Cordless Phone Interference
We are starting a project to completely cover our entire campus with a/g/n Cisco LWAPPs replacing and adding to our current coverage. One thing that has been asked is what should we tell our users what want to use wireless telephones. The old 900 MHz phones are almost impossible to find other than on the used market. So that is really not an option. My question to you is what do you do about wireless telephones coexisting with your wireless network, if anything? If I get enough responses I will be glad to summarize for the list. Thanks. -jcw John Watters The University of Alabama OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Cisco WLC/WiSM.LWAPP Behavior Problem
Over this past weekend we saw a strange (to me anyway) phenomenon with our users in the football press box during our game. Every 14 minutes a majority of the users, though not all, were dissociated from their LWAPPs and then re-associated a few seconds later. It looks like something associated with either (1) some WLC/WiSM timer, or (2) some other wireless device(s) in the stadium causing periodic interference. Our Cognio Expert (now the Cisco Spectrum Expert) did not show anything unusual. In fact, interference was less than in previous games this season. ESPN was covering this game, though they have done a couple of others here this year when we did see a lot of non-AP interference. CBS did the game last week. It was about the same as earlier games with a lot of stuff on channels 1 11 The users complained (earlier and this past weekend) of periodically losing their network connection. Most were browsing the Web for scores of other games or streaming coverage of other games. Does anyone have any clues to get me started on this problem. Thanks. -jcw - John Watters The University of Alabama, OIT: 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
N Adapters
I need purchase several good 802.11N adapters for doing site surveys with a couple of Dell Lenovo/IBM laptops that do not have built-in N capability. Can anyone venture suggestions of cards that seem to be good as well as those to avoid. We use Cisco LWAPPs (1142s) and WiSM controllers with Airwave management, not that it should really matter for purposes of this question. Thanks. -jcw - John Watters The University of Alabama ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
The Aruba-owned Airwave AMP product has quite successfully managed my Cisco WiSM deployment. We actually have two of them, one for campus APs controllers and a second for ResNet APs and controllers. I also own a WCS with its Location Appliance. But, I have quit using the WCS -- it is much harder to use than the AMP and gives much less current and past information. You might consider separating the management aspect from the wireless hardware. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Rob Brenner Sent: Wednesday, January 28, 2009 9:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Assuming that this will be a large scale deployment, make sure to actually use the management software during your evaluations. Cisco uses a WCS and Aruba has purchased the Airwave product. It's my opinion that with enough hard work any vendors can eventually provide a good wireless experience for the end users. With that said, our latest evaluations are also including the management platforms. We are hoping for a decent Administrative experience also. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Toivo Voll Sent: Wednesday, January 28, 2009 8:48 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Comments about Aruba and Cisco Some tests we found worthwhile: -Check to see if multicast works like you expect. -Related to multicast and in general, check to see if fragmentation also leads to reordering of fragments and if your applications can live with this. -Test client throughput in various scenarios (Single client, multiple clients, multiple clients some of which are legacy, bonded N channels vs. unbonded, as many client cards as possible) and with varying number of TCP streams per client. In particular with 802.11n the throughput behavior between Aruba and Cisco was quite different depending on the number of concurrent streams a client was sending / receiving. -Test WPA2 authentication with whatever authentication backend you wish to use, including roaming between APs. Unless you get several controllers, you may not be able to see whether the hand-off between APs on different controllers introduces longer delays. -Run some customer support scenarios trying to find out whether a client is working right, seeing what might be the cause for bad performance, and look at logging of information within the various systems. -You didn't mention the scale of your deployment, but see what additional pieces you might need to go full-scale, such as how many APs/Controllers one WCS box can handle before you need several and Navigator. I'm not sure what the equivalent in Aruba parlance is. -You mentioned you're looking at the 1200 series (our new Ciscos are 1142s) but also look at mounting and physical security options as well as harmonious life with your Friendly Fire Marshall on your gear in regards to plenum issues. -If you are planning to use PoE gear in a mixed-vendor environment, test the behavior of that as well. You'd think this would be easy-peasy but we didn't find this to necessarily be the case. -If you're using rogue detection features, see whether the alerts are valid, and in a case of multiple rogues you'd like to contain whether you can correctly un-contain some or add new rogues to the containment list. -Test for controller failures and AP behavior -- also make sure to see what happens when the downed controller is brought back. -- Toivo Voll Network Administrator Information Technology Communications University of South Florida On Tue, Jan 27, 2009 at 8:59 PM, Johnson, Ken ken.john...@med.fsu.edu wrote: All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please send me your thoughts. Thanks. Ken ~~ Ken Johnson Director, Information Technology FSU College of Medicine 1115 Call Street Tallahassee, FL 32306-4300 e-mail: ken.john...@med.fsu.edu phone: 850.644.9396 cell: 850.443.7300 fax: 850.644.5584 Please note: Florida has very broad public records laws
RE: [WIRELESS-LAN] Comments about Aruba and Cisco????
