS. I'm attaching a picture of what our physical setup looks like

-H

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christina Klam
Sent: Monday, April 23, 2018 11:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help

Hector,

Are the port-channels split between the two physical 6500s or is one controller 
connected to one switch and the other controller on the second?  When you are 
having the issue, have you looked at the traffic across the VSS or compared 
what is coming into the 6500s vs what is leaving it?  In other words, have you 
been able to isolate the issue as being on  the controllers and not the VSS?

--Christina

Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
+1 609-734-8154
ck...@ias.edu


From: "Hector J Rios" <hr...@lsu.edu>
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Monday, April 23, 2018 11:54:42 AM
Subject: Re: [WIRELESS-LAN] Need help

Our controllers connect to a pair of 6500s (SUP2Ts) in VSS mode. Each 
controller pair has two 10G interfaces in a port-channel.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, April 23, 2018 9:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help


Hector- do the controllers connect to Nexus boxes, and with what kind of cable?


Lee Badman | Network Architect | CWNE #200 Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Sent: Monday, April 23, 2018 10:09:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Need help

All,

Last fall we all shared our experiences with the beginning of the semester. 
Ours was not great, and what we thought had been resolved, came back to bite 
us, again. If you want more info, search for subject "Re: [WIRELESS-LAN] Move 
In/Opening Week- Any Problems?"

My question to all of you is the following: If you have Cisco 8540s and over 
3000 APs, have you ever moved APs from one controller to another with no 
issues? i.e. You move 3000 APs from one controller to another at once.  Please 
respond and let me know your basic setup.

Here is our problem. Last year we moved all of our APs to an HA pair of 8540. 
We experienced no issues until the beginning of the fall, when all students 
came back. Last week, we moved all the APs from one HA pair to another, and 
right away we started experiencing issues.

What is the issue? When the issue starts happening, it appears that a good 
portion of our APs cannot associate to our controllers. It seems like the 
controllers run out of resources to be able to establish CAPWAP tunnels (memory 
leak?).

Our config

RE: [WIRELESS-LAN] Need help

[Hector J Rios]

Cisco has simply not recommended any other code.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, April 23, 2018 9:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help

Is there a reason you are on that code? I’d start with running the recommended 
8.2MR7 interim.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, April 23, 2018 at 7:10 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Need help

All,

Last fall we all shared our experiences with the beginning of the semester. 
Ours was not great, and what we thought had been resolved, came back to bite 
us, again. If you want more info, search for subject “Re: [WIRELESS-LAN] Move 
In/Opening Week- Any Problems?”

My question to all of you is the following: If you have Cisco 8540s and over 
3000 APs, have you ever moved APs from one controller to another with no 
issues? i.e. You move 3000 APs from one controller to another at once.  Please 
respond and let me know your basic setup.

Here is our problem. Last year we moved all of our APs to an HA pair of 8540. 
We experienced no issues until the beginning of the fall, when all students 
came back. Last week, we moved all the APs from one HA pair to another, and 
right away we started experiencing issues.

What is the issue? When the issue starts happening, it appears that a good 
portion of our APs cannot associate to our controllers. It seems like the 
controllers run out of resources to be able to establish CAPWAP tunnels (memory 
leak?).

Our configuration:

Two HA pairs of 8540s, AP/Client SSO
AVC turned on, only on eduroam
IPv4/IPv6 dual stack support
Our oldest AP model is 1140
Software 8.2.161 (yes, we know it is deferred)
3900 APs
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Need help

[Hector J Rios]

Our controllers connect to a pair of 6500s (SUP2Ts) in VSS mode. Each 
controller pair has two 10G interfaces in a port-channel.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, April 23, 2018 9:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Need help


Hector- do the controllers connect to Nexus boxes, and with what kind of cable?


Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Sent: Monday, April 23, 2018 10:09:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Need help

All,

Last fall we all shared our experiences with the beginning of the semester. 
Ours was not great, and what we thought had been resolved, came back to bite 
us, again. If you want more info, search for subject "Re: [WIRELESS-LAN] Move 
In/Opening Week- Any Problems?"

My question to all of you is the following: If you have Cisco 8540s and over 
3000 APs, have you ever moved APs from one controller to another with no 
issues? i.e. You move 3000 APs from one controller to another at once.  Please 
respond and let me know your basic setup.

Here is our problem. Last year we moved all of our APs to an HA pair of 8540. 
We experienced no issues until the beginning of the fall, when all students 
came back. Last week, we moved all the APs from one HA pair to another, and 
right away we started experiencing issues.

What is the issue? When the issue starts happening, it appears that a good 
portion of our APs cannot associate to our controllers. It seems like the 
controllers run out of resources to be able to establish CAPWAP tunnels (memory 
leak?).

Our configuration:

Two HA pairs of 8540s, AP/Client SSO
AVC turned on, only on eduroam
IPv4/IPv6 dual stack support
Our oldest AP model is 1140
Software 8.2.161 (yes, we know it is deferred)
3900 APs
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Need help

[Hector J Rios]

All,

Last fall we all shared our experiences with the beginning of the semester. 
Ours was not great, and what we thought had been resolved, came back to bite 
us, again. If you want more info, search for subject “Re: [WIRELESS-LAN] Move 
In/Opening Week- Any Problems?”

My question to all of you is the following: If you have Cisco 8540s and over 
3000 APs, have you ever moved APs from one controller to another with no 
issues? i.e. You move 3000 APs from one controller to another at once.  Please 
respond and let me know your basic setup.

Here is our problem. Last year we moved all of our APs to an HA pair of 8540. 
We experienced no issues until the beginning of the fall, when all students 
came back. Last week, we moved all the APs from one HA pair to another, and 
right away we started experiencing issues.

What is the issue? When the issue starts happening, it appears that a good 
portion of our APs cannot associate to our controllers. It seems like the 
controllers run out of resources to be able to establish CAPWAP tunnels (memory 
leak?).

Our configuration:

Two HA pairs of 8540s, AP/Client SSO
AVC turned on, only on eduroam
IPv4/IPv6 dual stack support
Our oldest AP model is 1140
Software 8.2.161 (yes, we know it is deferred)
3900 APs

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Airtame

[Hector J Rios]

We are also using the Kramer VIAs and I can attest to their great performance. 
These devices might be expensive but they work. We decided to disable the 
wireless functionality. We didn't see the need to allow things like native 
AirPlay. Instead, our users use eduroam and reach the Kramer device over IP. 
Device mirroring works great.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Christopher
Sent: Tuesday, April 10, 2018 9:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Airtame

Hi Jess,

I haven't worked with it personally (our university has started to make heavy 
use of the Kramer VIAs (https://www.kramerav.com/product/VIA%20Connect%20PRO) - 
although I've seen it heavily advertised on my Facebook news feed with several 
individuals stating "too expensive/just use a Chromecast" - despite them 
providing articles that each device serves a different environment (Enterprise 
vs Home) - https://airtame.com/chromecast-alternative

-  Some of the big things they point out - can supply an IP Address 
directly to the Airtame without the need of mDNS/SSDP
o   Native Screen mirroring from iOS devices still requires multicast enabled. 
This was true for our Kramer VIA devices - you had limited functionality within 
the iOS Kramer App - if left the app - the connection would close. However, 
somehow, Kramer has gotten around this limitation through their "Kramer Reveal" 
companion app. Somehow the Kramer Reveal App allows a user to enter an IP 
Address - which converts it and allow the iOS device to discover it as if mDNS 
was enabled. Pretty nice that they found a way to get around that limitation - 
https://itunes.apple.com/us/app/via-reveal/id1124805001?mt=8
-  Support from WPA Enterprise Networks (Not sure if just EAP-PEAP, 
EAP-TLS, etc)
-  Cloud/Device Management
-  Cast locally hosted files/video streams
-  The Airtame does support an "Ethernet Connection" method.

Almost all of our Kramer VIAs have a detected wired network connection. 
Performing screen-mirroring from a wireless client to a wireless server always 
makes me nervous as twice the airtime consumed. We've had a couple people 
complain about lag  from time to time - when think was attributed to memory 
issues on the Kramer. Other folks I feel they're trying to watch/stream a 
YouTube video presentation. Another comparison article from Airtame - 
https://airtame.com/kramer-via-go-alternative

The only "vendor discussion" I've seen so far In the community forums was 
recently on the Airheads community forums concerning an issue with Airtame on 
RAPs and NAT - although they were trying to get SSDP/mDNS functionality working 
on the RAPs - 
http://community.arubanetworks.com/t5/Wireless-Access/Airgroup-Airplay-amp-Airtame-devices-with-RAPS/m-p/410199

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook and 
Twitter

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Jess
Sent: Tuesday, April 3, 2018 8:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Airtame


Does anyone use Airtame?  It looks like discovery requires Multicast 
(SSDP/UPnP) be allowed.  Has anyone evaluated these or have any thoughts?



Jess Williams

Sr. Network Engineer, IT - Network Engineering

University of Tennessee at Chattanooga
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] ClearPass - not so clear anymore

[Hector J Rios]

Update on my previous statement. We talked to Aruba and they saw our licensing 
count. It appears that the higher numbers we are seeing might be due to a bug. 
We do have accounting enabled everywhere. So not sure exactly what else could 
be causing this. We’ll be working with TAC and hopefully get this resolved. Our 
license count today showed 102K. We are only licensed for 75K and in the past 
we never exceeded 60K.

Hector


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, April 04, 2018 10:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

You should look into pfSense.  It is extremely powerful and open source.  You 
can pay for commercial support.

Ryan

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Lee H Badman
Sent: Tuesday, April 3, 2018 8:00 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

This is a hot-button topic for me. The whole guest access thing has gotten 
ridiculously complex in the main players trying to funnel this through a 
behemoth NAC (same could be said for simple RADIUS) or through some other 
convoluted framework. Bluesocket (now Adtran) had a good thing going with a 
gateway that was simple to set up and use on any vendor’s WLAN. They too 
evolved into something chunky and complex. I’d love to see Adtran dust off the 
old code, make it just a wee bit updated on browser friendliness, and 
re-productize it as a cost-effective 3rd party guest solution. The rest of the 
industry has blown it in this regard, says I.

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Trinklein, Jason R
Sent: Monday, April 02, 2018 5:48 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

We are considering clearpass for our guest network captive portal. We have a 
case of sticker shock, however…at a cost of nearly $50K, it seems expensive for 
a captive portal.

What alternative solutions are people using? We are very happy with FreeRADIUS 
for wireless auth, but we need a robust captive portal that allows OAuth/social 
media login or validated email/sms login. We tried packetfence, but in cluster 
mode, it wasn’t reliable.

--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, April 2, 2018 at 5:23 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] ClearPass - not so clear anymore

I’ve got two complaints about this product. One, it seems like with every patch 
or upgrade, this solution is getting worse and worse. This is disappointing 
because when we bought this solution two years ago it was rock solid. Second, 
due to the new licensing scheme, we are now exceeding our licensing capacity. 
How convenient for Aruba, right? As some of you might know, the new licensing 
scheme is based on concurrency. When we purchased the solution the licensing 
scheme was based on rolling averages. Yes, the new licensing scheme is 
attempting to make things simpler, but at a higher cost. Ask your rep how much 
a 25K server costs and you’ll see what I’m talking about.

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7C%7C416aa0adcd3740e218df08d598dffc6e%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636583010131355986=L2hgyGRxLEshPCcPVnAxQCrmoaMp%2FlC8Nq8V0B8IdaM%3D=0>.
**

RE: [WIRELESS-LAN] ClearPass - not so clear anymore

[Hector J Rios]

Authentication might not stop, but what about access to the UI or the ability 
to make config changes?

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba 
Security)
Sent: Tuesday, April 03, 2018 9:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Hector,

During a roam event where a new session is created, a stop should also be 
generated by the NAD, so this should be a non-issue.

Also, as of 6.7.2, TACACS+ does not directly consume any access licenses (as 
long as you have at least 100 access licenses installed, TACACS+ usage is 
unlimited).

I should also add that all licensing ‘violations’ in ClearPass are UI / trap 
warning only. Authentication will never stop.

Tim


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, April 3, 2018 at 10:02 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Ian,

6.7 introduced a new licensing scheme which is based on concurrent users, and 
it encompasses both guests, mac-auth, TACACS, etc. This means that each user or 
device will consume an Access License during an active session. This is the 
Access license. The part that really sucks is the way sessions are treated. 
Basically, if a session end is not identified, the license that is being used 
is not freed until after a period of 24 hours. In wireless environments, it is 
normal for devices to roam, turn off and on continuously, and thus establish 
multiple sessions. So, for every device that authenticates to your network, it 
will be very likely that you will see multiple active sessions, thus consuming 
more licenses than you would have planned for.

All of these new “features” were not part of the previous licensing scheme.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons
Sent: Monday, April 02, 2018 5:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Jason
That price *was* real, many years ago.
I got a pair of 5000 user licenses for ~15k, last year.
Word of caution, I have seen some vendors that say they sell Cisco and Aruba 
products "forget' discounting on Aruba.
Shop around, that is not necessarily accurate.
Having said that, quantity of users and features where not mentioned.  50k or 
more users and all the features enabled.I can not speak to that.
Hector
I have had clearpass, on and off, for 6 years...it has always been concurrent 
usersyes to a rolling average, but not an immediate cut off if you exceed 
once or twice.
Can you elaborate?
Get Outlook for Android<https://aka.ms/ghei36>


From: Trinklein, Jason R
Sent: Monday, April 2, 17:48
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore
To: 
wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>

We are considering clearpass for our guest network captive portal. We have a 
case of sticker shock, however…at a cost of nearly $50K, it seems expensive for 
a captive portal.

What alternative solutions are people using? We are very happy with FreeRADIUS 
for wireless auth, but we need a robust captive portal that allows OAuth/social 
media login or validated email/sms login. We tried packetfence, but in cluster 
mode, it wasn’t reliable.

--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300–8009
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, April 2, 2018 at 5:23 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] ClearPass - not so clear anymore

I’ve got two complaints about this product. One, it seems like with e

RE: [WIRELESS-LAN] ClearPass - not so clear anymore

[Hector J Rios]

Ian,

6.7 introduced a new licensing scheme which is based on concurrent users, and 
it encompasses both guests, mac-auth, TACACS, etc. This means that each user or 
device will consume an Access License during an active session. This is the 
Access license. The part that really sucks is the way sessions are treated. 
Basically, if a session end is not identified, the license that is being used 
is not freed until after a period of 24 hours. In wireless environments, it is 
normal for devices to roam, turn off and on continuously, and thus establish 
multiple sessions. So, for every device that authenticates to your network, it 
will be very likely that you will see multiple active sessions, thus consuming 
more licenses than you would have planned for.

All of these new "features" were not part of the previous licensing scheme.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian Lyons
Sent: Monday, April 02, 2018 5:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore

Jason
That price *was* real, many years ago.
I got a pair of 5000 user licenses for ~15k, last year.
Word of caution, I have seen some vendors that say they sell Cisco and Aruba 
products "forget' discounting on Aruba.
Shop around, that is not necessarily accurate.
Having said that, quantity of users and features where not mentioned.  50k or 
more users and all the features enabled.I can not speak to that.
Hector
I have had clearpass, on and off, for 6 years...it has always been concurrent 
usersyes to a rolling average, but not an immediate cut off if you exceed 
once or twice.
Can you elaborate?
Get Outlook for Android<https://aka.ms/ghei36>


From: Trinklein, Jason R
Sent: Monday, April 2, 17:48
Subject: Re: [WIRELESS-LAN] ClearPass - not so clear anymore
To: 
wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>

We are considering clearpass for our guest network captive portal. We have a 
case of sticker shock, however...at a cost of nearly $50K, it seems expensive 
for a captive portal.

What alternative solutions are people using? We are very happy with FreeRADIUS 
for wireless auth, but we need a robust captive portal that allows OAuth/social 
media login or validated email/sms login. We tried packetfence, but in cluster 
mode, it wasn't reliable.

--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu<mailto:trinkle...@cofc.edu> | (843) 300-8009
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, April 2, 2018 at 5:23 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] ClearPass - not so clear anymore

I've got two complaints about this product. One, it seems like with every patch 
or upgrade, this solution is getting worse and worse. This is disappointing 
because when we bought this solution two years ago it was rock solid. Second, 
due to the new licensing scheme, we are now exceeding our licensing capacity. 
How convenient for Aruba, right? As some of you might know, the new licensing 
scheme is based on concurrency. When we purchased the solution the licensing 
scheme was based on rolling averages. Yes, the new licensing scheme is 
attempting to make things simpler, but at a higher cost. Ask your rep how much 
a 25K server costs and you'll see what I'm talking about.

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss=02%7C01%7C%7C416aa0adcd3740e218df08d598dffc6e%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636583010131355986=L2hgyGRxLEshPCcPVnAxQCrmoaMp%2FlC8Nq8V0B8IdaM%3D=0>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

ClearPass - not so clear anymore

[Hector J Rios]

I’ve got two complaints about this product. One, it seems like with every patch 
or upgrade, this solution is getting worse and worse. This is disappointing 
because when we bought this solution two years ago it was rock solid. Second, 
due to the new licensing scheme, we are now exceeding our licensing capacity. 
How convenient for Aruba, right? As some of you might know, the new licensing 
scheme is based on concurrency. When we purchased the solution the licensing 
scheme was based on rolling averages. Yes, the new licensing scheme is 
attempting to make things simpler, but at a higher cost. Ask your rep how much 
a 25K server costs and you’ll see what I’m talking about.

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Cisco feature CSCvb99468

[Hector J Rios]

It is. However, the bug I mention here is still not solved in 8.2.166. Plus, 
other than this, we have been pretty stable.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald
Sent: Friday, February 16, 2018 11:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco feature CSCvb99468

Hi Hector,

Isn't 8.2.161 deferred?

Best regards

Sent from my Windows 10 phone

From: Hector J Rios<mailto:hr...@lsu.edu>
Sent: 16 February 2018 15:04
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco feature CSCvb99468

Meet Cisco bug CSCvb99468. This is a "feature" on the Cisco WLCs that will 
crash your controllers when you click on Security->AAA->Disabled 
Clients->Dynamic Disabled. Yes, by just clicking on it.

We got hit by this precious bug yesterday. We have two 8540s in SSO. After the 
active crashed and started to recover, the standby hot crashed as well. Luckily 
users didn't notice it much. We are running 8.2.161.

You've been warned.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb99468/?referring_site=bugquickviewredir

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Cisco feature CSCvb99468

[Hector J Rios]

Meet Cisco bug CSCvb99468. This is a “feature” on the Cisco WLCs that will 
crash your controllers when you click on Security->AAA->Disabled 
Clients->Dynamic Disabled. Yes, by just clicking on it.