(Aruba) Airwave is having a webinar in early FEB to introduce new features in their latest AMP release. This might be worth watching just to get a feel for how their interface looks and works. It manages the majority of fat APs, thin APs, and controllers. So far I have not seen a decrease in support for my Cisco gear since Aruba bought this company. I wish Cisco had taken my advice and bought it. I can send the registration URL (it appears to be open to customers and prospective customers), but didn't want to appear that I am making a sales pitch. If it doesn't run into the hundreds of requests, I wil send it along privately to those who ask. -jcw - John WattersUA: OIT 205-348-3992 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Johnson, Ken Sent: Tuesday, January 27, 2009 8:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Comments about Aruba and Cisco All, I am a member of an evaluation team at Florida State University considering Cisco and Aruba wireless products. We are focusing on LWAPs and controllers. For evaluation configuration and pricing purposes, we have requested from the companies information and pricing relating to configurations with 128 and 1200 APs. The Aruba LWAP is the AP125 while Cisco LWAP is the recently release 1142. The Aruba controller is the M3 while the Cisco product is the WiSM. There are other aspects, too. I know many of you have experience with Cisco and Aruba and have gone through similar experiences. I am interested in learning about any observations and experiences you have that we should consider in our efforts. Please send me your thoughts. Thanks. Ken ~~ Ken Johnson Director, Information Technology FSU College of Medicine 1115 Call Street Tallahassee, FL 32306-4300 e-mail: ken.john...@med.fsu.edu phone: 850.644.9396 cell: 850.443.7300 fax: 850.644.5584 Please note: Florida has very broad public records laws. Most written communications to or from state/university employees and students are public records and available to the public and media upon request. Your e-mail communications may therefore be subject to public disclosure. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless Installation Process
We have our internal network infrastructure group (they run phone data wiring under contract to us) install the AP at the same time they run the wiring. They terminate one end at the AP and the other end in our patch panel in the comm closet. When they are done, a second group comes behind them and patches the AP into our mid-span PoE device (PowerDsine) and from there into the switch. They then configure the PoE device (only an AP name is added on the port used) and the switch (proper DOT1Q VLAN and port description). This group then notifies me to do the setup of the AP (Cisco WiSMs and Airwave AMP). This usually just involves changing the AP (actually, a Light Weight unit) to use a static IP address (it gets a DHCP address to get started), assign it the name we want, and put it in the proper AMP group so it gets associated with the proper WiSM controller. Normal start to finish time is listed as 3-5 days. Rush jobs can be handled in much less. New building design (as well as installations in existing buildings) is done entirely from AutoCAD drawings. New buildings drawing files are supplied by the architects. Older building drawing files come from our internal facilities folks, if they have them (and they have most). If they don't have them, we have scanned in some drawings that were produced from actual building measurements a while back that were intended to make you are here, emergency exit this way signs for the fire safety folks. We then used AutoCAD to place our APs on a 50' diagonal grid covering the entire building. Some adjustments need to be made for high use areas (eg, classrooms where we expect a lot of wireless users in a small space) and to make accommodations for architectural oddities (eg, glass walls, extremely high ceilings, special/need-to-be kept-pretty spaces). So far, we have not had any coverage holes. And, the WiSMs report the APs running at, or one level below, max power on all radios (a/b/g now, adding n starting now). Also, new building wiring and AP installation are done after the comm closet is secure but before the drop ceiling grids are installed. And, as an aside, we have only had five APs stolen since we started installations years ago. And, those were before we starting putting small locks on each unit. In addition to the locks, we put the APs in the dorms in student rooms (rather than on the other side of the wall in a public hall, if possible, based on our AutoCAD layout) so we could charge the occupant for damage or loss. In other buildings we just put them where the design says to put them. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Case, Brandon J Sent: Wednesday, December 17, 2008 9:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Installation Process I'm curious as to how you all out there handle the actual physical installation of APs in your environments. Do you handle that within the same team that manages the wireless network or is it a separate group that installs the equipment? How do you go about having the data jacks installed? Just as an estimation, approximately how long does it take to have an AP installed? For buildings that are still in the planning phase, do you design the AP locations into the building based on CAD drawings ahead of time? Or do you perform an on-site survey after the building is open and then proceed with installation? Any and all comments are appreciated. Thanks, -- Brandon Case, CCNA Network Engineer, ITaP Purdue University ca...@purdue.edu Office: (765)49-67096 Mobile: (765)479-7597 Fax:(765)49-46620 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco WiSM
Seven WiSMs running 4.2.112 without any known problems. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Leo Song Sent: Wednesday, December 03, 2008 10:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco WiSM Hi, folks. Which WiSM code are you running, 4.1.185 (we are), 4.2.173 or 4.2.130, etc, etc? we've been suffering the prolong crash bug, the response from Cisco is not promising, thanks. Leo Song, Cluster Lead - Networking and Security (519) 824-4120 x 53181 CCS, University of Guelph ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Channel Selection on APs
We let our Cisco WiSM controllers pick the channels. Works as well as could be expected with the number of rogues we have, particularly in the dorms. If using the AMP management platform, you can let it optimize your channels. And, it is not 3, 6, 11 that are non-overlapping, but 1, 6, 11. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jr., D. Michael Sent: Thursday, October 16, 2008 8:52 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Channel Selection on APs In the past, we have always setup wireless access points to use channels 3, 6, and 11, since these channels are the non-overlapping channels. We have tried to be careful in spacing out APs and picking one of these three channels where it seems appropriate to prevent interference from one another. A question was posed by someone in my staff about using the least congested channel setting instead of going through all the trouble of determining and setting the channel. So, the questions are... 1. What are you other institutions doing about channel selection on your Access Points? 2. If you are using 3, 6, and 11, what is your strategy for use and what problems and/or successes have you seen? 3. If you are not using 3, 6, and 11, why not? What are you doing? And what problems and/or successes have you seen? Any input is appreciated. Thanks, D. Michael Martin, Jr. Network Administrator University of Montevallo ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Channel Selection on APs
Even with controllers (we currently have 9 WiSMs, each of which contains two controllers), the AMP product is very useful for coordinating the controllers. We tried the Cisco WCS product (and still have it), but found the AMP much easier to drive. It will manage both controllers and APs. The APs can be a mix of standalone units and controller-based units. And, the controller-based APs can be divided into groups with similar characteristics (eg, SSID and authentication type). Reporting through the AMP is very good too. You can quite easily look at a user and tell what APs he has been on, how long he was there, what his average signal strength and quality was, what SSID he used, etc. You also get very good usage reports for usage on an AP, by any time reference you want, eg, last couple of hours, last day, last week, JAN-MAR, etc. Simply using controllers does not relieve you of the need to manage them and report on them, as well as on the APs and the users. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Fruits, Brian Sent: Thursday, October 16, 2008 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Channel Selection on APs We use Meru as well and the single channel virtual cell works extremely well. It is especially nice when you need to drop an additional AP in the middle of an existing WiFi cloud. Since the other APs don't need to re-channel or adjust their power, you don't have to worry about creating new dead spots. Of course, if you aren't comfortable with single channel or virtual cell you can still configure some or all of the APs in the more traditional isolated multi-channel manner. The controller does have commands to auto-channel, but I rarely need to use them. I also agree with John York that if you have more than a handful of APs a controller model makes life much simpler. If you are happy with you existing infrastructure but it doesn't support a controller, you may consider looking into AirWave's Management solution. It's a nice product that allows you to have 3rd party [autonomous] APs that are centrally managed. Brian Fruits ITS-Network Services UNC Charlotte -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Scholz, Greg Sent: Thursday, October 16, 2008 10:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Channel Selection on APs In Meru you pick the channel but it uses a single channel across the entire SSID when in virtual cell mode, not per AP. (this is part of the special sauce that they got beat up for a while ago by other vendors implying they were breaking the standard) So we don't have to worry about overlapping channels or power settings. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Ken Connell Sent: Thursday, October 16, 2008 10:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Channel Selection on APs Aruba handles the RF (channel pwr levels) dynamically...one less worry... Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Martin Jr., D. Michael [EMAIL PROTECTED] Date: Thursday, October 16, 2008 9:52 am Subject: [WIRELESS-LAN] Channel Selection on APs To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU In the past, we have always setup wireless access points to use channels 3, 6, and 11, since these channels are the non-overlapping channels. We have tried to be careful in spacing out APs and picking one of these three channels where it seems appropriate to prevent interference from one another. A question was posed by someone in my staff about using the least congested channel setting instead of going through all the trouble of determining and setting the channel. So, the questions are... 1. What are you other institutions doing about channel selection on your Access Points? 2. If you are using 3, 6, and 11, what is your strategy for use and what problems and/or successes have you seen? 3. If you are not using 3, 6, and 11, why not? What are you doing? And what problems and/or successes have you seen? Any input is appreciated. Thanks, D. Michael Martin, Jr. Network Administrator University of Montevallo ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation
RE: [WIRELESS-LAN] Management Software
We use a couple of the Airwave AMP products to manage Cisco IOS Cisco WiSM/LWAPP. 850+ on one AMP (ResNet) and 600+ on the other (general campus use). Both will continue to grow. Very nice product. Tried the Cisco WCS but it was not nice at all to drive. In addition, licensing is a real pain. It took months to get a valid license for an upgrade. By then, I needed another. I could never get licenses (increments of 100) as fast as I needed them without buying too many in advance. -jcw - John Watters UA: OIT 205-348-3992 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jr., D. Michael Sent: Thursday, October 09, 2008 9:44 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Management Software I need a quick survey of what all of you out there use for management of your wireless devices (APs and such). We are a small shop with only 127 Access Points and 97 switches but the number of APs will probably double within the next year or so. Most of our devices are HP but we have some legacy Cisco stuff too. Any advice would be appreciated on management software for handling firmware updates, mass configuration changes, monitoring, etc... Thanks, D. Michael Martin, Jr. Network Administrator University of Montevallo ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Cisco Wireless Controller
Contrary to this thread, we are running 4.2.112 on 14 WiSM controllers without any noticeable difficulty - no memory leaks and no complaints of random disconnects. We have these divided into two roaming domains, one for general campus use and one for ResNet (they pay for their stuff out of a different budget and also get different rules on what they can do). -jcw - John WattersUA: OIT 205-348-3992 _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Hector J Rios Sent: Wednesday, October 08, 2008 3:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Manoj, I'm so glad you mentioned it. I thought we were the only ones. We run 4.2.130 also and have the same issue. We've been working with TAC for the past two months and they still can't figure out what causes that behavior. Louisiana State University Hector Rios From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Manoj Abeysekera Sent: Wednesday, October 08, 2008 1:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Wireless Controller Mike, We run 4.2.130. I was told by Cisco Engineer to downgrade to this version as we had a nightmare with 5.x. However we still get Clients disconnected at random intervals(Radio seems to reset somehow forcing clients to roam to nearby LAP's). Cisco has no clue and i wonder why not many people have called them yet. WLC's 4404 AP's 1230 Open Network Let me know if you find a cure.. Good Luck! Manoj American U. Mike King [EMAIL PROTECTED] Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 10/08/2008 02:44 PM Please respond to The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU To WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU cc Subject [WIRELESS-LAN] Cisco Wireless Controller So Cisco LWAPP people, Currently we're on 4.1.185.0 http://4.1.185.0/ . It's a 4402 controller, with 1131AG access points. Anyone made the leap to one of the 4.2, 5.0 , or 5.1 trains without seriously regretting it? We've had some random disconnects with clients. It's pretty common, happening to most all users. We're running WPA-PSK, so it's not an 802.1x issue. Before we involve TAC, we figured we should upgrade to a new code train. Mike ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.educause.edu/groups/ ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Problem With WPA2 Cisco WiSM Controllers