We got hit by this precious bug yesterday. We have two 8540s in SSO. After the 
active crashed and started to recover, the standby hot crashed as well. Luckily 
users didn’t notice it much. We are running 8.2.161.

You’ve been warned.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb99468/?referring_site=bugquickviewredir

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

WLC Fails to catalog google services in AVC profile

[Hector J Rios]

We got hit with this bug. Essentially, AVC would treat google services as bit 
torrent. We ended up having to remove the bit torrent application on our AVC 
profile. The link below mentions it affects 8.3, but we experienced this on 
8.2.161.0.  We also tried the suggested workaround and it did not work. We 
continue working with CiscoTAC. If you suspect you are having this issue, on 
your controller go to MONITOR -> Clients -> pick a client and select AVC 
statistics. By looking at the application stats and percentages you can get an 
idea as to how well your AVC profile is working. 

Never a boring day in our world, right? Good luck!

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf88246/?referring_site=bugquickviewredir

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Wireless Door Locks?

[Hector J Rios]

Like Joseph and Lee, LSU ResLife has been using the ASSA ABLOY door locks for 
quite a while. They support 802.1X and we’ve had no complaints.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joseph Bernard
Sent: Monday, November 06, 2017 7:52 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Door Locks?

We have a lot of ASSA ABLOY IN120 locks around that seem to work fine.  I will 
admit to being against the use of them as battery powered wifi devices to save 
not having to run data/power, but we've had no complaints.  I will still get on 
a soap box if you want to use wifi for video on a permanently installed TV 
though instead paying for a cable run.

Thanks,
Joseph B.

Sent from my iPhone

On Nov 6, 2017, at 8:32 AM, Gregory Fuller 
> wrote:
Haven't seen any recent discussion here about wireless door locks.  Our 
physical access team is looking to install some wireless door locks in an 
administrative building.  I can see it growing past this building pretty 
rapidly and want to make sure they aren't putting in something that is going to 
cause us headaches.

They are looking to install Aperio "HUB's" as they call them:

https://vo-general.s3.amazonaws.com/53aee5c6-9690-4c74-a82a-09f1d0f1ec68/d0vBYdO5QWWKURZqvp0w_AA%20Aperio%20Family%20Brochure.pdf?AWSAccessKeyId=AKIAJ3YBR5GY2XF7YLGQ=1582662909=inline%3B%20filename%3DAA%20Aperio%20Family%20Brochure.pdf=application%2Fpdf=920fJFxmRxXi9vkJ7zrIVHZao9o%3D


This appears to be using some variant of 802.15.4, which has the ability to run 
between our 802.11g/n 2.4Ghz channels, but will cause co-channel interference.  
I'm a bit concerned that there will be some impact to our 2.4Ghz clients (we 
have a ton of them out there still).

Anyone else out there have these or something similar and can speak for how 
they work and if there are any issues in your environment?

--greg


Gregory A. Fuller - CCNP R, CCNP Security, CCNA Wireless
Network Manager
State University of New York at Oswego
Phone: (315) 312-5750
http://www.oswego.edu/~gfuller
_
Campus Technology Services will never ask you to email us sensitive personal 
information such as​ a​ password. ​P​lease contact us if you are unsure if an 
email is genuine. (h...@oswego.edu)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Question regarding the support of WiFi Calling and texting

[Hector J Rios]

We do not have any policy. Unless I’m not understanding the question, these are 
capabilities of the endpoints and the carriers and regardless of WiFi coverage, 
the experience should be seamless.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vikki Cutrone
Sent: Tuesday, October 24, 2017 9:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Question regarding the support of WiFi Calling and 
texting

I am the Network Administrator at Vassar College and I was wondering what 
position  institutions were taking regarding support and troubleshooting of 
clients trying to use the wireless for wifi calling and wifi texting?  I am 
getting a large amount of requests for this service but with the multitude of  
cell phones, operating systems and cell providers it is impossible to keep up.  
Any input about your institution's policy or thoughts on a potential policy 
would be greatly appreciated.

Thank you in advance!

--
Vikki Cutrone
Network Administrator
Vassar College, Box 13
124 Raymond Ave
Poughkeepsie, NY 12604-0013

845-437-7231
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

[Hector J Rios]

The short answer is Yes.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Cunningham
Sent: Monday, October 16, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

If this is a flaw in the design of the WPA2 protocol isn't the fix going to 
need to be made on both sides of the communication link?  Access points will 
all need to be updated but also all client wifi drivers are going to need to be 
updated on all wifi enabled devices that support WPA2, right?

Mike Cunningham


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stephen Belcher
Sent: Monday, October 16, 2017 10:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2


>From Cisco:



https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa





/ Stephen Belcher

Assistant Director of Network Operations
WVU Information Technology Services

One Waterfront Place / PO Box 6500

Morgantown, WV  26506



(304) 293-8440 office
(681) 214-3389 mobile
steve.belc...@mail.wvu.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Richard Nedwich 
>
Sent: Monday, October 16, 2017 10:34:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Ruckus is providing a response today.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


This email may contain confidential information about a Pennsylvania College of 
Technology student. It is intended solely for the use of the recipient. This 
email may contain information that is considered an "educational record" 
subject to the protections of the Family Educational Rights and Privacy Act 
Regulations. The regulations may be found at 34 C.F.R. Part 99 for your 
reference. The recipient may only use or disclose the information in accordance 
with the requirements of the Federal Educational Rights and Privacy Act 
Regulations. If you have received this transmission in error, please notify the 
sender immediately and permanently delete the email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

[Hector J Rios]

For those of you running Cisco controllers, there is a feature called “RA 
Throttling” that can help with this.

Hector Rios
Louisiana State University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike King
Sent: Friday, October 06, 2017 7:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] IPv6 drains battery of mobile devices?

So I saw this on Reddit this morning. What do you guys think of this?


https://www.reddit.com/r/LifeProTips/comments/74jt7s/lpt_if_youre_in_student_halls_campus_or_hotel/
 ** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

FTE's for Wireless

[Hector J Rios]

Need your help. What is the number of network engineers you have dedicated to 
wireless? Please indicate the size of your network, the scope of your wireless 
team's responsibilities, whether you rely on other resources (like contractors 
or other internal groups) to complement your efforts, and the most important 
question, is this enough people or do you need more (if so, what would the 
ideal number be)?

Not sure if this has been done before, if so, please let me know. 

Here at LSU, we have 3600 APs, and two wireless engineers. The scope of their 
work includes plan reviews (designing WLANs for new construction), requests for 
additional coverage, site surveys, Tier 3 level of support, Controller/AP 
config/monitoring/maintenance, lifecycle replacements, testing/evals/research 
of new technologies. We rely on cable contractors to run cable and mount APs , 
NOC personnel to install some switches, APs, and troubleshooting, and student 
workers to configure APs and minor deployments. Two wireless engineers is not 
enough for us. We need at least one more. 

If you think there is value in this information and would prefer a better 
format let me know. 

Regards, 

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] AAA Override Bug?

[Hector J Rios]

That definitely sounds like it could be our problem. I’ll look into it. Thanks!

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mccormick, Kevin
Sent: Friday, September 15, 2017 10:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AAA Override Bug?

Are you hitting this bug?

80MR4:AAA override VLAN lost on inter-controller roaming

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb21254

Kevin 
McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url>
Network Administrator
University Technology - Western Illinois University
ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 
298-1335 | Morgan Hall 106b
Connect with uTech: Website<http://www.wiu.edu/utech> | 
Facebook<https://www.facebook.com/uTechWIU> | 
Twitter<https://twitter.com/WIU_uTech>
[Image removed by sender.]

On Fri, Sep 15, 2017 at 10:06 AM, Yahya M. Jaber 
<yahya.ja...@kaust.edu.sa<mailto:yahya.ja...@kaust.edu.sa>> wrote:
I used to have 8.0.140.0 and now 8.0.140.9 both were working fine with AAA 
override.
Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Sep 15, 2017 17:39, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:

This week we identified a bug in our wireless software that is affecting 
eduroam. The behavior we are seeing is the following: when an LSU user connects 
to eduroam we look up their AD group membership. If it is a student, the user 
is placed on network “Y”; if it is an employee (faculty/staff), the user is 
placed on network “Z”. We have noticed employees being incorrectly placed on 
the student network (which is the default WLAN interface). We haven’t yet 
identified why this is happening but we are working with our Cisco. We do have 
AAA override enabled. We have WiSM2s running 8.0.140.0 code. We have confirmed 
that our RADIUS server is sending the correct VLAN id attribute. Anybody 
noticed the same behavior?



Hector Rios

Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

AAA Override Bug?

[Hector J Rios]

This week we identified a bug in our wireless software that is affecting 
eduroam. The behavior we are seeing is the following: when an LSU user connects 
to eduroam we look up their AD group membership. If it is a student, the user 
is placed on network “Y”; if it is an employee (faculty/staff), the user is 
placed on network “Z”. We have noticed employees being incorrectly placed on 
the student network (which is the default WLAN interface). We haven’t yet 
identified why this is happening but we are working with our Cisco. We do have 
AAA override enabled. We have WiSM2s running 8.0.140.0 code. We have confirmed 
that our RADIUS server is sending the correct VLAN id attribute. Anybody 
noticed the same behavior?

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

[Hector J Rios]

I can confirm Manon’s statement. In a call with Cisco TAC yesterday, they 
confirmed that the issues we experienced on the first week of classes (massive 
AP flaps) were related to bug CSCva66176. Cisco was able to recreate this in 
the lab. In our case, we had our HA hot-standbys defined in our mobility group 
members, but because they are in hot-standby mode, their status is “Control and 
Data Path Down”. The resolution is to use the Mobility MAC address instead.

Please double check with your Cisco local team, but we are pretty sure this 
caused our problems. It is supposed to be fixed in 8.3. We asked Cisco for a 
patch for 8.2. Not sure if this will happen.

I know everyone has different experiences, but after the Cisco TAC fiasco we 
had, the Cisco BU and our local team were very responsive and diligent in 
addressing this particular issue for us.

Regards,

Hector Rios
Louisiana State University



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling
Sent: Monday, September 11, 2017 7:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

Thanks for all the replies everyone. Well I'm not used to looking at AP logs, 
but I just logged into one AP on the list and on the day it happened all I see 
are some of these:

%DOT11-4-CCMP_REPLAY  AES-CCMP TSC replays

and two of these for a client:

%DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth

I'm not used to looking at AP logs, but I would think if the AP thought it 
disassociated it would say so. Another one on the list shows nothing 
corresponding to the time (if I've translated the time properly) but the radio 
interface was reset during the day.

*Sep  8 00:45:20.799: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to 
down
*Sep  8 00:45:20.803: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to 
reset
*Sep  8 00:45:21.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
Dot11Radio1, changed state to down
*Sep  8 00:45:21.831: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5500 MHz 
for 60 seconds.
*Sep  8 00:45:21.835: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Sep  8 00:45:22.835: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
Dot11Radio1, changed state to up
*Sep  8 00:45:35.347: %CLEANAIR-6-STATE: Slot 1 down
*Sep  8 00:45:52.167: %CLEANAIR-6-STATE: Slot 1 enabled
*Sep  8 00:46:21.947: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on 
frequency 5500 MHz
*Sep  8 01:28:39.379: %DOT11-4-CCMP_REPLAY: Client [redacted] had 1 AES-CCMP 
TSC replays
*Sep  8 02:03:10.883: %DOT11-4-CCMP_REPLAY: Client [redacted] had 1 AES-CCMP 
TSC replays
*Sep  8 21:44:55.403: %DOT11-4-CCMP_REPLAY: Client [redacted] had 46 AES-CCMP 
TSC replays

Not sure what to make of the logs.

On Mon, Sep 11, 2017 at 2:04 PM, Jeffrey D. Sessler 
> wrote:
Did you go back and correlate the event? For example, SSH into a few of the 
WAP’s and look at their logs to see what they thought happened. Did the CAPWAP 
uptime actually change on their WAPs qne/or the hours they report being 
connected. The WAP logs tend to be very informative.

If you use DHCP to hand out IPs for the WAPs, did you have a look at your DHCP 
logs? Many years ago, I saw something similar and it turned out to be the DHCP 
server – a mass of WAPs went to renew at the same time, DHCP server couldn’t 
take the load, and failing the renewal, a mass of WAPs disassociated/associated.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of "mark.dul...@biola.edu" 
>
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Monday, September 11, 2017 at 11:48 AM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: [WIRELESS-LAN] spurious cpi report of mass AP disassociation

We're using Cisco 8540 on code 8.2.151.0. Last week CPI reported a great number 
of simultaneous AP disassociations and then reassociation. CPI shows all the 
events had the exact same timestamp right down to the hundredth second. It was 
just a single event.

But I can find no event preceding it that would cause such a thing. No 
preceding controller errors that I can see. At least a hundred APs were on the 
list. The APs weren't the same type or in the same buildings. I can find no 
common thing at all about it.

No one called in to report any issues. I would think if they really did drop 
those on an affected AP would have noticed. Only one AP in the building 

RE: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

[Hector J Rios]

BTW, 8.2.161.0 just came out.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, August 30, 2017 2:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

Great information. Thanks, Hector. Now I have some homework too.

-Original Message-
From: Hector J Rios [hr...@lsu.edu]
Received: Wednesday, 30 Aug 2017, 15:41
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?
Thank you for the good thoughts on the storm. Luckily we are fine.

So far we’ve been told that the issue we experienced was a combination of two 
things: 1) the 8540’s memory queues and buffers reached their maximum capacity. 
This affected both 802.1X and CAPWAP. Thus the AP flapping. 2) RADIUS and EAP 
timers must be EXTRA optimized. I say EXTRA, because we’ve always followed best 
practices and recommendations from TAC.

This is a good document to read: 
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html

Finally, what is most interesting is the fact that even though the 8540 is 
advertised to support 6000 APs and 64000 clients, these numbers do not seem to 
be valid if your environment is mainly 802.1X. So, if your environment is 
mainly 802.1X, and you have an 8540, I would recommend you talk to your Cisco 
SE so they can tell you what the official supported number of APs is. I’ve yet 
to find any official documentation that even hints to this. Miercom performed a 
comparative test in 2015 between Aruba and Cisco, and in the report they did 
test client authentication rate, but only for the Cisco 5520.

https://www.cisco.com/c/dam/en/us/products/collateral/wireless/8540-wireless-controller/miercom-report-wlcs-cisco-aruba.pdf

TAC’s recommendation is for us to use 8.2.160 on the 8540s. We will make all 
necessary config changes and start moving APs in waves of 500 slowly so we can 
watch utilization. Our plan also includes not to exceed the AP capacity of the 
8540s by 50%-60%. If this works, we will have to get an additional pair of 
8540s. I’ll let you know if we are successful.

BTW, we require to have AVC turned on. TAC is very concerned about this. We’ll 
also be watching this.

-Hector

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, August 30, 2017 6:43 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?


Hi Hector,



I hope the storm is not causing havoc for you down there- good thoughts to you 
on that.



Did you get anywhere with Cisco on your 8540/8.2.160 problems? I'm being told 
we may need to go that same combination and it doesn't inspire confidence.



Evidently my 8.2.151 (you know... one of those STABLE code versions) may be a 
time bomb that caused a spontaneous 8540 reboot. The comment was made that our 
3300 APs on a platform that supposedly supports 6000 somehow equals a dense 
deployment and that we likely are hitting:

___
Regarding the logs, I was able to check the logs, and yes It seems your 
deployment is a high-density deployment with over 3000 APs.

Based on your deployment and the logs I was able to identify this

It seems the WLC is having load process utilization  on the task SpamReceive 
Task and HAConfigSyncTask.

spamApTask15992   ( 53/ 78)0 (  0/  0)%  30   22
 spamApTask05991   ( 72/ 70)0 (  0/  0)%  305
 spamReceiveTask5990   ( 52/ 78)0 (  0/  0)%  990
 spamSocketTask 5989   (175/ 32)0 (  0/  0)%   0   13
 HAPeerToPeerCommTa 5988   ( 90/ 64)0 (  0/  0)%   07
 rmgrPing   5987   ( 80/ 67)0 (  0/  0)%   0   13

HAConfigSyncTask   6204   (240/  7)0 (  0/  0)%  993
​
Based on the symptoms, the WLC version and your WLC density. You may be hitting 
bug.

CSCvd20251 - Data Plane stopped working on Cisco 5508 WLC running 
8.0.140.0<https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd20251/?reffering_site=dumpcr>
 ___
I hope to have confirmation today. I can't imagine what Cisco could have done 
between .151 and .6 to make this sort of thing better, and I am really 
interested in whether they isolated your own .160 problems. There is no way in 
hell I'm moving to that version without seeing case notes on every single issue 
people are having in this continual cycle of trading one set of bugs for 
another.

This game just isn't fun anymore.

Thanks-




Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   

RE: Move In/Opening Week- Any Problems?

[Hector J Rios]

Thank you for the good thoughts on the storm. Luckily we are fine.

So far we’ve been told that the issue we experienced was a combination of two 
things: 1) the 8540’s memory queues and buffers reached their maximum capacity. 
This affected both 802.1X and CAPWAP. Thus the AP flapping. 2) RADIUS and EAP 
timers must be EXTRA optimized. I say EXTRA, because we’ve always followed best 
practices and recommendations from TAC.

This is a good document to read: 
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/118703-technote-wlc-00.html

Finally, what is most interesting is the fact that even though the 8540 is 
advertised to support 6000 APs and 64000 clients, these numbers do not seem to 
be valid if your environment is mainly 802.1X. So, if your environment is 
mainly 802.1X, and you have an 8540, I would recommend you talk to your Cisco 
SE so they can tell you what the official supported number of APs is. I’ve yet 
to find any official documentation that even hints to this. Miercom performed a 
comparative test in 2015 between Aruba and Cisco, and in the report they did 
test client authentication rate, but only for the Cisco 5520.

https://www.cisco.com/c/dam/en/us/products/collateral/wireless/8540-wireless-controller/miercom-report-wlcs-cisco-aruba.pdf

TAC’s recommendation is for us to use 8.2.160 on the 8540s. We will make all 
necessary config changes and start moving APs in waves of 500 slowly so we can 
watch utilization. Our plan also includes not to exceed the AP capacity of the 
8540s by 50%-60%. If this works, we will have to get an additional pair of 
8540s. I’ll let you know if we are successful.

BTW, we require to have AVC turned on. TAC is very concerned about this. We’ll 
also be watching this.

-Hector

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, August 30, 2017 6:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?


Hi Hector,



I hope the storm is not causing havoc for you down there- good thoughts to you 
on that.



Did you get anywhere with Cisco on your 8540/8.2.160 problems? I'm being told 
we may need to go that same combination and it doesn't inspire confidence.



Evidently my 8.2.151 (you know... one of those STABLE code versions) may be a 
time bomb that caused a spontaneous 8540 reboot. The comment was made that our 
3300 APs on a platform that supposedly supports 6000 somehow equals a dense 
deployment and that we likely are hitting:

___
Regarding the logs, I was able to check the logs, and yes It seems your 
deployment is a high-density deployment with over 3000 APs.

Based on your deployment and the logs I was able to identify this

It seems the WLC is having load process utilization  on the task SpamReceive 
Task and HAConfigSyncTask.

spamApTask15992   ( 53/ 78)0 (  0/  0)%  30   22
 spamApTask05991   ( 72/ 70)0 (  0/  0)%  305
 spamReceiveTask5990   ( 52/ 78)0 (  0/  0)%  990
 spamSocketTask 5989   (175/ 32)0 (  0/  0)%   0   13
 HAPeerToPeerCommTa 5988   ( 90/ 64)0 (  0/  0)%   07
 rmgrPing   5987   ( 80/ 67)0 (  0/  0)%   0   13

HAConfigSyncTask   6204   (240/  7)0 (  0/  0)%  993
​
Based on the symptoms, the WLC version and your WLC density. You may be hitting 
bug.

CSCvd20251 - Data Plane stopped working on Cisco 5508 WLC running 
8.0.140.0<https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd20251/?reffering_site=dumpcr>
 ___
I hope to have confirmation today. I can't imagine what Cisco could have done 
between .151 and .6 to make this sort of thing better, and I am really 
interested in whether they isolated your own .160 problems. There is no way in 
hell I'm moving to that version without seeing case notes on every single issue 
people are having in this continual cycle of trading one set of bugs for 
another.

This game just isn't fun anymore.

Thanks-




Lee Badman | Network Architect | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>>
Sent: Friday, August 25, 2017 3:11 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

Here’s ours:

2 8540s in HA mode (bought with the idea of replacing all WiSM2s)
4 pairs of WiSM2s in HA mode
3 server ClearPass cluster for both eduroam and guest
Main 

RE: Move In/Opening Week- Any Problems?

[Hector J Rios]

Here's ours:

2 8540s in HA mode (bought with the idea of replacing all WiSM2s)
4 pairs of WiSM2s in HA mode
3 server ClearPass cluster for both eduroam and guest
Main SSID: eduroam with PEAP/MSCHAP
Mix of WAPs; 3500, 3600, 3700, 2800, 1810w
Total number of WAPs: 3500
21000 peak users

We tested the 8540s extensively over the spring and summer, primarily with the 
8.2.151 code and a mix of 2800s and 1810ws. We had AVC turned on, and were 
using RLANs for the wired ports. The largest number of WAPs we had on this pair 
was 469. We tested code 8.2.160 towards the end of the summer with all WAPs on 
the 8540s, and had no issues. First the day of classes, we had all WiSM2s 
running 8.2.160 simply as a backup. Early morning we started getting reports of 
802.1X authentication failures (these failures had nothing to do with 
ClearPass). Shortly after that, WAPs starting flapping (disconnecting from the 
8540s moving to WiSM2s and then moving back again). We tried playing with the 
TCP MSS setting, adjusting EAP timers, turning AVC off and multiple other 
things, but nothing worked. In the end, we downgraded the WiSM2s to 8.0.140 and 
moved all WAPs that were not 2800 or 1810s. The 8540s were downgraded to 
8.2.151 so the 2800s and 1810s would have a controller to connect to. Network 
stability was restored after this.

Needless to say it was a very unpleasant experience. We are still working with 
Cisco to find out the root cause of the problem.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, August 25, 2017 8:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

It might be beneficial to share notes in case other schools are hitting common 
problems. I'm wondering how everyone who is in the thick of it is faring with 
back-to-school?

On this end, we are doing OK halfway to our expected total daily peak clients 
(we're at 15K now high water mark).

Our significant WLAN-related changes since end of Spring semester
* Running 8.2.151 on our 8540s
* Significant quantities of Wave 2 APs
* ISE as RADIUS (only, no NAC, no onboarding)

No changes to:
* our guest WLAN (Clearpass/an Aruba controller pair)
* onboarding (Cloudpath Wiz)
* overall topology
* open network in dorms for gadgets
* non-use of AVC, it crapped out and never got solved after hundreds of 
hours with TAC

Fears:
* We haven't yet hit the scale that will reveal problems with any of 
the newer stuff listed above

Anyone else care to share?

-Lee


Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Wayfinding, anyone?

[Hector J Rios]

Wanted to know if anyone has an app on your campus that allows your users to 
find their way around the university, both indoors and outdoors. I’ve heard 
concerns about providing indoor maps as this could be used for malicious acts 
(even terrorist acts). I wonder if there is information that can back these 
concerns. I know every building, at least in our campus, has to have an 
evacuation plan, and this plan includes a map that is posted for everyone to 
see.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Disney's Free Wi-Fi

[Hector J Rios]

I did a speed test while at one the restaurants in Magic Kingdom and got 35M 
down and 51M up. That's pretty good.  

Hector Rios
Louisiana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Friday, March 03, 2017 3:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi

But density and usage patterns are much different. Someone is a Disney park is 
much less likely to be streaming Netflix in HD compared to someone on a college 
campus, for example. Additionally they are covering lots of open spaces without 
as many pesky walls to block signals. I suspect their average bandwidth usage 
per guest is much lower than the average bandwidth usage per student.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue 
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Friday, March 3, 2017 2:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disney's Free Wi-Fi


> On Mar 3, 2017, at 13:22, Bob Brown  wrote:
>
> According to a wireless engineer at Disney, the WLAN infrastructure in 
> Orlando consists of about 3,500 Cisco and Aruba APs across resorts, 4 theme 
> parks etc.

That seems like a low number to me, considering the AP counts I’ve seen us 
throw around here on the list for our campuses.

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site:  PGP Public Key: 



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Disney's Free Wi-Fi

[Hector J Rios]

I just came back from a trip to Disney World and I was blown away about the 
availability of their Wi-Fi network. It covers all the Disney Hotels, parks (I 
believe with the exception of the water parks) and the Disney Springs district. 
From the MAC address of a couple of WAPs, it appears they use Aruba. The 
coverage is impressive, and the connectivity is good; although reliability is 
decent, but I can forgive them knowing what a humongous task it takes to deploy 
such a massive network.

Does anybody know any more details about how this network was deployed? I 
looked and looked for places where I could see WAPs but didn't see a thing. 
However they did it, it is impressive.

Oh BTW, I did enjoy the park too. :)

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Cisco 1810W subtleties

[Hector J Rios]

If you are planning to buy the Cisco 1810W and you are planning to use the 
built-in switchports, I highly advise you to look at the deployment guide and 
learn about the subtleties of enabling local switching. Don’t expect for this 
AP to work just like the Cisco 702W. Cisco managed to make its configuration a 
little more “fun”.

Basically, in order to enable local switching, you have to configure the AP for 
FlexConnect. ND you also have to configure a WLAN and AP groups to make 
sure your switchports map to the right VLANs. Yeah, it’s like that. Have fun.

Bug ID: CSCva56348
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva56348/?reffering_site=dumpcr

Deployment Guide
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-3/b_AIR_AP_1810_Wall_Plate_Deployment_Guides.html


(It’s not as bad as I make it sound; it is just frustrating that there is no 
consistency)

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Nyansa

[Hector J Rios]

Me too!

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gruenhagen, Tim
Sent: Saturday, February 11, 2017 7:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

Definitely interested.  We just finished a trial and are considering purchase.
Thanks!
Tim

On Feb 10, 2017 3:08 PM, "Barrantes, Rita" 
> wrote:
We would like to join as well if possible.



Rita Barrantes, PhD, PMP
Director, IT Services | UIT
Faculty | College of Technology
University of Houston
rbarran...@uh.edu
832-842-4702



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] 
On Behalf Of McClintic, Thomas 
[thomas.mcclin...@uth.tmc.edu]
Sent: Friday, February 10, 2017 2:06 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa

I too am running a trial here. Would also like to hear the experience Lee is 
requesting if possible.

Thanks!

 Original Message 

Subject: Re: [WIRELESS-LAN] Nyansa

From: "Sullivan, Don" >

Date: Feb 10, 2017, 2:03 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Lee,

I would be happy to have a chat with you about it. Probably better off list for 
me.

Don Sullivan
Network Administrator
205-726-2111
dsulli...@samford.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 1:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Nyansa

Looking to talk with other schools that have objectively evaluated Nyansa with 
an installed appliance. Curious how what criteria you used to decide whether it 
was bringing you value, and if you bit on it, did it continue to bring value 
after the purchase.

I have it in test and am aware of the feature set and what it promises to do, 
but am looking for testimonials on what it has really exposed that you could 
take action on, how it fits with other tools that you have, and whether you 
have found it to be worth the cost.

On or off list is fine.

Thanks!

Lee Badman

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e 
lhbad...@syr.edu w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Periodic Wifi Performance Feedback

[Hector J Rios]

Yes. We poll them every year. And no, we do not do anything to entice 
responses. Unfortunately what ends up happening is that the angry users are the 
ones that tend to respond. But still, feedback is feedback, and we are able to 
see some common themes that allow us to take action.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Victoria Poncini
Sent: Monday, December 05, 2016 2:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hi Hector,
Could I also get a copy of your student survey? Also, how often do you poll the 
students with surveys about the Wi-Fi service? Do you do anything special to 
entice student responses to your surveys?

Thanks,

Victoria Poncini
UW-IT/ MOB
4545 15th Ave NE
Seattle, WA 98105
vponc...@uw.edu<mailto:vponc...@uw.edu>
Wk Phone: 206 685-8456

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Monday, December 5, 2016 12:48 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Sure thing.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Monday, December 05, 2016 2:29 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hector can I get a copy of the survey you used?

Sent from my iPhone

On Dec 5, 2016, at 9:20 AM, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:
We use surveys. We partner with Student Government and they send out the 
surveys only to students (our biggest wifi user).  The questions range from 
feedback on experience, to areas that need improvement or coverage. The results 
are extremely useful as they provide us with guidance on where we need to focus 
our efforts. They are also great justification to go out and ask for money to 
our Tech Fee Committee. That's how I've been able to fund my projects.

Regards,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Friday, December 02, 2016 3:48 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hi ,

I wanted to brainstorm on options through which we can have  periodic feedbacks 
from the students about their Wi-Fi experience all over the campus. Is anyone 
using surveys, or contacting student bodies like the student council etc.? I  
just wanted to have tangible numbers based on which we can judge the Wi-fi 
performance  that the students experience.

Thanks
Donald


___
Donald Ambrose - Network Administrator
Canadian Memorial Chiropractic College
6100 Leslie Street, Toronto, ON M2H 3J1
Phone: 416.482.2340 ext. 209
dambr...@cmcc.ca<mailto:dambr...@cmcc.ca>  
www.cmcc.ca<http://www.cmcc.ca>



This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender's prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender's prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constit

RE: [WIRELESS-LAN] Periodic Wifi Performance Feedback

[Hector J Rios]

We are currently evaluating Nyansa and so far we’ve been pretty impressed. I’ll 
post details later when we have more knowledge of their solution.

Hector Rios
Louisiana State University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Monday, December 05, 2016 1:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Lee beat me to the punch. We are using Voyance by Nyansa to look at client 
performance and overall wireless performance. We have done surveys in the past 
and, like everybody else, you find that any network issue is essentially a 
wireless issue so you do not get any specifics in my mind to make any 
significant difference. Voyance is a big help, in use with my other tools, in 
narrowing down problem locations and giving me a better idea of the overall 
client performance. Plus it helps to know how we stack up against similar 
institutions.

Don Sullivan
Network Administrator
205-726-2111

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, December 05, 2016 12:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

I’m surprised no one has mentioned Nyansa, knowing that there are a fair number 
of testbeds for it out there in higher ed. Also, there is value in monitoring 
Yik Yak and having an organizational twitter account, though both take upkeep 
and an open mind but you will tap into at least the complaints that aren’t 
making it to the help desk.



Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Monday, December 05, 2016 11:02 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Your best source of information is the management platform that is monitoring 
your wireless. For example, if you are a Cisco customer, you have an endless 
amount of data in which to judge performance and coverage along with a lot of 
other items such as average connection rates, avg RSSI/SNR, % of clients at 
what rates.

Surveys can be effective if they are well done. If you have an office of 
institutional research, it’s best to work with them on the questions, ensuring 
that you get relevant and useful data back e.g. Have the student pick the 
residence hall they are in, then ask specific questions about their experience, 
then classrooms, public places, etc. Offering incentives can help too in that 
you get people how are both happy and unhappy. To be useful over time, the 
questions shouldn’t change year-to-year.

Besides a survey, your students are likely participating in various 
college-related social-media groups. I have my student interns monitor these 
groups and report back chatter related to wireless.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of Donald Ambrose >
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Friday, December 2, 2016 at 1:48 PM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hi ,

I wanted to brainstorm on options through which we can have  periodic feedbacks 
from the students about their Wi-Fi experience all over the campus. Is anyone 
using surveys, or contacting student bodies like the student council etc.? I  
just wanted to have tangible numbers based on which we can judge the Wi-fi 
performance  that the students experience.

Thanks
Donald


___
Donald Ambrose – Network Administrator
Canadian Memorial Chiropractic College
6100 Leslie Street, Toronto, ON M2H 3J1
Phone: 416.482.2340 ext. 209
dambr...@cmcc.ca  
www.cmcc.ca



This 

RE: [WIRELESS-LAN] Periodic Wifi Performance Feedback

[Hector J Rios]

Sure thing.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Monday, December 05, 2016 2:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hector can I get a copy of the survey you used?

Sent from my iPhone

On Dec 5, 2016, at 9:20 AM, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:
We use surveys. We partner with Student Government and they send out the 
surveys only to students (our biggest wifi user).  The questions range from 
feedback on experience, to areas that need improvement or coverage. The results 
are extremely useful as they provide us with guidance on where we need to focus 
our efforts. They are also great justification to go out and ask for money to 
our Tech Fee Committee. That's how I've been able to fund my projects.

Regards,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Donald Ambrose
Sent: Friday, December 02, 2016 3:48 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Periodic Wifi Performance Feedback

Hi ,

I wanted to brainstorm on options through which we can have  periodic feedbacks 
from the students about their Wi-Fi experience all over the campus. Is anyone 
using surveys, or contacting student bodies like the student council etc.? I  
just wanted to have tangible numbers based on which we can judge the Wi-fi 
performance  that the students experience.

Thanks
Donald


___
Donald Ambrose - Network Administrator
Canadian Memorial Chiropractic College
6100 Leslie Street, Toronto, ON M2H 3J1
Phone: 416.482.2340 ext. 209
dambr...@cmcc.ca<mailto:dambr...@cmcc.ca>  
www.cmcc.ca<http://www.cmcc.ca>



This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender's prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
This communication together with any attachments is for the exclusive and 
confidential use of the addressee(s). Any other distribution, use or 
reproduction without the sender's prior consent is unauthorized and strictly 
prohibited. If you have received this message in error, please notify the 
sender immediately and delete or shred the message without making any copies.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiFi simple (but useful) tools

[Hector J Rios]

The first thing I do when I notice WiFi issues on my Windows laptop is to bring 
up the WiFi Status window on my wireless adapter. This tells me the signal 
quality, the speed, and the SSID I'm connected to. If I select details (Network 
Connection Details) I then get more info like IP address and my MAC address. 

But sometimes we need to know more, right? For that I use the netsh commands. 
If I open up my command prompt and type "netsh WLAN show interfaces", I now 
have more pieces of information to work with. Of special importance is the 
BSSID. This is the MAC address of the WAP I'm connected to. I also get Radio 
Type, which indicates which 802.11 protocol my adapter is using for the current 
connection. 

If you like this command and want to take it an extra step, you can write the 
following script into your favorite text editor:

:loop
netsh WLAN show interfaces
timeout /t 5
goto loop

Save this file as a .bat. When you run it, a command prompt will pop up and the 
command will run and refresh every 5 seconds. Now you have a pretty cool and 
useful tool to monitor your WLAN adapter. 

Regards, 

Hector

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Question about Cisco 1810w APs in residential buildings

[Hector J Rios]

One of my biggest concerns has always been the height at which these WAPs get 
installed (as you mentioned, 1.5ft). In most of our residential buildings, the 
data ports happen to be right behind desks that are provided by ResLife and the 
desks have covers in the back that essentially would bump against the WAP. Not 
to mention the fact that as furniture gets moved around, there is always the 
potential of knocking down the WAP. I wonder how has already deployed them in a 
similar fashion and what the experience has been?

If you end up using them, I'd be curious to see how things work out.

Best,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Devyn Moore
Sent: Tuesday, October 25, 2016 9:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Question about Cisco 1810w APs in residential buildings

All,

Our housing department wants us to look at these for wide-scale deployment in 
11 residence halls within the next 2-3 years due to cost reduction in cable 
installation with our previous designs. This will be a one AP per room 
deployment utilizing current wiring infrastructure, where Aps were previously 
in the hallways (2600, 3500). We're planning to configure the cells to a lower 
transmit power as well as assigning channels based on zero occupancy with 20MHz 
channels. Our ability to get into these buildings in order to resolve rogue 
issues is severely limited already because we are required to have a 
Residential Technician (from the housing department) with us when visiting 
student rooms. That's only going to get worse when we lose visibility that we 
currently have with our current deployments in the halls. We're also not 
planning to enable the ethernet ports because those aren't in scope for the 
Proof of Concept due to crashed timelines provided by the department.

We're currently running 8.0.133.0 and have been incredibly stable (no AVC, no 
IPv6, 802.1x for primary SSID, web auth guest). We don't use ISE, but use 
FreeRADIUS for wireless auth. We're running two pairs of Hot/Standby 8510s with 
a mixture of 2600, 2700, 3500, 3600 and 3700 series APs, but would like to 
start integrating 2800 and 3800 series APs - separate from the housing request. 
I am targeting 8.2.121.7 for our upgrade in order to get around some bugs that 
I've seen mentioned here as we also start testing 2800/3800 in our environment.

Has anyone had any issues with 1810w in dense cell deployments like residential 
hall buildings? Issues with damaged devices due to installation locations on 
wall approximately 1.5ft (45cm) from the floor? Have there been any issues with 
SSO HA with 8.2.121.7? Anything else you'd like to share about the 1810ws?