We have run across a problem implementing WPA2 that I could use some help with. We are using Cisco WiSM controllers with a variety of Cisco LWAPPs. We set up WPA2 (with WPA compatibility) to use AES/CCMP and PEAP/MS-CHAPV2. All works fine with non-Windows supplicants (eg, Intel or Lenova). However, using the built-in Windows supplicant, we get one connection when it is first set up and can never connect again. We suspect our VeriSign certificate on the FreeRadius server as the cause of our problem. But, we are certainly not sure. MACs (newer ones anyway) and Vista machines do just fine. We have tried WinXP SP2 SP3 -- both behave the same. Can anyone point me in the right direction? Thanks. -jcw - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Problem With WPA2 Cisco WiSM Controllers
I am selecting the broadcast SSID. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Cottrell, Charles P. [EMAIL PROTECTED] Subject: Re: [WIRELESS-LAN] Problem With WPA2 Cisco WiSM Controllers Date: Tue, 5 Aug 2008 13:58:51 -0400 Just to clarify, when the connection is first setup are you selecting the broadcast SSID in available networks or do you have to manually define the network and all of the properties? Charles -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of John Watters Sent: Tuesday, August 05, 2008 1:51 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Problem With WPA2 Cisco WiSM Controllers We have run across a problem implementing WPA2 that I could use some help with. We are using Cisco WiSM controllers with a variety of Cisco LWAPPs. We set up WPA2 (with WPA compatibility) to use AES/CCMP and PEAP/MS-CHAPV2. All works fine with non-Windows supplicants (eg, Intel or Lenova). However, using the built-in Windows supplicant, we get one connection when it is first set up and can never connect again. We suspect our VeriSign certificate on the FreeRadius server as the cause of our problem. But, we are certainly not sure. MACs (newer ones anyway) and Vista machines do just fine. We have tried WinXP SP2 SP3 -- both behave the same. Can anyone point me in the right direction? Thanks. -jcw - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Support headache of WPA2 Enterprise
We too are trying to do the same thing this Fall. Unfortunately the HelpDesk folks haven't started their documentation yet even though I have the APs ready. Are you willing to share your docs? Thanks. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Norman Elton [EMAIL PROTECTED] Subject: [WIRELESS-LAN] Support headache of WPA2 Enterprise Date: Wed, 9 Jul 2008 16:38:05 -0400 We're looking to deploy WPA2 Enterprise with MSCHAPv2 this fall. All of our students have centralized accounts, so they should know their name and password. We've created full instructions, with pictures, which will be made available to anyone connecting to our unencrypted network. For Macs and Vista, the process is relatively painless. Some people will probably figure it out without any help. Windows XP; however, is another beast. We've boiled things down to twelve steps, all necessary to configure PEAP, MSCHAPv2, trust levels, etc. For people that have done this in the past... how much support overhead was involved in your deployments? With clear instructions made available, were the majority of students able to figure the process out? We'll obviously have plenty of extra support staff on hand during fall move-in, but are wondering if they'll be facing a tidal wave or trickle. Thanks for any advice, stories, etc. Norman Elton College of William Mary ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Latest Stable WiSM Code?
Please reply on list. We are also facing the same problem and would like to see suggestions. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Lee H Badman [EMAIL PROTECTED] Date: Thu, 1 May 2008 09:36:27 -0400 Subject: [WIRELESS-LAN] Latest Stable WiSM Code? Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU This is aimed at the WiSM crowd on the list: We are currently running 4.2.61.0 on our WiSMs, and are newly enjoying the afterglow of random controller reboots from a bug. TAC guidance is that 4.2.112.0 fixes our bug. But given the intrusiveness of upgrading almost 2000 APs and 24 controllers, I'd rather look at whatever the latest truly stable code is for a summer upgrade, then not touch again for six months. Is anyone hearing any info of real value on what code versions should be avoided? Off list is fine, if you'd like. -Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] University of Chicago Removes Wireless From Classroom
I agree that APs shouldn't be cut off. However, I do have a way to do it that might work for you: The PowerDsine Mid-Span power inserters (latest firmware) allow you to schedule power off by hour and day of the week. This doesn't help with classes that start on the half hour or end 10 minutes before the hour, etc. But, it is simple and effective if you can live with the fixed schedule. The unit presents a matrix of days of the week and hours of each day that you check or uncheck to allow or disallow power to the devices attach. A drawback is that every port on the PoE inserter must either obey the schedule or ignore it -- you can't have one schedule for port 1 and another for ports 2-4, etc. Depending on your environment, you could possibly put all the APs needing a single schedule on one PoE unit and others in the building on other units. Units come in 6, 12, 24-port versions. We have found these to be cheaper and easier to manage that the PoE blades available for our switches, though I still want a global manager for them. (Management is via Web interface.) This is not a suggested solution, just a description of one approach to AP scheduling. -jcw - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Open Wireless in Higher Ed - CALEA
Please share your code with the group. Thanks. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Daniel Eklund [EMAIL PROTECTED] Subject: Re: [WIRELESS-LAN] Open Wireless in Higher Ed - CALEA Date: Thu, 27 Mar 2008 09:12:12 -0400 Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We require all off-campus access to authenticate via our captive portal, so we don't have an issue with CALEA. We have developed an application that allows students, faculty and staff to create time limited sponsored guest IDs and I'd be willing to share that code with the group. -- Daniel Eklund Director, Network Engineering Wayne State University Detroit, MI 48201 Phone: 313-577-5558 Fax: 313-577-5577 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. - John WattersUA: OIT 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco Wisms CPU
We have two CAT6506s, one with a single WiSM (our backup platform) and the second with three WiSMs. The first CAT6506/single Wism has no users and is only used to test new code levels and act as a set of spares for the other box (soon to be several more). The WiSM on this box is running 4.0.206.0. The second CAT6505/three WiSMs supports what little wireless we have moved to the lightweight stuff -- 319 LWAPPs with 300-400 users so far. The WiSMs on this box are running 4.0.206.0 4.0.219.0. I will move them all up to 4.1 (maybe 4.2) at the end of the semester so I have some breathing room to fight problems. The first/almost idle CAT6506 shows a CPU utilization of 0-1% all the time. The second CAT6506 shows an average utilization of 0-1% with peaks of 4%. Not much difference between the two. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: James J J Hooper [EMAIL PROTECTED] Subject: [WIRELESS-LAN] Cisco Wisms CPU Date: Wed, 13 Feb 2008 21:10:38 + Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Hi All, A quick question for those out there with WISMs... What level of CPU usage are you experiencing (with how many users)? A bit of background... We have two wism blades (4 wisms) and since we purchased them in about april'07 they were running at about 35%, rising to 50% at peak times, with frequent spikes up to about 90%. The spikes were worrying, but the average seemed ok, and as they did this from day one I was under the impression this was the norm. Recently, we upgraded to the 4.2.x.y stream from 4.1. As has been covered in other recent posts, 4.2 has some outstanding issues (more than others anyway) and things became unstable... so we decided to go back to 4.1.85.0 (TAC hasn't provided us with any solutions for 4.2 issues). We had a backup of our previous 4.1 config, but I chose not to use it and start again from scratch (a few things had changed, so either way involved work) Since the reversion to 4.1.85.0, our cpu usage now averages 2% and peaks at 6% at peak times (220 waps, ~350 users). [4.1.85.0, 12.2(18)SXF7] Thanks, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk -- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] advise on PDA for survey
We used to send out techs with a couple of notebooks plus a couple of APs connected to small UPSs to do these surveys. It went well in some (~50%) of the buildings, but not in others. It was very time consuming and not very accurate. We have recently began to use a survey-by-drawing technique which has shown *much* better results. We use AutoCAD drawings of the buildings (some older drawings available only on paper were scanned, imported, and scaled) and place APs at either 75' or 50' diagonal spacing (it depends on the AP and antennas that we are going to use in that building). We also do some hedging for buildings known to have very thick walls (eg, concrete block, poured concrete, or the old red tile blocks). Then, when a building is to be done, the installers take the drawing and verify that all locations can actually accommodate wiring. We have occasionally (5%) had to adjust a building due to some feature that we could not see on the drawings (eg, a glass wall). So far, almost buildings done in this manner have been excellent with only a couple of coverage holes that needed to be plugged. We are using several models of Cisco LWAPPs, but really like the AIR-LAP1131AG-A-K9s. They look good (no external antennas), are relatively cheap, and the wiring guys have no problem actually mounting the APs while they are running the wiring. My techs then go behind them and put the midspan PoE inserter in the wiring closet, patch the AP wiring to the PoE inserter (we are using PowerDsine), patch the PoE inserter to the switch, set the switch port to the proper VLAN, and walk away. We are using the Airwave AMP product to manage the APs. So, the AP finds a WiSM controller. The AMP discovers the APs. We move them to the proper AMP group. The AMP ensures that all the proper settings are pushed down to the APs. And, everything is good to go. This process has freed up the Network techs from the site surveys and the AP installs. And, it has given us much better coverage. It also makes estimating much easier for me. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] advise on PDA for survey From: Philippe Hanset [EMAIL PROTECTED] Date: Mon, 3 Dec 2007 12:23:43 -0500 Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU All, We have recently outsourced the WLAN survey of our buildings to the team that does our cabling. It seemed to make more sense since they have access to every room on campus and can use their knowledge of the cable plan to come up with a best compromise in the location of Access-Points. To the point: my team used to do surveys with their laptops, but our cabling guys don't have laptops. What would you advise as a PDA with Wi-Fi for surveys under $500? Thanks, Philippe -- Philippe Hanset University of Tennessee, Knoxville - ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Universities supplying free Wifi to the public
We used to do just what is being considered but dropped it this past summer due to CALEA concerns. We would be interested in hearing any logic that would allow general public access to our campus wireless network without putting us in jeopardy (or increasing the possibility of us falling under the rules) of CALEA. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Wendy Wigen [EMAIL PROTECTED] Date: Tue, 23 Oct 2007 22:12:01 -0600 Subject: [WIRELESS-LAN] Universities supplying free Wifi to the public Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Do any of you folks know of any institution that fits this description? See request below: Peter Fleck wrote: I'm looking for the names of colleges and universities (U.S.) that provide free Wi-Fi to the public on their campuses. Any information as to how they are addressing security would also be helpful along with any worries they have about CALEA. U of Minnesota is in the process of building a Wi-Fi network across campus. I'd like to share the info with them. Thanks. Wendy Wigen Government Relations Officer EDUCAUSE 1150 18th St. NW Suite 1010 Washington, DC 20036-3824 202-331-5372 [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: WiSM 6500 memory leaks
We have a couple of CAT6506s with WiSMs -- one with two and one with three. I don't think I am seeing this problem. However, it may be that I am not recognizing it. How are you checking for memory leaks? We are running IOS 12.2(18)SXF7 on both boxes. Both have been running for 33+ weeks. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Roth, Joe [EMAIL PROTECTED] Date: Mon, 15 Oct 2007 15:55:52 -0400 Subject: [WIRELESS-LAN] WiSM 6500 memory leaks Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU We have two Catalyst 6500's running native IOS. Both have 3 WiSM blades installed in each. We are currently running modular IOS ver 12.2(33)SXH. Both Sup720's seem to be leaking memory at a constant rate, about 7 megabytes a day. The Sup's eventually hit a point where telnet to it becomes sluggish and the memory spikes frequently, then they reboot themselves. I am working with TAC, they seem the think that it is the udp.proc process. I hate to point my finger at the WiSM blades, but I can't think of anything else that has changed within the last 6 months. Has anyone else noticed similar issues? --Joe === Joe Roth Information Technology Services Binghamton University Ph: 607-777-7528 Fx: 607-777-4009 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WiSM Interface Problem/Question