Thanks in advance for the feedback.
--
Devyn Moore
Network Enterprise Systems Team Leader
Campus Wireless Network Engineer
Information Technology Services
http://directory.uark.edu/people/devyn

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Utility Poles

[Hector J Rios]

Thank you Chuck!

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Friday, September 16, 2016 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Utility Poles

FWIW, I think you make a good point.  In practice, though, I’m not sure how 
effective it would be.  Upgrades of campus lighting systems that include 
pathway changes are few and far between.  If it takes 20 or 30 years to build 
out this network-friendly infrastructure, you run the risk that by the time 
it’s mature enough to use it may no longer be needed.  It’s not the kind of 
plan I would implement on a knee-jerk basis.  It definitely requires thoughtful 
design and a cost/benefit/risk analysis. I’m guessing outcomes will vary widely 
by institution, and maybe even by campus for a multi-campus institution.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Friday, September 16, 2016 4:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Utility Poles

But that is the point I’m trying to make. Because of all the challenges that 
you have all mentioned, wouldn’t it be worth to have both a strategic plan and 
a collaboration with whoever is in charge of bringing up NEW poles, and address 
all of these concerns and issues so that you end up with a pole that is 
aesthetically pleasing and at the same time functional.

I understand the issues that need to be addressed with existing poles. My idea 
was more focused toward new construction. Our campus is constantly evolving and 
changing, and I believe we’ve had some missed opportunities.

Regards,

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric LaCroix
Sent: Friday, September 16, 2016 3:24 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Utility Poles


Even for lights not centrally switched (perhaps always-on, locally 
photocell-controlled) there’s also the issue of what kind of power is available 
at the poles. Our outdoor lights are 277 volt LED. At the very least, if you’re 
able to find a product to give you the power you need from that voltage, it’s 
probably going to be prohibitively expensive, and certainly not pretty on the 
pole. Your elegant lamp posts from the gaslight era will end up looking like 
those “tree” cell towers. Haha!



Happy Friday.



Eric LaCroix, Director of Technology, New Hampton School

70 Main Street • New Hampton, NH 03256





On 9/16/16, 3:53 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Watters, John" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
john.watt...@ua.edu<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%20on%20behalf%20of%20john.watt...@ua.edu>>
 wrote:



The main problem we have with doing this is getting a second power feed int=

o the poles. All of our utilities are underground. And, all light poles are=

 decorative black things without any visible wires (it all comes in undergr=

ound). To make it worse, all lights are on a central switch which means tha=

t there is no power to the poles until the lights come on. Thus, the reason=

 for a separate power feed so wireless could run independently of the light=

s. Also, light power typically loops into a pole and then back out to the n=

ext pole in the run, thus filling up the access holes with twice as many wi=

res as would be desired (by us anyway), and leaving little room to get anot=

her power wire in (and also maybe back out) plus a small fiber cable.=20



Underground utilities look good but can cause problems with needing additio=

nal wiring added for nice stuff such as you mentioned.







John Watters

Network Engineer, Office of Information Technology

The University of Alabama

A115 Gordon Palmer Hall

Box 870346=20

Tuscaloosa, AL 35487=20

Phone 205-348-3992

john.watt...@ua.edu=20<mailto:john.watt...@ua.edu=20>





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIREL=

ess-...@listserv.educause.edu<mailto:ess-...@listserv.educause.edu>] On 
Behalf Of Hector J Rios

Sent: Friday, September 16, 2016 2:45 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

Subject: [WIRELESS-LAN] Utility Poles



Has anyone on the list floated around the idea of establishing a standard t=

o provide fiber and adequate power to light poles in your campus? How cool =

would it be to have these resources available so they could be used not onl=

y to serve WiFi, but a 

RE: Utility Poles

[Hector J Rios]

But that is the point I’m trying to make. Because of all the challenges that 
you have all mentioned, wouldn’t it be worth to have both a strategic plan and 
a collaboration with whoever is in charge of bringing up NEW poles, and address 
all of these concerns and issues so that you end up with a pole that is 
aesthetically pleasing and at the same time functional.

I understand the issues that need to be addressed with existing poles. My idea 
was more focused toward new construction. Our campus is constantly evolving and 
changing, and I believe we’ve had some missed opportunities.

Regards,

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric LaCroix
Sent: Friday, September 16, 2016 3:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Utility Poles


Even for lights not centrally switched (perhaps always-on, locally 
photocell-controlled) there’s also the issue of what kind of power is available 
at the poles. Our outdoor lights are 277 volt LED. At the very least, if you’re 
able to find a product to give you the power you need from that voltage, it’s 
probably going to be prohibitively expensive, and certainly not pretty on the 
pole. Your elegant lamp posts from the gaslight era will end up looking like 
those “tree” cell towers. Haha!



Happy Friday.



Eric LaCroix, Director of Technology, New Hampton School

70 Main Street • New Hampton, NH 03256





On 9/16/16, 3:53 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Watters, John" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
john.watt...@ua.edu<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%20on%20behalf%20of%20john.watt...@ua.edu>>
 wrote:



The main problem we have with doing this is getting a second power feed int=

o the poles. All of our utilities are underground. And, all light poles are=

 decorative black things without any visible wires (it all comes in undergr=

ound). To make it worse, all lights are on a central switch which means tha=

t there is no power to the poles until the lights come on. Thus, the reason=

 for a separate power feed so wireless could run independently of the light=

s. Also, light power typically loops into a pole and then back out to the n=

ext pole in the run, thus filling up the access holes with twice as many wi=

res as would be desired (by us anyway), and leaving little room to get anot=

her power wire in (and also maybe back out) plus a small fiber cable.=20



Underground utilities look good but can cause problems with needing additio=

nal wiring added for nice stuff such as you mentioned.







John Watters

Network Engineer, Office of Information Technology

The University of Alabama

A115 Gordon Palmer Hall

Box 870346=20

Tuscaloosa, AL 35487=20

Phone 205-348-3992

john.watt...@ua.edu=20<mailto:john.watt...@ua.edu=20>





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIREL=

ess-...@listserv.educause.edu<mailto:ess-...@listserv.educause.edu>] On 
Behalf Of Hector J Rios

Sent: Friday, September 16, 2016 2:45 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

Subject: [WIRELESS-LAN] Utility Poles



Has anyone on the list floated around the idea of establishing a standard t=

o provide fiber and adequate power to light poles in your campus? How cool =

would it be to have these resources available so they could be used not onl=

y to serve WiFi, but a myriad of other things like security cameras, public=

 safety, digital signage,  and the ton of promises that the IoT is promisin=

g. I'm wondering if this is a cost effective thing to do? As a strategic pl=

an, it seems to also make sense. I know all campuses are different. We are =

just lucky that we own our poles, so we have no issues with obtaining permi=

ssion. Thoughts?



Hector Rios

Louisiana State University



**

Participation and subscription information for this EDUCAUSE Constituent Gr=

oup discussion list can be found at http://www.educause.edu/groups/.



**

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Utility Poles

[Hector J Rios]

Has anyone on the list floated around the idea of establishing a standard to 
provide fiber and adequate power to light poles in your campus? How cool would 
it be to have these resources available so they could be used not only to serve 
WiFi, but a myriad of other things like security cameras, public safety, 
digital signage,  and the ton of promises that the IoT is promising. I'm 
wondering if this is a cost effective thing to do? As a strategic plan, it 
seems to also make sense. I know all campuses are different. We are just lucky 
that we own our poles, so we have no issues with obtaining permission. Thoughts?

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Water Sensor by DLINK

[Hector J Rios]

Just finished playing with a D-Link water sensor (DCH-S160).  One of our staff 
wanted to use it for a basement. Of course, no 802.1X support, but what was 
most disappointing was the fact that it won’t connect to a hidden SSID. That’s 
our PSK SSID. So, no luck at all with this device.

We are making improvements to allow our users to self-provision these types of 
devices, but this is an indication that the road ahead will not get any easier.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco Autonomous APs

[Hector J Rios]

There was a time when certain lightweight APs could be converted to autonomous 
mode, but would be limited to survey mode. I see the latest IOS release is 
15.3(3)JD. I would like to convert a Cisco 3500 series AP to autonomous. Do you 
know if this software release provides for a full-blown autonomous AP 
operation? Nothing in the release notes indicates that this is limited to 
survey only.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco AP Groups and other cool stuff...

[Hector J Rios]

Thank you Matthew. SNMP sounds like a great alternative too!

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Seward
Sent: Friday, July 22, 2016 9:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco AP Groups and other cool stuff...

On 22 July 2016 at 15:24, Matthew Newton 
> wrote:

We've been using an in-house perl module[0] to manage the APs with
SNMP and do this for all new APs without any issue.

That looks significantly less nasty than the scripts I've been debugging this 
week which essentially do a lot of the same things.

I'll add it to my to-investigate list.

-Paul
--
--
Paul Seward,Senior Systems Administrator,University of Bristol
paul.sew...@bristol.ac.uk  +44 (0)117 39 
41148GPG Key ID: E24DA8A2
GPG Fingerprint:7210 4E4A B5FC 7D9C 39F8  5C3C 6759 3937 E24D A8A2
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco AP Groups and other cool stuff...

[Hector J Rios]

I just wanted to share information that I feel might be relevant to some of 
you. In the Cisco wireless solution, it has always bothered me the fact that 
newly installed APs get associated to the default-group AP group. This, by 
default, will announce the first 16 WLANs in your controller. It is Cisco’s 
best practice recommendation that APs get associated with specific AP groups so 
as to control the WLANs that you want to announce, and other parameters as 
well. But moving an AP to a new group requires a reboot. So, one work around is 
to play with the WLAN ID numbers. Any ID above 16 will not get announced in the 
default-group. The exception is the 2504, since this controller can only 
support up to 16 WLAN IDs.

Another excellent solution to control the behavior of newly installed APs is a 
feature called “Out of Box”. When enabled, APs that are assigned to the 
default-group will have their radios administratively disabled until you take 
action to move them to a different group.

Finally, APIC-EM is a Cisco SDN controller that claims to provide the ability 
to simplify the deployment of new devices, including wireless! I have not 
personally tested this, but from what I’ve heard, the software is available for 
free. We’ll be playing with this soon. More info here:

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/datasheet-c78-730594.html

You all have a great day!

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: ClearPass and IPv6

[Hector J Rios]

Thank you Bruce! That’s very disappointing to hear. Jerry did show me records 
that show the IPv6 address, and I’ve been able to find some (very few) that 
contain the IPv6 address, but it is very inconsistent. For IPv4, I have not 
seen any issues. All of my records correctly map a user to a v4 address.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Friday, July 22, 2016 6:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ClearPass and IPv6

I do not know about IPv6, but IPv4 accounting has apparently been broken since 
ClearPass 6.0. It is scheduled to be fixed in ClearPass 6.7.

Although ClearPass responds to all IPv4 accounting requests, the information 
does not always get entered in the accounting database and is therefore lost. 
Since we use accounting records to map usernames to ip addresses for bandwidth 
management, that means our management system was very inaccurate.

If you want your Aruba account team to investigate further, have them look at 
Issue # 33707 that has been committed to ClearPass 6.7 and support case 1812165.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hector J Rios [mailto:hr...@lsu.edu]
Sent: Thursday, July 21, 2016 3:36 PM
Subject: ClearPass and IPv6

Since we are on the topic of ClearPass, I have a comment/question. We recently 
deployed ClearPass on our wireless. We are a Cisco shop; 802.1X/PEAP/MSCHAPv2. 
We are also dual stack, so all of our hosts get IPv4/IPv6 addresses. We noticed 
that in the RADIUS accounting log, the IPv6 addresses do not show up. This came 
to use as a surprise because with our previous RADIUS server (radiator) we did 
not have this limitation.

The latest 6.6.1 patch just came out and in the release notes they mention that 
they now have support for the Framed-IPv6-Address RADIUS attribute (IETF 168). 
However, after upgrading, we are still not seeing IPv6 addresses.

Anyone out there running ClearPass and IPv6 experiencing a similar issue?

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

ClearPass and IPv6

[Hector J Rios]

Since we are on the topic of ClearPass, I have a comment/question. We recently 
deployed ClearPass on our wireless. We are a Cisco shop; 802.1X/PEAP/MSCHAPv2. 
We are also dual stack, so all of our hosts get IPv4/IPv6 addresses. We noticed 
that in the RADIUS accounting log, the IPv6 addresses do not show up. This came 
to use as a surprise because with our previous RADIUS server (radiator) we did 
not have this limitation.

The latest 6.6.1 patch just came out and in the release notes they mention that 
they now have support for the Framed-IPv6-Address RADIUS attribute (IETF 168). 
However, after upgrading, we are still not seeing IPv6 addresses.

Anyone out there running ClearPass and IPv6 experiencing a similar issue?

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

[Hector J Rios]

Thank you! Great answers.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mathieu Sturm
Sent: Wednesday, June 29, 2016 2:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] student residential routers?

We use smseagle. Had some trouble with it in the beginning but they solved 
everything. It’s working like a charm right now. Before that we had a siemens 
mc35i connected through serial port with our server.

I’ve tested the sms gateway with our cisco ise and that works perfect.

Integration can be found here: https://www.smseagle.eu/integration-plugins/
Although it’s just an api so you can integrate it with everything.


Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Hector J Rios
Verzonden: maandag 27 juni 2016 20:29
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] student residential routers?

Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I’m interested in that option.

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Hector J Rios]

I did. But the issue with using SMTP is that the user must chose the provider.  
I don't like  that.

Thank you everyone else for your responses, especially when I completely forgot 
to change the subject of my original message.

H

On Jun 27, 2016, at 2:11 PM, Trenton Hurt 
<trenth...@gmail.com<mailto:trenth...@gmail.com>> wrote:

Have you looked at sms over smtp

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/SMS-over-SMTP-in-CPPM/ta-p/192395



On Monday, June 27, 2016, Hector J Rios <hr...@lsu.edu<mailto:hr...@lsu.edu>> 
wrote:
Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I'm interested in that option.

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

[Hector J Rios]

Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I’m interested in that option.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Ubiquity Alert

[Hector J Rios]

If you use ubiquity, be aware of this exploit:

http://us8.campaign-archive2.com/?u=bc856e62a9254399365d0277b=d674aca0a1=6026330fbc

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Nyansa Voyance - thoughts?

[Hector J Rios]

For the ARUBA shops, there is an Airwave module called Clarity that is supposed 
to provide additional troubleshooting capabilities to drill into performance 
issues. My two cents.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, May 24, 2016 12:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Nyansa Voyance - thoughts?

All:

I was recently approached by a vendor offering a wireless analysis software 
that combines the processing of AMON in conjunction with deep packet inspection 
(through collectors that are looking at all the traffic coming off of your 
controllers via SPAN or Taps).  I was impressed with what I saw.  The company 
has apparently been in stealth mode until about 5 weeks ago, so most on this 
list would not have heard of them.

They offer up Brandeis University as one of their early adopters.  Has anyone 
else had a chance to look into this yet?  The website isn't going to give you a 
lot.  If you go to Youtube, you'll find some round table demos that should give 
you an idea of the capabilities.

We have a few concerns...  High cost and the cloud based nature of the service 
(no way to house on prem at the time).  If you've looked at this and had time 
to formulate some thoughts, I would appreciate it.

Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at Chapel Hill

r...@unc.edu
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Hector J Rios]

This is a good reference to look at devices' capabilities:

https://wikidevi.com/wiki/List_of_802.11ac_Hardware

Also, the Wi-Fi Alliance site has a lot of good information that is relatively 
simple for users to understand. They also have a product finder page that 
allows you to filter based on different criteria. 

http://www.wi-fi.org/product-finder

Other than that, it is hard to teach the consumers to pay attention to the 
details of the technology they are buying. Most of the times their decisions 
are driven by cost factors. Luckily today you can just recommend "AC", and that 
guarantees 5GHZ; something that was not the case with 802.11n.

Regards, 

Hector Rios
Louisiana State University


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Tuesday, April 12, 2016 7:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Bit of both, we see plenty of new devices 2.4 only. It's always the cheap 
stuff. Apple is pretty popular though so at least on that side we know we get 
5ghz

The Edimax Nano USB seems a good choice for laptops, 5ghz only but the inbuilt 
will take care of 2.4 and the device is small enough to be plugged in 
permanently. Going to trial a coupel but they are only $20 here in AU so even 
students can afford an upgrade. We've proven to a few people the difference by 
using the large Edimax AC1200, those are great but too big. Antenna strength 
may be interesting on the Nano.

Does anyone have a website up to educate students/staff on BYOD purchasing? We 
used to but it was removed (another story) and I'm keen to get it going again. 
The problem is that most people won't see it before purchasing, but at least 
it's a point of reference. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James Patrick
Sent: Tuesday, 12 April 2016 9:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

I'm unfortunately seeing that we may actually start to experience an INCREASE 
in 2.4GHz-only devices . when we asked about this on campus recently, I 
received this reply ... and this is from a central IT person:

" I wanted to point out that many brand new phones don't speak 5GHz such as the 
Motorola Moto G (3rd generation) which just began shipping late last summer.  
In fact, none of the generations of Moto G have a 5GHz radio.  Motorola has 
reserved 5GHz wifi for the Moto X which is their premium spec phone.The 
Moto G is a pretty common phone - I know of several folks (in our department) 
that have such including myself and a coworker who just bought a brand new one 
Friday.  Republic Wireless sells a ton of these.  The Moto E, which is the base 
model, also doesn't speak 5GHz.  Several folks in our building also have that 
phone."

Don't know whether to blame Motorola or folks that go for the cheapest stuff 
possible.

-- Jim Gogan / Univ of North Carolina at Chapel Hill

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield
Sent: Monday, April 11, 2016 4:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

> On 04/07/2016 09:24 AM, Hector J Rios wrote:
>>
>> I guess this brings up another good question, and that is, what is 
>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?
>> For us is still 50-50. And it’s been like that for a while. I still 
>> see new laptops that only come with 2.4GHz adapters.
>>


While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".

In our environment, it varies wildly by building: some as high as 95% of 
sessions and others, such as our outdoor spaces, down close to zero.

We focus our resources on improving the 5GHz coverage in the buildings with the 
lower percentages.

All this data is in the Airwave Management Platform database.   It just
takes a little gentle coaxing to get it out.

In our high density spaces, we have many many APs on 5GHz with directional 
antennas, along with turning of lower data rates and
raising RxSOP to limit the cell size.   We turn off 2.4GHz
radios on all but a few APs in the room,   From the user side, this
should look about like APs with multiple 5GHz radios.