I have seen this problem a couple of times, but it has disappeared before I could finish troubleshooting it. Please let me know what you find. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Lee H Badman [EMAIL PROTECTED] Date: Thu, 20 Sep 2007 12:39:30 -0400 Subject: [WIRELESS-LAN] WiSM Interface Problem/Question Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Though I have not completely ruled out our network... I am seeing individual VLAN interfaces (these each get IP addresses) on WiSMs that occasionally fall off - just stop responding. The net effect is that a given SSID is still present for clients to attach to, but the interface is gone, so there is no network usability. If I delete and recreate the interface, functionality is instantly restored. (or if the controller is rebooted). This is happening across three different 6500's, several different WiSMs Have ruled out duplicate IP addresses, and some ARP history is showing two MAC addresses (same root MAC, last digit varies as is seen when MACs are dynamically generated) for the same dynamic interface IP address, and in some cases the same MAC is showing up for the AP manager interface and the dynamic vlan interface. Not implying that all of this can't be explained, or that there is an issue with the WiSMs- but wondering if anyone else has seen any similar symptoms and found answers. Feel free to respond directly to me if you prefer. Regards- Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Site survey Wifi deployment software and methodology queries
We looked at several tools and even tried to hire a company to do a site survey for us. Only one company was interested since we were not going to purchase APs, installation services, etc from them. We finally decided to do our own site survey using bulding plans and placing APs on a 75' diagonal grid to provide overlapping coverage to every spot in the building. AutoCAD and a reasonable set of drawings got us on our way. We decided not to even visit the buildings. We will later use the same drawings as a basis for publishing AP location information to our users (though the entire campus will be covered when we finish the project, so I doubt that these will be used very often). And, we will also use these plans as a base for our AP and user location tool (either the Cisco Location Appliance or the Airwave VisualRF product, or both). Based on a comparison of buildings that we already had installed to the plans that we came up with on paper, they are almost identical. Changes were mostly from one side of a hall to the other. The installed buildings used a technique of hauling an AP and several laptops around and taking signal strength readings. Then, after some further guessing we installed the units. Very few adjustments had to be made later to provide good coverage. The existing AP placements and the new paper-based placements were done by different folks with very little knowledge of where the other group had placed the APs. Since we are using the Cisco controller-based APs, we anticipate the controllers making some adjustments to AP power settings to cut back power in some places. We also expect to have to add some APs in areas where walls are particularly thick or some other form of interference was not readily detectable frm the floor plans we used. We will cover outdoor areas by guessing and then fixing. Many outdoor areas will get covered just frm the leakage from adjoining buildings. By the way, we will be supporting a/b/g with this installation though we anticipate dropping b in the fall. Now we just need a pile of money to get us on our way. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Christian Hroux [EMAIL PROTECTED] Date: Thu, 26 Apr 2007 15:57:58 -0400 Subject: [WIRELESS-LAN] Site survey Wifi deployment software and methodology queries Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Hello! We are planning a campus wide Wifi deployment. I am looking for tool and advice on how to do site survey. We are looking at Cisco airspace solution with controller. The test deployment 20 AP was done with consultant and the actual site survey was to install and move around one mobile AP and check the reception with a laptop to determine the final AP spot. This process was repeated until the floor was covered. Not a very scientific approach and quite costly. From my reading there are 2 types of site survey: -Spectrum analyser to evaluate noise in your environment. -Simulation software tool where you load your (autocad) floor plan and the software will help to define the location of your access-points. -Another survey is to install all access-points and walk the floor and take sample reading with a laptop and software and analyse the result. -Once you have your Wifi network Cisco seem to have some functionality where AP can listen to each other and adjusted their power and maybe recommend to move some AP around. (WLSE walkabout feature old aeronet solution) but at this point you need to have your network install before using this tool. I was looking at air magnet software to those 2 functions any comments? What was your experience with those softwares? Any other that I should look at? In only few lines, how do you proceed with your WIFI site survey and what tool do you use? Thanks Christian Héroux University of Quebec Montréal, Canada ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Residence Halls AP Placement...
We put them on the walls in the rooms inplain sight with no protective enclosure, just a small lock. If one gets damaged or stolen, the occupant of the room is charged. Works pretty well. If they are out in the hall and go away, who do you charge for the replacement? -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Bradford Saul [EMAIL PROTECTED] Date: Wed, 6 Dec 2006 10:51:07 -0500 Subject: [WIRELESS-LAN] Residence Halls AP Placement... Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Morning everyone... We have a residence hall that will be undergoing a full renovation beginning this summer and we are going to both fully re-wire, and overlay with wireless. This is a very old fashioned style hall with a single central hallway. Knowing that the best placement for all the AP for about 200 students will not simply be in the central hall. How do other people handle placement of AP's that may need to be in the ceiling of a student room? Thanks... Brad --- Bradford B. Saul Lead Network Engineer IT - Network Engineering JMAC-3, Room 159, MSC 5735 James Madison University Harrisonburg, VA 22807 V: (540) 568-2379 F: (540) 568-1696 M: (540) 435-3079 [EMAIL PROTECTED] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] SSID of Free Public WiFi
I recently put wireless in a single dorm and found over 30 of these. Am blocking them as fast as I can find them. Has anyone found a more effective way of dealing with this problem. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Lee Badman [EMAIL PROTECTED] Date: Mon, 27 Nov 2006 14:17:32 -0500 Subject: [WIRELESS-LAN] SSID of Free Public WiFi Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU SSID: Free Public WiFi Am seeing dozens and dozens of these on any given day as detected by our Cisco LWAPP system- all ad hoc. Internet searching digs up articles like this http://www.tek-tips.com/viewthread.cfm?qid=1239995page=1 and this http://www.broadbandreports.com/forum/remark,16550092 With some speculation that some sort of malware is opening a door to the wired network through a given user's wireless connection. Others say that it's just something that got picked up travelling, where the user actually connected to some commercial hotspot with that SSID... Wondering if anyone is seeing this same noise on a large scale, and perhaps have done their own analysis on actual client machines putting it out there over the air? This one sounds plausible, and may be the real answer- http://blogs.chron.com/techblog/archives/2006/09/free_public_wif.html where it is a viral-spread condition, but not a virus. But is amazing how many of these are out there- over 40 right now that I can see on our network. Curious in Syracuse- Lee ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] PCMCIA card for Win2k box with 802.1X client
The Cisco card works well with all/most brands of APs. I have never encountered a problem with the Cisco a/b/g cards that I have. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: B Thompson [EMAIL PROTECTED] Date: Wed, 4 Oct 2006 10:00:46 +0100 Subject: [WIRELESS-LAN] PCMCIA card for Win2k box with 802.1X client Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Hi Can anyone recomend a good PCMCIA type 802.11b/g wireless card which comes with its own 802.1X supplicant software? It needs to support WPA/TKIP with PEAP or TTLS and supplicant software is required because windows versions prior to XP did not include WZC. I quite like the Cisco a/b/g card but would I be right in saying that this only works with Cisco access points? Thanks -- Ben Thompson University of York ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Campus Wireless Survey
The University of Alabama is preparing a Request for Proposals to hire a company to conduct a complete wireless survey of our main campus -- all inside and outside areas. We will cover about 150 buildings and 1,000 acres. We expect that the number of wireless access points will need to be in the 3,000-3,500 range. Are any of you that have contracted for such a survey willing to share your RFP document with me? It will save me a good bit of time to have a sample, and might well help me not overlook items that should be inclouded. Thanks. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Cisco Airespace APs with AIrwave AMP Management
I am preparing to rollout a large deployment of Cisco Airespace APs to cover our entire 1,000 acre campus with 120+ buildings, inside and out. My estimate of the number of APs needed approaches 3,000. My Cisco folks recommend using their WCS product along with their Location Appliances. Since each pair of these will only handle up to 100 APs each, that is lot of money to be spent on WCS+Location Appliance pairs. My Airwave tech person visited yesterday and said that their AMP product (which I already have managing my fat APs) can easily take the place of the Cisco WCS+Location Appliance pairs. He went on to say that Cisco even recommends the Airwave management solution for large deployments. My questions to the list are: 1) Is the Airwave person correct that the AMP product can do all (or almost all) of what the Cisco WCS+Location Appliance pairs do when managing an Airespace environment? 2) Is anyone running an Airspace deployment anywhere close to this size (in a single location) and satisfactorily using the Airwave AMP product instead of the Cisco WCS+Location Appliance pairs to manage it? Thanks. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
PoE Options
We are beginning a project to cover our entire campus (including every nook and cranny plus all green space) with wireless. We have selected a vendor, management tools, etc. However, I am having some problems with power choices. I am hoping that some of you can be of help to me. I am not really enthused about using power-over-Ethernet (PoE) blades in my switches due to the expense. In many buildings I will only need a handful of APs. So, I hate to purchase a 48 port PoE blade (or possibly replace a 24 or 48 port switch with a PoE variety) just to get power to the APs. I have been looking at both mid-span PoE injectors as well as PoE patch panels as a way to get power. There seem to be advantages and disadvantages to both approaches. I would like a system that can be monitored and managed via a vendor supplied app -- preferably an app that can monitor manage all of the units from a single browser instance. This will allow me not only to see what's going on with power but also to turn power off and back on to recycle an AP. I would also like a unit that comes in several different sizes (eg, 8, 12, 16, 24, 48 ports). I need a rack mountable device. And it would be nice if it supported both 802.3af devices as well as older non-compliant devices (an ADC product that I have found claims to do this without a pigtail to swap the power polarity whereas the PowerDsine unit requires a pigtail). One mid-span unit that I have found that looks good from a sizing standpoint as made by Amp Netconnect. It uses an 8-port module that can either sit alone or you can purchase a rack mount shell that will hold up to three in a 1U space. It appears, however, that is in not manageable. I have a PowerDsine unit on the way to play with that looks pretty good on paper. But it is pretty pricey. I have not really looked at PoE patch panels. I'm not sure that I want to move the wire termination from its normal termination point to the PoE patch panel and then back again when the port is reused for a non-PoE app. Can any of you share experiences/suggestions in the area of PoE? Thanks. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WLAN Analysis Tools
1, Most common problems: a. Users putting up their own APs and then providing open access to our entire network through it. b. VPN configuration issues. Our users must go through our VPN for access to anything other than basic Web browsing or email. 2. Helpful Tools: a. AirWave AMP product does incrediblty well in managing my 250+ Cisco APS. Most are 1200 series boxes with a few old 340/350s still around. The ability to config a new box just like others (with a few things like IP address name) still being unique is a piece of cake. In addition, the unit tracks device uptimes, device usage, client usage across APs, etc. A piece of cake to drive. b. The Cisco ADU software for doing site surveys and getting stats on throughput, errors, frequency usage, etc. c. The NetMRI box does a good job of finding rogue APs across an entire network. It will handle any size address space(s) you point it to. But, it is way too pricy. Our was a demo unit that is now gone. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Dave Molta [EMAIL PROTECTED] Date: Mon, 18 Jul 2005 08:58:14 -0400 Subject: [WIRELESS-LAN] WLAN Analysis Tools Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU I'm working with a couple of my students here at Syracuse on an article for a December issue of Network Computing magazine that we are tentatively calling the Wireless LAN Analysis Toolkit. We're hoping to provide readers with an understanding of the range of problems faced by managers of large WLANs along with a feel for the essential tools that are available, both commercial and open-source. We're thinking about everything from the physical layer (e.g., spectrum analyzers) all the way up the stack. Since Frank Bulk recently looked at distributed monitoring systems, we're not planning to cover those products explicitly. We're looking for help from current WLAN managers. You can either provide general input or answer the following two questions. I hope in most cases you would be willing to post your thoughts publicly, but if you have comments that are of a sensitive nature, you can e-mail me directly. 1. What are the most common WLAN problems you face, either in the design or operation of your network, for which WLAN analysis tools might be helpful? 2. Which specific available tools -- commercial or otherwise -- are most helpful in allowing you to do your job? Thanks, Dave Molta Director, Syracuse University Center for Emerging Network Technologies Sr. Technology Editor, Network Computing 315-443-4549 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] mixing 'b' and 'g'