We're using Cisco AP3702Es right now but we're anxious to take a look at the 
upcoming AP3802Es that should allow us to use fewer APs to but the same number 
of 5GHz antennas serving a room.



--
Earl Barfield -- Academic & Research Tech / Information Tec

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Hector J Rios]

I would go back to Jason's comment and reference eduroam's policy. I personally 
think that only allowing 5GHz on eduroam goes against the spirit the global 
availability of eduroam. My 2 cents.

Hector Rios
Louisiana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matthew Newton
Sent: Thursday, April 07, 2016 8:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

On Thu, Apr 07, 2016 at 01:27:04PM +, Joseph M. Karam wrote:
> We offer 2.4 and 5 GHz service.  When we have conflicts, we work with 
> departments to give them a channel in the 2.4 GHz space, then we take 
> that channel out of our central infrastructure.
> So, for example we gave engineering channel 6 for all of their labs, 
> and we took that out of our central infrastructure.  So far it has 
> worked well and we can play together nicely

What do you do after you've given the last remaining free 2.4Ghz channel to the 
third department that requests one and you've got none left for yourselves?

And presumably Engineering have lots of CCI because all of their APs are on the 
same frequency?

Not critcising, just trying to understand! :)

Matthew


--
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services, I.T. Services, University of 
Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[Hector J Rios]

I guess this brings up another good question, and that is, what is the 
percentage of 5GHz vs 2.4GHz you all see in your institutions? For us is still 
50-50. And it’s been like that for a while. I still see new laptops that only 
come with 2.4GHz adapters.

I would love to start turning off 2.4GHz in some areas of our campus, but I 
don’t think that’s an option for us at the moment.

[cid:image001.png@01D190A6.D2C56DE0]

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Perry Correll
Sent: Thursday, April 07, 2016 7:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Chris,

Not ‘chuckling’, just smiling as we are actually glad to see other vendors 
supporting this capability. Today we are seeing 70, 80, 90, even up to 95% 
clients supporting 5Ghz capabilities and the advancement of SDR capabilities 
enables IT administrators to more efficiently and effectively address this 
evolution. However Wi-Fi in the 2.4Ghz spectrum isn’t going away anytime soon 
either

Best Regards,
Perry


Perry Correll  |  Xirrus Principal Technologist


o: 805 376 5437  |  m: 321 505 7726




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chris Adams (IT)
Sent: Thursday, April 07, 2016 8:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Kees,

I think your skepticism is well founded. We have many locations with multiple 
5ghz radios in the same room, but multiple 5ghz on the same device will be a 
more “uncharted” territory for our deployment. I am in the process of getting a 
few AP250 to throw into a few of our smaller auditoriums, which should be a 
good test of their performance.

I do believe that the channel width may be a differentiator in how well the 
deployment works – we are using 20mhz in most locations, which eliminates many 
of the spectrum and channel availability issues found with 40mhz+ channel 
widths.

PS: I’m sure some of the Xirrus guys are chuckling at this conversation as 
Xirrus has been well known for having large SDR arrays for many years now ☺

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kees Pronk
Sent: Thursday, April 7, 2016 7:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Hi Chris,

“you could in theory double the airtime available”

I would be interested in your actual experience with this. Now that a few 
vendors have taken this approach and others stay away from this.

Arguments in favor of 5/5 you will find these abundant on the vendors marketing 
pages, but how about :
Extra COGS (band pass filters etc), extra complexity with your channels plans 
(need a lot of separation between the 5/5 radios), you must enable DFS channels 
on every AP but what about false positive radar detects? What about the 2 
radio’s  ‘deafening’ each other while trying so send/receive at the same time.

Please keep us posted and maybe others testing with this

1.   Innovation

2.   Marketing gimmick
(pick one ;-)

Best regards, Kees

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Larry Dougher
Verzonden: donderdag 7 april 2016 03:11
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Thanks Chris!


Larry Dougher
Chief Information Officer
Information Technology Services
Windsor Southeast Supervisory Union
127 State Street, Windsor, VT 05089
Email | Google+ | 
Twitter | 
LinkedIn | 802.674.8336

On Wed, Apr 6, 2016 at 2:45 PM, Chris Adams (IT) 
> wrote:
Larry,

We have deployed 802.11ac WAPs in many locations, but only have 80mhz channels 
enabled sparingly around campus. My hope is that by having the SDR option, we 
could configure 2x 5ghz radios with either 20Mhz or 40Mhz channels, logically 
operating as 2 WAPs. Our wireless use case is primarily for internet access – 
we just don’t have a need for true wave1/2 802.11ac throughputs at this time.

To see true Wave2 throughputs, I believe the client WNIC would need to be 
upgraded. If we could operate 2 “logical” 5ghz WAPs from a single unit for a 
small increase in price, I think this is where our greatest benefit would be at 
this time as you could in 

RE: Who wifi vendors does everyone use?

[Hector J Rios]

LSU, Baton Rouge campus has been using Cisco for many years. But we are 
currently evaluating both Aruba and Ruckus.

Hector Rios
Louisiana State University


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Typical Registration Numbers for Guest Wireless Service?

[Hector J Rios]

We advertise our guest SSID throughout the campus. Only faculty and staff can 
sponsor guest access.

Hector Rios
Louisiana State University

[cid:image001.png@01D17ADE.C6B4EF90]
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Adam T Ferrero
Sent: Thursday, March 10, 2016 2:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Typical Registration Numbers for Guest Wireless 
Service?


  We see about 1,000 guests per day typically.  We never have advertised it but 
the onboarding SSID is open and captive portal so people find it and self 
service onboard (via SMS texted credentials and switching to our WPA2 
enterprise SSID).  Generally our environment is about 30,000 concurrent 
wireless clients.

  Adam

[cid:image003.png@01D17ADE.5CB61420]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Zielske, Jessica
Sent: Thursday, March 10, 2016 1:36 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Typical Registration Numbers for Guest Wireless Service?

For those implementing a guest wireless service for sponsored and/or 
non-sponsored guests,

Is anyone able to share stats on the quantity of guest registrations over a 
time period, a daily average or the like?

We are working to forecast the load for a new non-sponsored guest wireless 
service, your insight is most appreciated!

Jessica Zielske
Virginia Tech



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Naming conventions for WLAN devices

[Hector J Rios]

WAPs
--ap
Example:
nucl-1035-ap3502i

Wireless Controllers: We only have these in our main data centers, so it is 
easy.
_WISM_
NUCL_WISM_2

Access Switches
---asw-
Example:
nucl-106-3560e-asw-1

If you are planning to include the model number, have a discussion around 
whether you want to include the series (more generic) or the more specific 
model number. We found it useful to be a little bit more granular. Example, 
Cisco Aironet 3700 versus 3702i. That little "I" provides much valued 
information.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Chu
Sent: Tuesday, February 02, 2016 11:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Naming conventions for WLAN devices

We're looking for ideas to improve our current naming convention for network 
devices.

For an access point, it currently consists of:
--ap
e.g. burnside-1-ap24

For controllers, we use:
wireless--wmc
e.g. wireless-local1-wmc
(wmc = wireless mobility controller)

For access points, we're thinking of adding location info instead of the 
arbitrary number, so something like: burnside-1-ap101a where 101a is the first 
AP in room 101 (101b would be the second AP, etc.)

Switches: burnside-sw1, burnside-sw2
UPS's: burnside-ups-1, burnside-ups2-1
PoE midspans: burnside-poe-1, burnside-poe2-1

What do other organizations use for naming conventions for their network 
devices?

Thanks.

Norman Chu
Network Analyst - Network Infrastructure group
Systems Engineering - McGill NCS
(514) 398-7299

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] eduroam in a Cisco environment

[Hector J Rios]

Do you have eduroam deployed as your primary SSID or in addition to your SSID's?
Eduroam is our primary SSID.
Do you separate/tag your eduraom users? If so, how(acs/ISE/free radius, etc)?
Yes. We use radiator.
How big are your wireless subnets?
Our eduroam subnet is a /17. We recently collapsed our two 6500 wireless core 
into a VSS and that allowed us to define a single subnet for eduroam.

Any opinions/suggestion/questions are welcome.
Thanks again in advance.

--

Tim Burns

Junior Network Administrator
1 University Heights
Asheville, NC 28804
828-232-5013
bu...@unca.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[Hector J Rios]

We are running 8.0.120 on WiSM2’s. Close to 3000 APs. Everything looked fine 
till the semester started. For some reason, it appears that band select is not 
doing its job as well as it did before (not that it has always worked that 
great). We are seeing classrooms where the majority of the clients are 
connected to the 2.4G radios.  We’ve been playing with our RF profile, but I’m 
wondering if this might have something to do with this new code. Everything 
else seems to be working just fine. We’ll engage TAC.

Hector Rios
Louisiana State University



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 10:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: http://pennstatehershey.org


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan


Dan Brisson

Network Engineer

University of Vermont






On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
Hi Lee,

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)


CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

Fixed in Image  8.0.110.22 for 3600/2600 platforms

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

This week Cisco should be able to confirm ETA for this second part of the fix

(this is my TAC case SR 634977857 Flapping AP radio causing Alarms in Prime)


Gertjan Scharloo
ICT Consultant
_

Universiteit van Amsterdam | Hogeschool van Amsterdam

ICT Services
Leeuwenburg | kamer A9.36
Weesperzijde 190 | 1097 DZ Amsterdam
+31 (0)20 525 4885
Mobiel : +31(0) 61013-5880
www.uva.nl
uva.nl/profile/g.scharloo
Beschikbaar : Ma | - | Wo | Do | Vr |

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Jess Walczak
Verzonden: dinsdag 28 juli 2015 01:25
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Lee,

I am also seeing what Scott is seeing with the nearly instantaneous radio 
resets on the 5Ghz side.  It doesn't seem to affect any client experience, 
either, but it does generate a LOT of noise from a monitoring point of view.  
We have had a TAC open about this since February, but honestly haven't really 
done any hardcore troubleshooting of the issue once we ascertained that it was 
not affecting service in any real way.  In Prime, I have it emailing a 
distribution group, and I get tons and tons of emails from the same exact time, 
one reading that the AP went down, and the other one reading that it came up, 
like so:
__
PI has detected a change in one or more alarms of category AP and severity 
Critical in Virtual Domain ROOT-DOMAIN.
The new severity of the following items is Clear:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is up.
Failure Source: AP OWS458-01-1142, Interface 802.11a/n
__
PI has detected one or more alarms of category AP and severity Critical in 
Virtual Domain ROOT-DOMAIN for the following items:

1. Message: '802.11a/n' interface of AP 'OWS458-01-1142' associated to 
controller 'UST-WLC8510 (140.209.13.70)' is down. Reason: 

Network Analyst position at LSU

[Hector J Rios]

LSU is hiring! This is one of three network analyst positions we currently have 
advertised. 

Interested parties should go to 
https://lsusystemcareers.lsu.edu/applicants/jsp/shared/frameset/Frameset.jsp?time=1440693979673

Regards, 

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outdoor PoE

[Hector J Rios]

Sounds like a risky proposition. ~ $88.00 for peace of mind is not that bad of 
an insurance policy.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Friday, August 07, 2015 10:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor PoE


If one is following electrical codes/best practices, are these devices needed? 
That is, externally mounted ethernet devices such as cameras and access points 
as supposed to be using STP and not UTP cable (providing a solid path to 
ground). The camera/ap should be grounded at it’s mount point and on the PSE 
side (switch, injector, etc.), In the case of a switch, it should have a 
separate ground lug that’s tied into a ground bus-bar.

I suspect If you follow the above, these additional devices may not be 
required. And if the above isn’t being followed, it may be a good idea to chat 
with an electrical engineer just to make sure your not installing a bunch of 
potentially deadly lightning rods. :)


Jeff


From: 
wireless-lan@listserv.educause.edumailto:wireless-lan@listserv.educause.edu 
on behalf of Thomas Carter
Reply-To: 
wireless-lan@listserv.educause.edumailto:wireless-lan@listserv.educause.edu
Date: Friday, August 7, 2015 at 6:23 AM
To: 
wireless-lan@listserv.educause.edumailto:wireless-lan@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] Outdoor PoE

We haven’t had any problems, but we’ve used these:
http://www.l-com.com/surge-protector-outdoor-10-100-1000-base-t-cat6-poe-compatible-lightning-protector-rj45-jacks
with great success. They also have a punch down version as well if you want to 
mess with that. We have them mounted outside with the APs and a good copper 
ground wire.

If you haven’t looked at them, l-com.com has a wide array of antennas, cabling, 
etc. No connection to them, just a happy customer.

Thomas

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Thursday, August 6, 2015 8:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outdoor PoE

For those doing outdoor wireless, here are two products we have purchased that 
we have found very useful:


Microsemi Outdoor PoE Surge Protector 
PD-OUT/SP11https://www.amazon.com/gp/product/B00NMU85PM/ref=od_aui_detailpages00?ie=UTF8psc=1
http://www.newegg.com/Product/Product.aspx?Item=17B-00A5-1nm_mc=KNC-GoogleAdwords-PCcm_mmc=KNC-GoogleAdwords-PC-_-pla-_-Surveillance+Accessories-_-17B-00A5-1gclid=CIOKgobGlMcCFQmNaQodJ_0C0Qgclsrc=aw.ds


Microsemi PowerDsine 9001GO - PoE injector - 30 Watt
http://www.cdw.com/shop/products/Microsemi-PowerDsine-9001GO-PoE-injector-30-Watt/2578417.aspx?cm_cat=GoogleBasecm_ite=2578417cm_pla=NA-NA-PWD_NEcm_ven=ShoppingFeedsef_id=VLgjcQAABAHVQD8U:20150806132234:sgclid=CKyxxczGlMcCFQgtaQodCO8PhQ


Regards,

Hector Rios
Louisiana State University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Outdoor PoE

[Hector J Rios]

Excellent points Chuck. Thanks!

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Thursday, August 06, 2015 8:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outdoor PoE

I've been using the ITW Linx Surgate Cat-6 
PoEhttp://itwlinx.com/1gb-cat6-poe/ to protect outdoor APs.  I install them 
inside the building at the point of entry much like you would primary 
protection on a phone cable.  I've been using their products to protect exposed 
data drops since the early 2000's without issue.  Look out for installers 
neglecting to ground them though.  I inspect every one of these after 
installation because it's been done wrong so many times.  Without a good ground 
they're nearly useless.

Chuck Enfield
Penn State

From: Stewart, Joe 
joe.stew...@claremontmckenna.edumailto:joe.stew...@claremontmckenna.edu
To: EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Thursday, August 6, 2015 7:18:26 PM
Subject: Re: [WIRELESS-LAN] Outdoor PoE

Hector,

Ironic that you sent this. Today we had a lightning strike and we lost 5 
cameras connected to a POE switch. At the time we figured it was a power outage 
but upon logging into the switch it looks like it rebooted and it didn’t past 
POST for POE. A minute later the switch went dead again. After replacing the 
switch only 3 cameras came back online. If only I had one of these at that 
pole! I’ve never had this happen before.

Joe Stewart
Claremont McKenna College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Thursday, August 6, 2015 6:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outdoor PoE

For those doing outdoor wireless, here are two products we have purchased that 
we have found very useful:


Microsemi Outdoor PoE Surge Protector 
PD-OUT/SP11https://www.amazon.com/gp/product/B00NMU85PM/ref=od_aui_detailpages00?ie=UTF8psc=1
http://www.newegg.com/Product/Product.aspx?Item=17B-00A5-1nm_mc=KNC-GoogleAdwords-PCcm_mmc=KNC-GoogleAdwords-PC-_-pla-_-Surveillance+Accessories-_-17B-00A5-1gclid=CIOKgobGlMcCFQmNaQodJ_0C0Qgclsrc=aw.ds


Microsemi PowerDsine 9001GO - PoE injector - 30 Watt
http://www.cdw.com/shop/products/Microsemi-PowerDsine-9001GO-PoE-injector-30-Watt/2578417.aspx?cm_cat=GoogleBasecm_ite=2578417cm_pla=NA-NA-PWD_NEcm_ven=ShoppingFeedsef_id=VLgjcQAABAHVQD8U:20150806132234:sgclid=CKyxxczGlMcCFQgtaQodCO8PhQ


Regards,

Hector Rios
Louisiana State University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

--

Chuck Enfield

Manager, Wireless Systems  Engineering

Telecommunications  Networking Services

The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Outdoor PoE

[Hector J Rios]

For those doing outdoor wireless, here are two products we have purchased that 
we have found very useful:


Microsemi Outdoor PoE Surge Protector 
PD-OUT/SP11https://www.amazon.com/gp/product/B00NMU85PM/ref=od_aui_detailpages00?ie=UTF8psc=1
http://www.newegg.com/Product/Product.aspx?Item=17B-00A5-1nm_mc=KNC-GoogleAdwords-PCcm_mmc=KNC-GoogleAdwords-PC-_-pla-_-Surveillance+Accessories-_-17B-00A5-1gclid=CIOKgobGlMcCFQmNaQodJ_0C0Qgclsrc=aw.ds


Microsemi PowerDsine 9001GO - PoE injector - 30 Watt
http://www.cdw.com/shop/products/Microsemi-PowerDsine-9001GO-PoE-injector-30-Watt/2578417.aspx?cm_cat=GoogleBasecm_ite=2578417cm_pla=NA-NA-PWD_NEcm_ven=ShoppingFeedsef_id=VLgjcQAABAHVQD8U:20150806132234:sgclid=CKyxxczGlMcCFQgtaQodCO8PhQ


Regards,

Hector Rios
Louisiana State University


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Aironet Series

[Hector J Rios]

I second that. We started deploying 3700’s but we quickly saw that the 
performance of the 2700 was comparable and the savings was worth it. So now 
that is our standard WAP.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Walter Reynolds
Sent: Thursday, August 06, 2015 6:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Aironet Series

For cost savings as well we are using the 2702's as the primary AP that we 
deploy on campus.



Walter Reynolds
Principal Systems Security Development Engineer
Information and Technology Services
University of Michigan
(734) 615-9438

On Wed, Aug 5, 2015 at 8:14 PM, Tony Juarez 
ajua...@uchicago.edumailto:ajua...@uchicago.edu wrote:
We have started using the 2702i’s in are smaller locations, and use the 3702’s 
on the main campus.


Tony Juarez, CCNP Wireless
Senior Network Engineer - Wireless
IT Services
[banner-a-color-600100percent]
773-702-5592tel:773-702-5592 (Office)
773-230-7923tel:773-230-7923 (Cell)


From: Deshong, Kenneth 
kdesh...@health.usf.edumailto:kdesh...@health.usf.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu
Date: Wednesday, August 5, 2015 at 3:35 PM
To: 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu
Subject: [WIRELESS-LAN] Cisco Aironet Series

I have a question that I hope someone can help me with.

In the hope of saving money, my boss wants me to look at a cheaper alternative 
to the 3702i in areas that might not need a top of the line Access Point. In my 
comparison, I find the Aironet 2702i to have similar specs minus the 4x4 radio. 
Both support 802.11ac, Client Link 3.0, CleanAir 2.0.  I don’t plan on using 
the Modular slot .

I’ve read from limited sources that say the electrons are the same, and 
performance is neck and neck.  Can anyone debunk that?
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Ekahau Site Survey + Tablet

[Hector J Rios]

SP3 has worked for us as well. We've used the softwareon a Thinkpad Yoga and it 
was OK. The main issue was the laptop itself and wonderful Win  8. Battery life 
was not great either . We'll see if Win 10 is better.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Shayne Fedorka
Sent: Friday, July 31, 2015 10:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

There's a decent 
dealhttp://www.ebay.com/itm/New-Microsoft-Surface-Pro-3-12-i5-128GB-Win8-1-Pro-Wi-Fi-Tablet-MQ2-1/261977063495?customid=35cbf5d37c094ea3a6c7bbc5ba1534e9pub=5574652453afepn=533586campid=533586icep_id=117ipn=icepafepn=533586rmvSB=true
 on the SP3 right now if you can't wait a couple months for the SP4 to drop the 
price of the SP3 even more.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Friday, July 31, 2015 10:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

So the Surface Pro 3 so far. I'm really just looking at using this for active 
surveys. I can do analysis on my laptop.

Thanks for the responses so far!

--Eric

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rowell Dionicio
Sent: Friday, July 31, 2015 8:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Site Survey + Tablet

We're currently using the Surface Pro 3 for conducting wireless surveys with 
Ekahau. Works great. I would recommend getting an external USB hub that you can 
velcro to it. I find that the USB port is a little finicky. If I nudge the USB 
adapter I sometimes have issues causing me to restart Ekahau.

I use the pen during the survey and found it much more useful than using a 
trackpad or your finger. I don't use the keyboard attached to the surface 
during surveys.

I also recommend using a bluetooth or USB mouse for analyzing the survey while 
at your desk. I still haven't gotten used to using the removable keyboard/cover 
we got with it.

Rowell

On Jul 31, 2015, at 6:05 AM, Trent Hurt 
trent.h...@louisville.edumailto:trent.h...@louisville.edu wrote:

I know a few folks who use surface 3 for surveying without issues.  Here is a 
nice blog with some performance recommendations for ekahau

http://www.ekahau.com/wifidesign/blog/2015/07/24/boosting-ekahau-site-survey-and-3d-planner-performance/

Sent from my iPhone

On Jul 31, 2015, at 8:22 AM, Sachse, Hartmut 
sac...@pdv-sachsen.netmailto:sac...@pdv-sachsen.net wrote:
Ask Jussi from Ekahau via Twitter @jussikiviniemi. If i remember right the 
recommend Surface Pro 3.


Best Regards

Hartmut Sachse
Systems Engineer


Von: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Im Auftrag von Eric T. Barnett
Gesendet: Donnerstag, 30. Juli 2015 23:57
An: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Betreff: [WIRELESS-LAN] Ekahau Site Survey + Tablet

Good afternoon,

I was wondering if anyone out there was running Ekahau's site survey software 
on a tablet and which ones that they've had good luck with. I'm looking at a 
Surface Pro 3, but I wonder if the Pro 2 would be sufficient. Of course, I'll 
take cheaper alternatives if there are any!

Thanks,
Eric

image001.jpghttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=

Eric Barnett
Senior Network Engineer/Wireless Administrator
Information and Technology Services

P.O. Box 1140 | State University, AR 72467
Office: (870) 680-4243 | Fax: (870) 972-3011
ebarn...@astate.edumailto:ebarn...@astate.edu | 
http://www.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=
http://wireless.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__wireless.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=MFw9vbn7a5HM8TjvMTVHCunEmrhL2Gon2xmzVb8ssJEe=



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 

RE: [WIRELESS-LAN] Config Archive / Diff / Change Management

[Hector J Rios]

Same here, we use Solarwinds NCM. Not cheap but has been very reliable.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wesley Troy Scott
Sent: Wednesday, July 29, 2015 4:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Config Archive / Diff / Change Management


We use Solarwinds NCM in a mixed environment that includes Juniper. Works well 
and integrates with other products they sell.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
on behalf of Leja, Maciej mle...@depaul.edumailto:mle...@depaul.edu
Sent: Wednesday, July 29, 2015 3:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Config Archive / Diff / Change Management

We use RANCID with a mixed Juniper/ Cisco/ Ciena environment and have no issues 
at all.  Can't beat free when it works.

Maciej Leja
DePaul University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of 
Curtis K. Larsen
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Date: Monday, July 27, 2015 at 3:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Config Archive / Diff / Change Management

Hello,

I'm looking for a tool that emails when WLC or Switch configs are changed for a 
growing Network team mostly to keep everyone abreast of changes.  Years ago 
(like 8 years ago) we used RANCID, an open source product that was quite nice, 
but I have a feeling there are maybe a few better options these days.  What we 
like about RANCID was that it was free, that it sent emails with line by line 
configuration diff on the changed device, and that it worked with other 
non-Cisco products as well.  We have some Foundy switches, a lot of Juniper 
firewalls, etc.  Please let me know if you know of anything that fits the bill.


Thanks,

Curtis Larsen
University of Utah
Sr. Network Engineer

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Wireless Site Survey

[Hector J Rios]

See my answers below. Hope they help.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Blahut
Sent: Wednesday, May 20, 2015 11:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Site Survey

Greetings,

I am writing today to ask if anyone on the list has successfully engaged with a 
vendor to preform a wireless site survey.

The particulars of my question are:

Who did the survey for you?
Fluke Networks. They were easy to work with, reasonable pricing, did exactly 
what they say they were going to do, and had a very knowledgeable engineer.

Would you hire them again?
Yes

What type of equipment did they use?
Airmagnet Surveyor and AirMagnet WiFi Analyzer

Were the results useful?
Very. We implemented their recommendation within months and it has worked 
really well.

What should we look for in the results?
It’s all in how you set the scope of work. For our deliverables we wanted a 
site survey assessment with a detailed report. This included a wireless LAN 
design with AP placement and location photos, AP channeling map, AP model and 
power recommendations, antenna specs (If needed), and spectrum analysis.

What type of testing should we ask the vendor to preform?
Same as previous answer.

Should the RF environment be busy during the site survey or should it be 
preformed during a low use period?
We asked them to do it for both situations. A busy environment is always 
helpful.

Any thing else to look out for, be aware of, or ask for?

Thanks,
David
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Copper Cable Field Terminations for Access Points

[Hector J Rios]

Same thing here. We have always terminated the cable directly, with a service 
loop, and never had any problems.

-Hector Rios
Louisiana State University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joey Rego
Sent: Thursday, May 14, 2015 1:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Copper Cable Field Terminations for Access Points

Hey Mark,

If you are going to terminate the cable directly just make sure you have a 
service loop were possible just in case you need to tweak the location of the 
ap after install and final surveys.
Joey Rego
Network Security Administrator
Information Technology
3601 North Military Trail
Boca Raton, FL 33431
T: 561-237-7982
jr...@lynn.edumailto:jr...@lynn.edu
1-800-888-5986 | www.lynn.eduhttp://www.lynn.edu/
[cid:image002.jpg@01CF442D.90504330]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Thursday, May 14, 2015 2:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Copper Cable Field Terminations for Access Points

I remember arguing with cabling crews about that exact issue:

ME: I  want to have the RJ-45 connector crimped on the cable for two reasons:
-It saves money (on one jack and one patch cable, that’s about $10 per AP)
-It prevents patch cable theft (not huge but very annoying especially in 
Residence Halls)

CABLING CREW:  we want to terminate on a jack because:
-It is a pain to terminate a RJ-45 connector on the cable (unless new connector 
designs exist) and the money saved in equipment is wasted in labor
-We cannot properly label the circuit on a cable but we can do it on a jack

In the end, they won the argument.

Some may argue that terminating on a Jack also gives the option to add a longer 
patch cable if needed,
but we always left a service loop anyway!



Philippe Hanset
www.eduroam.ushttp://www.eduroam.us



On May 14, 2015, at 1:05 PM, Mark H. Wehrle 
weh...@isc.upenn.edumailto:weh...@isc.upenn.edu wrote:

Good afternoon all,

We are faced with some challenges in upgrading our access points in our 
residence halls this summer. Our existing installation has access points wall 
mounted and we terminate Cat5E cable on a Cat5E type biscuit jack on the wall 
near where the access point is mounted. From there we place a short cable from 
the jack to the access point. In current state, this makes for easier 
troubleshooting to decipher cable versus AP problems, however it's understood 
that there could be other problems associated with multiple termination points 
etc. In our current project, we are looking install access points with internal 
antennas and we are looking to move these to ceiling mounts in most/all of 
these rooms where we can. We made this choice because we've found that some 
students will vary the positions of antennas, which have impacted RF coverage 
and we have added more access points in some areas to compensate (we cannot 
easily get into student rooms to inspect access points).

The question I was asked before we move these jacks is whether we should save 
costs and time by just making a field termination of the Cat5E cable with an 
RJ45 connector crimped right on the cable then plug this cable directly into 
the access point and avoid the biscuit jack and short station cable. I'm 
wondering if anyone is doing this, was doing this and stopped, plans to do this 
etc? Does this present any problems like bad mechanical connection problems etc?

Thanks for your feedback.

--Mark Wehrle   Phone: (215) 898-9664
   Technical Director, ISC Network  Telecom Operations  Fax: (215) 898-9348
   University of Pennsylvania
   3401 Walnut Suite 221a   
Email:weh...@isc.upenn.edumailto:weh...@isc.upenn.edu
   Phila. PA 19104-6228

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

This email is intended for the designated recipient only, and may be 
confidential, non-public, proprietary, protected by the attorney/client or 
other privilege. Unauthorized reading, distribution, copying or other use of 
this communication is prohibited and may be unlawful. Receipt by anyone other 
than the intended recipients should not be deemed a waiver of any privilege or 
protection. If you are not the intended recipient or if you believe that you 
have received this email in error, please notify the sender immediately and 
delete all copies from your computer system without reading, saving, or using 
it in any manner. Although it has been checked for viruses and other malicious 

RE: FlexConnect

[Hector J Rios]

Jeff,

Everything that Frans said. Plus, check the subject ResHalls, that had a good 
discussion on Flexconnect. Below is an email I had sent. In the end, the cons 
led us not to use FlexConnect and we stayed in local mode.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Tuesday, March 17, 2015 9:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

I tested FlexConnect on 8.0.110.0. Here are my observations:

*Great alternative to switch data locally (obviously)
*No AVC Support
*When controller is down, AP goes into standalone more. Must make sure that AP 
is not able to reach any other controller you don't want. This was fixed with 
an ACL.
*Client details page does not show client IPv6 address. Client still gets IPv6 
address. (PRIME does show it if you run a report).
*Client details page does not show VLAN ID.
*Putting AP in FlexConnect mode does not require reboot (Cool!)
*No IPv6 ACL support

More testing to do, but so far so good.

-Hector


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Thursday, April 23, 2015 5:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] FlexConnect

I am not currently using any Aps in FlexConnect mode in any buildings on campus.
We are building a new building and I have been asked to use FlexConnect mode 
for the Aps in this building.
Is anyone using FlexConnect in campus buildings? If so why are you using it 
rather than Local mode and is it more or less difficult to configure.

Jeff Legge
Radford University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] ResHall Wireless - FlexConnect

[Hector J Rios]

We use WiSM2s, and based strictly on the numbers supported by this platform 
(which are pretty horrible: 25 APs per FlexConnect group) I don't think we will 
be using FlexConnect any time soon. 

-Hector

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Wednesday, March 18, 2015 1:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

Please post any results you have if/when try expand FlexConnect to your entire 
campus. It looks like you are close to our size (we now have about 125 
buildings  about 38K students plus about 4K faculty/staff). 

Thanks. 

Sent from my iPhone

 On Mar 17, 2015, at 4:12 PM, Hector J Rios hr...@lsu.edu wrote:
 
 I've not performed tests to that scale yet. Plus we are only considering this 
 for our ResHalls, of which we have 21 buildings only. 
 
 -Hector
 
 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
 Sent: Tuesday, March 17, 2015 11:55 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect
 
 We played with FlexConnect for a number of months but still could not get 
 what we needed it to do on a consistent basis. Essentially we wanted 
 FlexConnect to drop users into their building VLAN so they would be able to 
 easily interact with the same devices that the wired connections in the 
 buildings could see. As I'm sure you know, this also resolves many of the 
 Apple, Chromecast, etc., problems.
 
 We did have one caveat though that we just couldn't get past -- we wanted to 
 drop faculty/staff into one VLAN and students into another (we can easily 
 return the proper VLAN for a particular client in a particular building from 
 Radius server - FreeRadius with a call to our LDAP server for info) but  we 
 also need to send everything else back to the controller for central 
 switching (e.g., police connections, special bar-code scanners that roam and 
 serve to identify a user, but not being used for client traffic, for example, 
 to give out free flu shots to eligible folks or let folks into a sporting 
 event). We just couldn't get past having 95+% locally switched and the 
 remainder centrally switched for over 200 buildings many with now over 100 
 APs each without using FlecConnect groups which are limited to numbers way 
 too small for our campus.
 
 We can even live comfortably without roaming between buildings. MOst folks 
 are not used to being able to roam between buildings downtown or many cannot 
 roam between apartments off campus.
 
 How did you get around the FlexConnect group problem?
 
 
 
 
 ==
 -jcw
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Hector J Rios 
 [hr...@lsu.edu]
 Sent: Tuesday, March 17, 2015 9:27 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless
 
 I tested FlexConnect on 8.0.110.0. Here are my observations:
 
 *Great alternative to switch data locally (obviously) *No AVC Support *When 
 controller is down, AP goes into standalone more. Must make sure that AP is 
 not able to reach any other controller you don't want. This was fixed with an 
 ACL.
 *Client details page does not show client IPv6 address. Client still gets 
 IPv6 address. (PRIME does show it if you run a report).
 *Client details page does not show VLAN ID.
 *Putting AP in FlexConnect mode does not require reboot (Cool!) *No 
 IPv6 ACL support
 
 More testing to do, but so far so good.
 
 -Hector
 
 
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
 Sent: Thursday, March 12, 2015 11:13 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless
 
 We use Cisco's wireless solution with WiSM2s and a variety of WAPs. We 
 actually implemented the guest anchor controller solution last year with dual 
 controllers (WLC2504) and we've been happy.
 
 I like Britton's idea of using FlexConnect at the dorms to switch the student 
 data locally. However, I believe there are some limitations that would keep 
 us from using it such as no support for AVC, and some limitations on IPv6.
 
 -Hector
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, 
 Bruce W (Network Services)
 Sent: Thursday, March 12, 2015 7:42 AM
 To: 
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAU
 SE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless
 
 Hector,
 
 You do not say what wireless solution you are using. Let me assume a Cisco or 
 Aruba controller based solution. You can have vlans from your

WLC reporting incorrect remote address to TACACS sever

[Hector J Rios]

We had a pretty bad scare a couple of weeks ago. We thought we had been 
compromised, but after some serious troubleshooting we came to find a bug on 
the Cisco controller software.

We have two 2504 anchor controllers on our DMZ that serve guests only. In our 
ACS logs we started noticing successful authentications by external sources 
with some of our known user accounts. It turned out that the controller was 
simply sending the incorrect remote address. We tested this on 7.6.130 and also 
on 8.0.110. Cisco was able to reproduce it quite easily. 

So there you go. In case you run into this, hopefully this will save you from 
freaking out like we did. 

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Looking for interest among Wi-Fi professionals

[Hector J Rios]

It's an interesting idea and I wonder how it will play out with all the vendor 
participation.  I would want to be a part of it just to see how that goes. As 
you point out, the potential for information overload (good and bad) is there, 
and it might end up being the one factor that turns people away. The educause 
listserv stays busy but not so much that we can't keep up with it on a regular 
basis.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, March 18, 2015 12:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

This is not meant to self-promote, apologies if it seems that way. Looking for 
interest on whether those on the list would get value out of a potential new 
wireless-oriented discussion board, as described here:

https://wirednot.wordpress.com/2015/03/18/hey-wireless-professionals-would-you-use/

Won't hurt my feelings either way, but could be kind of valuable if you picture 
it widely used.

Regards-

Lee Badman



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: ResHall Wireless - FlexConnect

[Hector J Rios]

I've not performed tests to that scale yet. Plus we are only considering this 
for our ResHalls, of which we have 21 buildings only. 

-Hector


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Tuesday, March 17, 2015 11:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

We played with FlexConnect for a number of months but still could not get what 
we needed it to do on a consistent basis. Essentially we wanted FlexConnect to 
drop users into their building VLAN so they would be able to easily interact 
with the same devices that the wired connections in the buildings could see. As 
I'm sure you know, this also resolves many of the Apple, Chromecast, etc., 
problems.

We did have one caveat though that we just couldn't get past -- we wanted to 
drop faculty/staff into one VLAN and students into another (we can easily 
return the proper VLAN for a particular client in a particular building from 
Radius server - FreeRadius with a call to our LDAP server for info) but  we 
also need to send everything else back to the controller for central switching 
(e.g., police connections, special bar-code scanners that roam and serve to 
identify a user, but not being used for client traffic, for example, to give 
out free flu shots to eligible folks or let folks into a sporting event). We 
just couldn't get past having 95+% locally switched and the remainder centrally 
switched for over 200 buildings many with now over 100 APs each without using 
FlecConnect groups which are limited to numbers way too small for our campus.

We can even live comfortably without roaming between buildings. MOst folks are 
not used to being able to roam between buildings downtown or many cannot roam 
between apartments off campus.

How did you get around the FlexConnect group problem?




==
-jcw

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Hector J Rios [hr...@lsu.edu]
Sent: Tuesday, March 17, 2015 9:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

I tested FlexConnect on 8.0.110.0. Here are my observations:

*Great alternative to switch data locally (obviously) *No AVC Support *When 
controller is down, AP goes into standalone more. Must make sure that AP is not 
able to reach any other controller you don't want. This was fixed with an ACL.
*Client details page does not show client IPv6 address. Client still gets IPv6 
address. (PRIME does show it if you run a report).
*Client details page does not show VLAN ID.
*Putting AP in FlexConnect mode does not require reboot (Cool!) *No IPv6 ACL 
support

More testing to do, but so far so good.

-Hector



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Thursday, March 12, 2015 11:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

We use Cisco's wireless solution with WiSM2s and a variety of WAPs. We actually 
implemented the guest anchor controller solution last year with dual 
controllers (WLC2504) and we've been happy.

I like Britton's idea of using FlexConnect at the dorms to switch the student 
data locally. However, I believe there are some limitations that would keep us 
from using it such as no support for AVC, and some limitations on IPv6.

-Hector

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, March 12, 2015 7:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

Hector,

You do not say what wireless solution you are using. Let me assume a Cisco or 
Aruba controller based solution. You can have vlans from your controller tunnel 
to an anchor controller in a DMZ.  Use 802.1X authentication based on AD groups.

This solution permits controlled internal access and, if you desire, unfiltered 
Internet access. Until recently, we did something similar with our open Guest 
wireless network on our Aruba system. We now use a different solution for this.

The anchor controller idea was based on Cisco wireless training several years 
ago. At that time, it was their recommended guest solution.

Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hector J Rios [mailto:hr...@lsu.edu]
Sent: Wednesday, March 11, 2015 9:48 AM
Subject: ResHall Wireless

I'm wondering how many of you treat the wireless in the ResHalls differently 
from the wireless on the rest of your campus. In terms of geography, we have 21 
ResHalls

RE: ResHall Wireless

[Hector J Rios]

We use Cisco's wireless solution with WiSM2s and a variety of WAPs. We actually 
implemented the guest anchor controller solution last year with dual 
controllers (WLC2504) and we've been happy.

I like Britton's idea of using FlexConnect at the dorms to switch the student 
data locally. However, I believe there are some limitations that would keep us 
from using it such as no support for AVC, and some limitations on IPv6.

-Hector

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, March 12, 2015 7:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

Hector,

You do not say what wireless solution you are using. Let me assume a Cisco or 
Aruba controller based solution. You can have vlans from your controller tunnel 
to an anchor controller in a DMZ.  Use 802.1X authentication based on AD groups.

This solution permits controlled internal access and, if you desire, unfiltered 
Internet access. Until recently, we did something similar with our open Guest 
wireless network on our Aruba system. We now use a different solution for this.

The anchor controller idea was based on Cisco wireless training several years 
ago. At that time, it was their recommended guest solution.

Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Hector J Rios [mailto:hr...@lsu.edu]
Sent: Wednesday, March 11, 2015 9:48 AM
Subject: ResHall Wireless

I'm wondering how many of you treat the wireless in the ResHalls differently 
from the wireless on the rest of your campus. In terms of geography, we have 21 
ResHalls that are in the perimeter of our campus. Some of these buildings are 
next to academic or administrative buildings. Eduroam is our main SSID. So, for 
the longest time it has only made sense to broadcast eduroam everywhere. Now, 
on the wired side of the house, our ResHalls have a dedicated connection that 
gives them direct, non-firewall access to the internet (for access to campus 
resources, a student must VPN). This came about as a request from the students 
to have more freedom in their residence. Makes sense. But wireless is different 
as it goes through our campus core, traverses our perimeter firewall, and goes 
out our main internet connection.

I've struggled to find an alternative solution to this. We recognize that 
students in ResHalls are different in the sense that they pay for a place to 
live and should get an internet service that is similar to their home service. 
However, any alternatives that we have considered (separate SSID, dynamic VLAN 
assignment, user groups) just seem to complicate the setup.

Any good ideas out there or creative ways in which you have tackled this 
challenge?

Thanks,

Hector Rios, CCNP, CCA
Assistant Director, Network Engineering
Dept. of Networking and Infrastructure
Information Technology Services
Louisiana State University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

ResHall Wireless

[Hector J Rios]

I'm wondering how many of you treat the wireless in the ResHalls differently 
from the wireless on the rest of your campus. In terms of geography, we have 21 
ResHalls that are in the perimeter of our campus. Some of these buildings are 
next to academic or administrative buildings. Eduroam is our main SSID. So, for 
the longest time it has only made sense to broadcast eduroam everywhere. Now, 
on the wired side of the house, our ResHalls have a dedicated connection that 
gives them direct, non-firewall access to the internet (for access to campus 
resources, a student must VPN). This came about as a request from the students 
to have more freedom in their residence. Makes sense. But wireless is different 
as it goes through our campus core, traverses our perimeter firewall, and goes 
out our main internet connection.

I've struggled to find an alternative solution to this. We recognize that 
students in ResHalls are different in the sense that they pay for a place to 
live and should get an internet service that is similar to their home service. 
However, any alternatives that we have considered (separate SSID, dynamic VLAN 
assignment, user groups) just seem to complicate the setup.

Any good ideas out there or creative ways in which you have tackled this 
challenge?

Thanks,

Hector Rios, CCNP, CCA
Assistant Director, Network Engineering
Dept. of Networking and Infrastructure
Information Technology Services
Louisiana State University


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm chipset | PCWorld

[Hector J Rios]

All I can say is that if we continue down this path, the 5GHz band will 
eventually turn into the mess that the 2.4GHz band is today. There might be 
more channels available in the 5GHz band, but there is a colossal parade of 
devices that are on their way to invade it, and it's not going to be pretty. 

Now, off to find fight rogues. 

Hector Rios
Louisiana State University


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Thursday, February 26, 2015 7:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm 
chipset | PCWorld

http://www.pcworld.com/article/2889792/lte-can-mooch-off-of-wifi-spectrum-with-new-qualcomm-chipset.html

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Annual Exercise in Frustration: Printers that do wireless 1x?

[Hector J Rios]

I was recently working on an HP laser Pro 200 that does have 802.1X support, 
but couldn't tell you if it works reliably. I was also impressed to see that it 
comes, along with other models, with IPv6 support.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, February 12, 2015 1:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Annual Exercise in Frustration: Printers that do 
wireless 1x?

This is a good for a yearly laugh, so let me throw it out there:

Has anyone found- and confirmed through actual use- any enterprise WLAN-capable 
printers or print servers that work with 802.1x WLAN security?

Thanks-

Lee Badman

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: latest from FCC on de-authing Mi-Fi

[Hector J Rios]

Agree. A clearer definition as to what a commercial WiFi network operator 
would help. I don't know what to do with this information. 
Do these FCC laws trump our WiFi policies? I can see where users could take 
advantage of this advisory. Too many questions.

Hector Rios
Louisiana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Wednesday, January 28, 2015 8:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] latest from FCC on de-authing Mi-Fi

I'm disappointed in the statement from the FCC. This was a chance to clarify 
their position on this, but it's still as vague as ever. What is a commercial 
establishment? Does that include K-12 or Higher Ed? What about a corporate HQ?

I'm also disappointed that the wireless vendors have been quiet on this issue 
as well. Where is Cisco, Aruba, Rukus, et. al who provide us with these tools? 
One reading of the FCC notice is that the product they market and sell is 
illegal. I feel they should be leading the charge with the FCC for 
clarification for us, their customers. 

Thomas Carter
Network and Operations Manager
Austin College 
903-813-2564


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 27, 2015 5:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] latest from FCC on de-authing Mi-Fi

http://www.fcc.gov/document/warning-wi-fi-blocking-prohibited

Which would imply that a subset of our tools are illegal:

https://wirednot.wordpress.com/2015/01/06/are-wlan-vendors-selling-illegal-jammers/

Complicated times.

-Lee

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] RFP question

[Hector J Rios]

For the longest time we have done all of our design and implementation work 
in-house. Last year we decided to hire consultants for some of our high-density 
deployments because we were really short-staffed. One group of consultants was 
horrible, the other did well and provided good results. 

Working with anybody that is not familiar with your network and your campus is 
going to require some babysitting and this can be better spent with your own 
people. I do have to agree that all of our needs are different, and consultants 
can have their place and can provide value. If you do decide to use a 
consultant, make super sure that you have a proper Statement of Work that 
covers all expectations and details of what the end result will be. This is 
crucial for a successful engagement.

I personally would much rather spend my money on the right tools, and on my 
staff, than to give that money to someone else. In the process, you provide 
continuous training, you get a chance to have those intimate details of areas 
you will be serving and the end product you will be delivering. 

Regards, 

Hector Rios
Louisiana State University



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jerry Bucklaew
Sent: Thursday, January 08, 2015 11:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] RFP question

Colleagues,

We are starting an initiative to upgrade our Wi-Fi infrastructure. Our current 
infrastructure was built in-house incrementally over the past several years.  
It is 802.n based and not as dense as we would like so we are looking at moving 
to 802.11ac with a significant increase in AP/antenna density to reduce the 
number of devices associating with each AP and improve performance.

We are currently working on a RFP for hardware and figured we would do 
the engineering layout, installation and configuration in-house.   We 
had a review meeting with a consultant who indicated that most Universities do 
not do the Wi-Fi engineering work in house and usually put the design in the 
RFP.  This has led us to question whether we are following best practices for 
design engineering.  We suspect that this may also depend on the size of the 
institution and the network staff.

While I’m sure that we could achieve a more optimal initial coverage plan by 
hiring someone to do a more detailed analysis of building materials and RF 
propagation characteristics, I’m wondering if the additional time and expense 
derives a net benefit over doing the design in house.

So we figured we’d post this to our peers and try to evaluate what the rest of 
you have experienced, or are planning.  We have developed a short survey (9 
questions) to assess the design approach and a couple other parameters.  It 
should only take about 5 minutes to fill out, and as always the more 
participants, the better the results.


You can access this survey at http://vovici.com/wsb.dll/s/8727g57943

We would appreciate your participation in the survey.  I will leave it up for a 
week and then post the results back to the list for all to see.  I will segment 
them into large schools and small schools as I 
suspect there might be a difference there.   I can segment it different 
ways if people want to see it.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

[Hector J Rios]

We just upgraded to 7.6.130 and has been stable. We are planning to wait a 
little longer before we consider moving to 8.0. Not sure we will venture to 
deploy it for the Spring semester.

Regards,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Monday, December 08, 2014 2:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC 8.0.100.0 GO or No Go?

We are sitting at 7.4.110.0 here, but considering 8.0.100.0 in hopes that we 
might give maybe a bit better service to mobile users out there.

Are you guys moving to 8 for production?  Good move?  Worth it?

Thanks!
-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edumailto:pete.hoffsw...@davenport.edu
http://www.davenport.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Outside venues

[Hector J Rios]

The 1530s we have installed are in a single building. They were mounted 
directly on the exterior walls. So power was not an issue as we used PoE . We 
have not mounted any 1530s on poles yet.

Have you looked at the AP adapter? I think this is what you need if you were to 
mount it to a pole.  

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/1530/power/guide/1530pwradpt.html


-Hector 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick
Sent: Thursday, December 04, 2014 5:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outside venues

Hector,

I am curious to know how you are connecting the 1530's to power.  We are right 
now all 155X's for the outdoor AP's but I was looking at the 1530's because 
their price point was better.  The one thing I was concerned with though was 
that they are DC power input vs AC power input.  For many locations we have the 
AP mounted on a building so this is ok but we have several in a mesh that 
connect to our parking lot light poles and I don't know the feasibility of 
putting a AD/DC converter in the power pole.  Unless I missed it I also didn't 
see a outdoor rated converter Cisco sells for these. So I am curious to know 
your experience with powering them.

Nick Ciesinski
University of Wisconsin - Whitewater

From: Hector J Rios hr...@lsu.edumailto:hr...@lsu.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, December 4, 2014 1:23 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Outside venues

We have used 1520s in the past and they have worked well. We recently installed 
a couple of 1530s with external antennas and their coverage is really good. The 
plus with the 1530s is their form-factor. The 1520s and the predecessors where 
tanks. The 1530s are considerably smaller. Depending on your requirements, the 
1530s with internal antennas are very convenient, but you are not going to have 
as good of a coverage as the ones with the external antennas.

Finally, consider additional costs for your outdoor deployment. A couple of 
years ago we deployed a good number of outdoor mesh radios and the expense for 
the power requirements was significant. Other costs to bear in mind are 
maintenance. If you hang these radios on poles, know that you will be needing a 
lift to get to those radios when they have issues. For us, our contractor 
charges a minimum of $500 to get us a bucket truck. And if you live in the 
southern states, just pray your radios don't have issues during the summer. 
Otherwise, bring lots of towels and prepare to sweat.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stooksberry, Tom
Sent: Wednesday, December 03, 2014 1:47 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outside venues

I would like to ask what everyone is doing for their outdoor areas with respect 
to WiFi.  We have several very nice venues that would benefit from 
connectivity.  Some are relatively close to networked buildings and some are 
fairly remote from such structures. We are a Cisco shop and are thinking about 
installing some AP1532's but due diligence begs me to pick other brains for 
alternative and maybe better ideas.

Tom Stooksberry
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Outside venues

[Hector J Rios]

We have used 1520s in the past and they have worked well. We recently installed 
a couple of 1530s with external antennas and their coverage is really good. The 
plus with the 1530s is their form-factor. The 1520s and the predecessors where 
tanks. The 1530s are considerably smaller. Depending on your requirements, the 
1530s with internal antennas are very convenient, but you are not going to have 
as good of a coverage as the ones with the external antennas.

Finally, consider additional costs for your outdoor deployment. A couple of 
years ago we deployed a good number of outdoor mesh radios and the expense for 
the power requirements was significant. Other costs to bear in mind are 
maintenance. If you hang these radios on poles, know that you will be needing a 
lift to get to those radios when they have issues. For us, our contractor 
charges a minimum of $500 to get us a bucket truck. And if you live in the 
southern states, just pray your radios don't have issues during the summer. 
Otherwise, bring lots of towels and prepare to sweat.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stooksberry, Tom
Sent: Wednesday, December 03, 2014 1:47 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Outside venues

I would like to ask what everyone is doing for their outdoor areas with respect 
to WiFi.  We have several very nice venues that would benefit from 
connectivity.  Some are relatively close to networked buildings and some are 
fairly remote from such structures. We are a Cisco shop and are thinking about 
installing some AP1532's but due diligence begs me to pick other brains for 
alternative and maybe better ideas.

Tom Stooksberry
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[Hector J Rios]

Lee,

My security guys did the actual tests and from what I remember, it dropped the 
applications as soon as we enabled them.

BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 16, 2014 8:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...


Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:
On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That's all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don't have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I'm doing analysis of our 5508 WLCs' ability to perhaps replace 
a dedicated appliance solution.

I see that we're not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I'm more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet control or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[Hector J Rios]

From the WLC GUI. But I just checked our version for the product pack, and it 
looks like we need to upgrade. I'll do that and confirm if I see it after.

-Hector


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, September 17, 2014 8:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Are saying you cant see it from PI, or from WLC GUI?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Wednesday, September 17, 2014 9:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Lee,

My security guys did the actual tests and from what I remember, it dropped the 
applications as soon as we enabled them.

BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 16, 2014 8:16 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...


Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:
On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That's all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don't have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I'm doing analysis of our 5508 WLCs' ability to perhaps replace 
a dedicated appliance solution.

I see that we're not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I'm more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet control or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: AVC on Cisco WLC- Blocking P2P (Revisiting)

[Hector J Rios]

On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That's all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don't have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I'm doing analysis of our 5508 WLCs' ability to perhaps replace 
a dedicated appliance solution.

I see that we're not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I'm more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet control or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] IPv6 on wireless experiences?

[Hector J Rios]

Excellent notes! Jason, so you know, we have close to 30K students and we have 
been dual-stacked. This semester we collapsed our wireless core to two 6500s. 
The SUP720-3B did not work for us. We needed at least a 3BXL. We are in the 
process of upgrading our SUPs to 2T-XL to future-proof our network.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee, Steven
Sent: Wednesday, September 10, 2014 9:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

Jason,
We went through this a few years ago.  At the time, we had about 8000 IPv6 
clients on each of our 720's.  We fought with it for about a semester until we 
could replace them with SUP2T's.

I dug up some notes from 2011 and included some lessons learned/ best practices 
below.  Things may have changed since then so please consult with your SE 
before trying any of this.


  1.  ND table size-  Once you reach the max, all traffic from additional 
clients is SW processed.  We did exceed the table size, but other factors below 
actually had more of an effect on our CPU.
  2.  ND table reachability timer - The default ND reachability timer is 30 
seconds as defined by the ND RFC.  This is too aggressive for a wireless 
deployment, driving up the CPU as it tries to send out solicitations and write 
to the ND table for thousands of clients.  The table rewrite chews up CPU.  We 
played with the timers and settled on changing it to 5 minutes.  We were 
concerned about the table limit size as once the table reaches its max, as all 
traffic from additional clients is processed in SW.
  3.  Mcast - the Sup720 processes mcast in SW, this means all RA's, NS's, 
bonjour, etc. will drive your interrupt CPU high.  We started blocking L2 
multicast at the interface before it could go to the CPU
  4.  Cisco recommended that we enable IPv6 multicast on all your core routers. 
 Cisco stated that this will allow MLD snooping to handle most of the IPv6 
solicitation messages (instead of sending them to the CPU).  Sounds good in 
theory, but it had unintended consequences that forced all the mcast traffic 
that we were blocking in #2 to get punted to the CPU.  Cisco said bug.  You may 
want to follow up on this as we moved to the SUP2T
  5.  Deny ICMP redirects on your client facing interfaces.  - another measure 
to reduce demand on CPU resources.  Cisco may tell you to also deny ICMP 
unreachables.  If your running dual stack, this is a bad idea.
  6.  uRPF for IPv6 was done solely in SW on the 720.   We replaced with 
appropriate ACL's (HW based)

In short, depending on the number of IPv6 clients your expecting, you may want 
to consider another solution.   Id be happy to provide more detail if you need.


steve


From: Jason Chan szeho.c...@utoronto.camailto:szeho.c...@utoronto.ca
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Tuesday, September 9, 2014 10:35 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

I was wondering if anyone is having issues with exceeding NDP entries number on 
routers?

I'm also about to enable IPv6 on wireless but I've been advised by Cisco to 
watch out for the NDP table size limit on our 6500 with SUP720-3B, which is 
only 15K entries.  On the IPv4 side we are slightly above 28K (out of 30K 
recommended maximum) entries on one of our routers.

Jason

--
Jason Chan
Enterprise Infrastructure Solutions,
Information + Technology Services
University of Toronto
Phone: (416)946-5233
Email: szeho.c...@utoronto.camailto:szeho.c...@utoronto.ca



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] IPv6 on wireless experiences?

[Hector J Rios]

Correct. Check your clients once you have this configured and see if they get 
multiple v6 addresses from different controllers. That's the behavior we saw.

-Hector


In order to deal with roaming IPv6 clients across controllers, the ICMPv6 
messages such as Neighbor Solicitation (NS), Neighbor Advertisement (NA), 
Router Advertisement (RA), and Router Solicitation (RS) must be dealt with 
specially in order to ensure a client remains on the same Layer 3 network. The 
configuration for IPv6 mobility is the same as for IPv4 mobility and requires 
no separate software on the client side to achieve seamless roaming. The only 
required configuration is that the controllers must be part of the same 
mobility group/domain

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Wednesday, September 03, 2014 12:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] IPv6 on wireless experiences?

Hi,

Thanks for the heads-up!  We use the same VLAN IDs in each different routed 
precinct for our wireless subnets.

I saw this in the config guide:


*On the 7.4 release, the WLCs that have the same mobility group, same 
VLAN ID, and different IPv4 and IPv6 subnets, generate different IPv6 router 
advertisements. WLAN on these WLCs is assigned to the same dynamic interface 
with the same VLAN ID on all the controllers. The client receives correct IPv4 
address; however it receives a router advertisement from the different subnets 
that reach the other WLCs. There could be issue of no traffic from the client, 
because the first given IPv6 address to the client does not match to the subnet 
for the IPv4 address. To resolve this, you can configure the WLCs in different 
mobility group.
Is this what you are referring to?

Unfortunately we can't change the VLAN IDs of the wireless subnets.  I fail to 
see how the client can receive RAs from different subnets on other WLCs!

We're definitely enabling RA guard.

Cheers,
Tristan



Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.eduhttp://www.monash.edu/ | 
tristan.gul...@monash.edumailto:tristan.gul...@monash.edu







On 3 Sep 2014, at 5:56 am, Hector J Rios hr...@lsu.edumailto:hr...@lsu.edu 
wrote:


Tristan,

Pay attention to the config guide on the section that talks about IPv6 
Mobility. We had an issue in that past where we had three wireless core 
locations, and at each location we had the same VLAN ID, but s different 
subnet. This caused an issue where the controllers would forward RA's to 
clients across core locations causing connectivity issues. The solution was to 
either change the VLAN IDs (which we did) or to change the subnets.

Other than that we've run IPv6 for quite a while and had not had major issues.

Hope it helps.

Thanks,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Monday, September 01, 2014 1:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] IPv6 on wireless experiences?

Hi all,

We're about to enable IPv6 on our wireless network (Cisco WiSM2, engineering 
release which looks mostly like 7.6MR2) and we'd like to know if anyone has 
seen any big show stoppers or if there's anything we should be aware of.  Our 
limited testing has looked good so far but as always, we can never pick up on 
everything prior to release.  CAPWAP tunnels will still be IPv4; this is simply 
for client connectivity.

Specifically, we will have both layer 2 and layer 3 roaming.  DHCP is provided 
centrally via ip helper-addresses and we configure an IPv6 dhcp server on the 
routers to provide v6 DHCP server addresses for v6 native clients.

We'd love to hear how others are going with v6.

Cheers,
Tristan


Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.eduhttp://www.monash.edu/ | 
tristan.gul...@monash.edumailto:tristan.gul...@monash.edu






** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 
athttp://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] IPv6 on wireless experiences?

[Hector J Rios]

Tristan,

Pay attention to the config guide on the section that talks about IPv6 
Mobility. We had an issue in that past where we had three wireless core 
locations, and at each location we had the same VLAN ID, but s different 
subnet. This caused an issue where the controllers would forward RA's to 
clients across core locations causing connectivity issues. The solution was to 
either change the VLAN IDs (which we did) or to change the subnets.

Other than that we've run IPv6 for quite a while and had not had major issues.

Hope it helps.

Thanks,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Monday, September 01, 2014 1:21 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] IPv6 on wireless experiences?

Hi all,

We're about to enable IPv6 on our wireless network (Cisco WiSM2, engineering 
release which looks mostly like 7.6MR2) and we'd like to know if anyone has 
seen any big show stoppers or if there's anything we should be aware of.  Our 
limited testing has looked good so far but as always, we can never pick up on 
everything prior to release.  CAPWAP tunnels will still be IPv4; this is simply 
for client connectivity.

Specifically, we will have both layer 2 and layer 3 roaming.  DHCP is provided 
centrally via ip helper-addresses and we configure an IPv6 dhcp server on the 
routers to provide v6 DHCP server addresses for v6 native clients.

We'd love to hear how others are going with v6.

Cheers,
Tristan



Tristan Gulyas
Senior Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.eduhttp://www.monash.edu/ | 
tristan.gul...@monash.edumailto:tristan.gul...@monash.edu







** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] apple tv wired/wireless

[Hector J Rios]

Has anyone tested the Bluetooth discovery on an iPhone 5C. I can't get it to 
work. It works fine on an iPhone 5 and 5S, though. 

Thanks, 

Hector Rios
Louisiana State University


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Grieggs
Sent: Friday, June 13, 2014 1:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] apple tv wired/wireless

Our Apple TVs are on the Wired Network and we are using the Bluetooth. 
This is working well for us provided the Apple Hardware meets the requirements 
(generally newer ipads and iphones).

Our setup documentation is at:
http://www.iup.edu/itsupportcenter/howto.aspx?id=173894

On 6/13/2014 9:30 AM, Hurt,Trenton W. wrote:
 For the folks that have apple tvs on campus.  How are they connecting 
 to the network?  Wired/wireless

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.


-- 

==
Paul Grieggs
Technical Services Manager
Indiana University of PA
pmgri...@iup.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: High Availability for 2+1 scenario with Cisco WLCs

[Hector J Rios]

Matt,

We have been running N+1 for quite a while and never had any major issues. In 
our configuration we had three wireless core locations were only two of those 
had enough HAs to back up an entire core site.  But this summer we are moving 
to AP and Client SSO for true high availability. N+1 was fine in the past when 
wireless was not considered mission critical, but today more and more students 
and professors are relying on wireless and we must have a solution that will 
have the least impact. SSO promises that. We are running 7.6

Thanks,

Hector Rios
Louisiana State University




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, July 17, 2014 7:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] High Availability for 2+1 scenario with Cisco WLCs

Hello

Up until now, we have had a very distributed approach to our controllers, with 
no redundancy. We are centralizing our controllers with the idea of having at 
least 2 5508 WLCs and one High Availability 5508. When we were working with a 
consultant today, he indicated that his experience in using an HA controller to 
act as HA for more than one 5508 did not yield good results. He recommended 
using a 1:1 relationship for controller and HA controller. He did state however 
this was with 7.4.x code and he hadn't tried it with newer levels of code.

I thought I'd check here if anyone has had similar experiences and/or comments 
about their experience in the N+1 scenario, and if they say improvements or 
lack of issues with 7.6 code.

Any help/advice is appreciated.

Thanks



Matt

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Stadium Wireless Implementations

[Hector J Rios]

We had a really good experience with Fluke. Although it was not for outdoor 
wireless, I believe they also offer this service and their engineers are very 
knowledgeable.

Thanks,

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Landon Fisher
Sent: Friday, July 18, 2014 1:59 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Stadium Wireless Implementations

We are looking at deploying a new wireless implementation and are evaluating a 
couple of vendors.  This will be an outdoor stadium venue.

Has anyone had experience with ATT, AMPThink or Cisco Services to do wireless 
implementations?

If not are there other vendors that you have had success with on wireless 
deployments?

Thanks!

Landon Fisher
Network Services Analyst, Information Technology
Angelo State University
Member, Texas Tech University System
ASU Station #11020
San Angelo, TX 76909-1020
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: apple tv wired/wireless

[Hector J Rios]

We do allow them on our wireless network, but on the 802.1X network only (we 
didn't want to create a separate SSID). They have to setup a profile to do 
this, and push it out to the Apple TV  device, but believe me, it is painful. I 
don't recommend it.

-Hector Rios
Louisiana State University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Friday, June 13, 2014 8:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] apple tv wired/wireless

For the folks that have apple tvs on campus.  How are they connecting to the 
network?  Wired/wireless


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Learning Catalytics App

[Hector J Rios]

Good point Bruce. We have been supporting IPv6 on our network since 2008, so 
for us that is the standard question for everything. I'd be surprised if they 
support it. We'll see. 

-Hector

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis, Bruce
Sent: Tuesday, May 27, 2014 5:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Learning Catalytics App

On May 27, 2014, at 8:43 AM, Hector J Rios hr...@lsu.edu wrote:

 I was approached by one of our faculty to let me know that they are 
 considering switching from their current classroom clickers technology 
 (student response systems) to a web application called learning catalytics 
 (https://learningcatalytics.com/). If you haven't heard about it, please look 
 into it because sooner or later you'll see something similar.
  
 The advantage of this application is that students can use their own 
 WiFi-enabled devices, instead of clickers. But the obvious question is will 
 this work on our current wireless environment?. And the answer is always, 
 depends. For us, we are currently undergoing a redesign on a number of 
 classrooms that we have identified as in need for High Density wireless. 
 But these things take time, and money. Anyway, my question is, do you support 
 a similar application on your wireless network? The biggest concern for us is 
 that the nature of the application is to potentially cause users to transmit 
 data at the same time.  

  There may be a lot of transmissions at once but for multiple choice responses 
the amount of bandwidth is likely quite small.

 We have a trial in a couple of weeks and at that point we will look closely 
 into exactly how the application works and how much data it transmits. If 
 you've played with something similar, I'd love to hear from you.

  I wish these vendors supported IPv6.  The one's I've seen only support IPv4 
and need to talk to a server on the Internet.  We have had to NAT our wireless 
and were concerned that rooms full of students actively clicking (vs their 
devices checking email every 10 minutes) could require us to increase the IPv4 
numbers in our NAT pools.

  I'd suggest asking the vendor during your trial if they support IPv6.

  Thanks,
  
 Hector Rios
 Louisiana State University
 ** Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found 
 athttp://www.educause.edu/groups/.

---
Bruce Curtis bruce.cur...@ndsu.edu
Certified NetAnalyst II701-231-8527
North Dakota State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless Presentations at CiscoLive...

[Hector J Rios]

Some interesting (and useful) presentations I attended at Cisco Live:

BRKEWN-3011 - Troubleshooting Wireless LANs (2014 San Francisco)
BRKEWN-2017 - Understanding RF Fundamentals and the Radio Design of Wireless 
Networks

There are tons more, and not just on wireless. And I believe the recordings for 
some of them will be made available soon. Take advantage of this great resource!

Regards, 

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wireless Adapters

[Hector J Rios]

We are embarking on a project to try to educate our user population on the 
importance of having dual-band wireless adapters. We've had documentation on 
our website where we let them know what the minimum requirements should be, but 
we've seen that this has not been effective. We have always supported both 
bands on our wireless network, but we have also seen that there are still a lot 
of devices out there that only use 2.4. In talking to some students, I find 
that most of them will go for the most affordable laptop, and do make sure that 
their device has wireless, but that does not necessarily mean that it will be 
dual band.

I wonder what you have done? Do you have information that you can share?

Thanks,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Sharing Bugs...

[Hector J Rios]

We've run across this one and I thought I would share (TAC has a fix):

CSCuj28718 Bug Details
WISM-2 in 7.4.110.0 code is crashing with osapiReaper task suspended.
Symptom:
WISM-2 in 7.4.110.0 code is crashing often with osapiReaper task suspended. 
Below is the analysis of failure message.

 Software was stopped for the following reason:
The system has encountered a fatal condition at broffu_fp_dapi_cmd.c:3820

Conditions:
It crashes under normal condition without any configuration or environment 
changes.

Thanks,

Hector Rios
Louisiana State University


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WiSM2 and IPv6

[Hector J Rios]

For those of you that have been brave enough to run IPv6 on your Cisco wireless 
infrastructure, I wanted to ask a question.

We are running into a peculiar situation. We have three WiSM2s (7.4.110), in 
three different locations, all running on individual Cisco 6500 Catalysts. All 
the SVIs in the L3 switches are configured with IPv4 and IPv6 addresses. The 
WiSM2s are all part of the same mobility group. When a client joins the 
wireless network, it gets a v4 address and then three v6 addresses. The v6 
addresses correspond to the three different interfaces on each WiSM2. We 
suspected this had something to do with mobility. So we deleted the mobility 
members from all WiSM2s and clients got a single v6 address. But we have to 
have mobility. So, then we tried suppressing router advertisements on the SVIs, 
and that sort of worked. Clients now get a single v6 address from their parent 
controller, but interestingly enough, they eventually lose their v6 default 
gateway. The reason? We have no clue.

Anyway, have you guys run into this really fun issue?

Thanks and have a great weekend!

Hector Rios, CCNP, CCA
Assistant Director, Network Engineering
Dept. of Networking and Infrastructure
Information Technology Services
Louisiana State University
Phone: (225) 578-1333
Email: hr...@lsu.edumailto:hr...@lsu.edu



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: AVC on Cisco Controllers- How are You Using, Any P2P enforcement?

[Hector J Rios]

Sorry for the message below. It was an accident. I blame it on multitasking.

-Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Tuesday, November 12, 2013 3:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco Controllers- How are You Using, Any 
P2P enforcement?

Request was approved.

-H


From: Fannie J Moncrieffe
Sent: Tuesday, November 12, 2013 3:09 PM
To: Hector J Rios
Cc: Chris C Eilers; Dana M Warner; Gary S Graham; Mcarthur Jackson; Michellene 
C Verdin; Zina F Stockton; Dabney H Hayes
Subject: RE: Reserved Space Request Form - 12216

Mr. Rios,

This request is approved, the permit will be at the booth S. Stadium/Highland.


See charges below:


***B PARKING


Entry:

Total:

Reservation Charges:

Per Reservation 1st Space:

1

$6.00


Each Additional Space:

0

$0.00


Hourly Space Charges:

Number of Spaces:

1


Number of Hours:

3

$4.50


  $2 per space for any changes or  requests made within the 24 hours of event

1

$2.00



TOTAL CHARGE:

$12.50



Fannie J. Moncrieffe
Associate Director
Parking  Transportation Services
Louisiana State University
225-578-5015
fmonc...@lsu.edumailto:fmonc...@lsu.edu


From: Hector J Rios
Sent: Tuesday, November 12, 2013 2:53 PM
To: 'The EDUCAUSE Wireless Issues Constituent Group Listserv'
Subject: RE: AVC on Cisco Controllers- How are You Using, Any P2P enforcement?

I'll answer your question. Yes, we are using it. We have tested a couple of P2P 
applications and AVC works fine. We still use our IPS as our primary means to 
handle P2P traffic, but AVC is a nice feature. The only issue for us right now 
is the lack of visibility. Today we have it configured but we do not get 
statistics on who or what gets blocked. From what I understand you need the 
Cisco Prime assurance license to have this additional capability.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 12, 2013 9:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco Controllers- How are You Using, Any P2P 
enforcement?

Hello Group,

Wondering if Cisco's AVC is being used by anyone to block P2P as opposed to 
using a Procera/Palo Alto solution, and how it's working for you?


Thanks-

Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: AVC on Cisco Controllers- How are You Using, Any P2P enforcement?

[Hector J Rios]

I'll answer your question. Yes, we are using it. We have tested a couple of P2P 
applications and AVC works fine. We still use our IPS as our primary means to 
handle P2P traffic, but AVC is a nice feature. The only issue for us right now 
is the lack of visibility. Today we have it configured but we do not get 
statistics on who or what gets blocked. From what I understand you need the 
Cisco Prime assurance license to have this additional capability.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 12, 2013 9:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco Controllers- How are You Using, Any P2P 
enforcement?

Hello Group,

Wondering if Cisco's AVC is being used by anyone to block P2P as opposed to 
using a Procera/Palo Alto solution, and how it's working for you?


Thanks-

Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: AVC on Cisco Controllers- How are You Using, Any P2P enforcement?

[Hector J Rios]

Request was approved.

-H


From: Fannie J Moncrieffe
Sent: Tuesday, November 12, 2013 3:09 PM
To: Hector J Rios
Cc: Chris C Eilers; Dana M Warner; Gary S Graham; Mcarthur Jackson; Michellene 
C Verdin; Zina F Stockton; Dabney H Hayes
Subject: RE: Reserved Space Request Form - 12216

Mr. Rios,

This request is approved, the permit will be at the booth S. Stadium/Highland.


See charges below:


***B PARKING


Entry:

Total:

Reservation Charges:

Per Reservation 1st Space:

1

$6.00


Each Additional Space:

0

$0.00


Hourly Space Charges:

Number of Spaces:

1


Number of Hours:

3

$4.50


  $2 per space for any changes or  requests made within the 24 hours of event

1

$2.00



TOTAL CHARGE:

$12.50



Fannie J. Moncrieffe
Associate Director
Parking  Transportation Services
Louisiana State University
225-578-5015
fmonc...@lsu.edumailto:fmonc...@lsu.edu


From: Hector J Rios
Sent: Tuesday, November 12, 2013 2:53 PM
To: 'The EDUCAUSE Wireless Issues Constituent Group Listserv'
Subject: RE: AVC on Cisco Controllers- How are You Using, Any P2P enforcement?

I'll answer your question. Yes, we are using it. We have tested a couple of P2P 
applications and AVC works fine. We still use our IPS as our primary means to 
handle P2P traffic, but AVC is a nice feature. The only issue for us right now 
is the lack of visibility. Today we have it configured but we do not get 
statistics on who or what gets blocked. From what I understand you need the 
Cisco Prime assurance license to have this additional capability.

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, November 12, 2013 9:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco Controllers- How are You Using, Any P2P 
enforcement?

Hello Group,

Wondering if Cisco's AVC is being used by anyone to block P2P as opposed to 
using a Procera/Palo Alto solution, and how it's working for you?


Thanks-

Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: UNII Bands and wireless

[Hector J Rios]

We have always supported 5GHz. But we do not enable the extended UNII-2 
channels as not all clients support them.

-Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, November 05, 2013 11:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] UNII Bands and wireless

I'm curious.  How many of you out there have avoided the UNII space in your 
deployments, and how many embrace it?  For those that are using the UNII bands, 
what have you done to minimize client compatibility issues?

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: UNII Bands and wireless

[Hector J Rios]

Correct.

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, November 05, 2013 1:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] UNII Bands and wireless

Does that mean you are using UNII1,2 and 3, just not 2e?

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Tuesday, November 05, 2013 2:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] UNII Bands and wireless

We have always supported 5GHz. But we do not enable the extended UNII-2 
channels as not all clients support them.

-Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, November 05, 2013 11:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] UNII Bands and wireless

I'm curious.  How many of you out there have avoided the UNII space in your 
deployments, and how many embrace it?  For those that are using the UNII bands, 
what have you done to minimize client compatibility issues?

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.