We are doing that without any problem. We use Cisco 340, 350, and 1200 series APs (exclusively), though we are quickly getting rid of the 340/350 stuff. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: James Savage [EMAIL PROTECTED] Date: Thu, 12 May 2005 16:18:55 -0400 Subject: [WIRELESS-LAN] mixing 'b' and 'g' Hi all, We're in position where we may be mixing 'b' and 'g' APs in areas where it's likely users will roam between them. I didn't expect to have any problems roaming between them and my testing has proven this. Just wondering if anyone knows of any 'gotchas' that I've not discovered? ..thxJamie John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Identification Tools
This made for an quite interesting exercise. I took my list of discovered MAC addresses (from CiscoWorks over the last 9 months, and numbering over 19,000 unique MAC addresses), sorted it into MAC address order, and compared it against the list you posted. After I excluded a couple of thousand ResNet folks (which is sort of a black hole anyway), I only discovered one rogue access point. I am a little disappointed that my folks aren't more adventurous. On the other hand, maybe our preaching about not doing this, along with our use of Cisco port security in most locations, has paid off. The one rogue I found was in a building that does not yet have the newer switches where I can utilize port security (incidentally, it is being reworked now). The list has a few minor flaws (eg, the 00-E0-29 OEM group got almost a thousand hits, and 00-40-96-96 for Cisco is a subset of 00-40-96 for Cisco), but seems to be OK in general. Thanks. -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Donald Gallerie [EMAIL PROTECTED] Date: Fri, 4 Feb 2005 16:49:18 -0500 Subject: Re: [WIRELESS-LAN] Wireless Identification Tools Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=_=_NextPart_000_01C50B02.F41B5064 Received: from listserv.educause.edu (isaco2.educause.edu [198.59.61.25]) by bama.ua.edu (8.12.10/8.12.10) with ESMTP id j14LoWbL011550 for [EMAIL PROTECTED]; Fri, 4 Feb 2005 15:50:32 -0600 (CST) Sender: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU MIME-Version: 1.0 John, While this list is not definitive, the attached is used by Netdiso to try to identify access points from the wired side. My understanding is that the list was actually born within Kismet but I cannot verify that. Don -Original Message- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of John Watters Sent: Friday, February 04, 2005 4:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless Identification Tools Where can we find a good list of the MAC address ranges for wireless access points? If I just look by manufacturer (see http://standards.ieee.org/regauth/oui/index.shtml) I do not see a distinction between their access points their NICs, switches, routers, and other network equipment? -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Jeff Wolfe [EMAIL PROTECTED] Date: Fri, 4 Feb 2005 15:53:26 -0500 Subject: Re: [WIRELESS-LAN] Wireless Identification Tools Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Received: from listserv.educause.edu (isaco2.educause.edu [198.59.61.25]) by bama.ua.edu (8.12.10/8.12.10) with ESMTP id j14L4pbL000857 for [EMAIL PROTECTED]; Fri, 4 Feb 2005 15:04:52 -0600 (CST) Sender: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Philippe Hanset wrote: Don, A trick that I have been willing to test for a long time would be to join the Rogue AP, send traffic to a know sniffing host in that same layer2 network. This will reveal the Wired MAC address of the AP. Then search for that MAC on your wired side and disable the port. (if you have a good circuit-to-switchport DB, you know the location as well) If the AP doesn't allow guests, we use Directional Antennas and Wireless Sniffers as you mentioned. And as I have mentioned before: we rarely have Rogue APs in places were we provide decent Free Wireless coverage! We've been able to have good luck by searching our switch FDBs for MAC addresses matching all but the last octet of the MAC address in the rogue AP's beacon. More often than not, manufacturers use sequential MAC addresses for the wired and wireless ports of their devices. Of the 5 or 6 rogues we've seen over the last year, all were locatable that way. YMMV.. :) -JEff ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups
Re: [WIRELESS-LAN] Wireless Identification Tools
Where can we find a good list of the MAC address ranges for wireless access points? If I just look by manufacturer (see http://standards.ieee.org/regauth/oui/index.shtml) I do not see a distinction between their access points their NICs, switches, routers, and other network equipment? -jcw To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU From: Jeff Wolfe [EMAIL PROTECTED] Date: Fri, 4 Feb 2005 15:53:26 -0500 Subject: Re: [WIRELESS-LAN] Wireless Identification Tools Reply-To: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Received: from listserv.educause.edu (isaco2.educause.edu [198.59.61.25]) by bama.ua.edu (8.12.10/8.12.10) with ESMTP id j14L4pbL000857 for [EMAIL PROTECTED]; Fri, 4 Feb 2005 15:04:52 -0600 (CST) Sender: 802.11 wireless issues listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Philippe Hanset wrote: Don, A trick that I have been willing to test for a long time would be to join the Rogue AP, send traffic to a know sniffing host in that same layer2 network. This will reveal the Wired MAC address of the AP. Then search for that MAC on your wired side and disable the port. (if you have a good circuit-to-switchport DB, you know the location as well) If the AP doesn't allow guests, we use Directional Antennas and Wireless Sniffers as you mentioned. And as I have mentioned before: we rarely have Rogue APs in places were we provide decent Free Wireless coverage! We've been able to have good luck by searching our switch FDBs for MAC addresses matching all but the last octet of the MAC address in the rogue AP's beacon. More often than not, manufacturers use sequential MAC addresses for the wired and wireless ports of their devices. Of the 5 or 6 rogues we've seen over the last year, all were locatable that way. YMMV.. :) -JEff ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Hints Needed for Putting Users in RADIUS-defined DOT1Q VLANS
I want to play with a wireless implementation that uses a single broadcast SSID, uses 802.1x user authentication against a RADIUS/LDAP data base, and then puts the user in the VLAN specified by the RADIUS/LDAP servers. My wireless Access Points are all Cisco 1200Gs plus a few old 340/350s that are being replaced. I really do not want to run any special client software on my mix of PCs, MACs, UNIX boxes. (PDAs will be handled via another network that does not require authentication, but is severely limited in what can be done.) Will someone who has the working send me an outline of what needs to be done for: 1) The clients 2) The Access Points 3) The Cisco switches (CAT4500s, CAT6509s+MSFCs, CAT3550s) where the APs connect 4) The Cisco routers (CAT6509s+MSFCs) where the VLANs are defined 5) The RADIUS server that receives the authentication requests, asks the LDAP server to authenticate the requests and also to return the appropriate VLAN ID for the user, and then passes the authentication status and VLAN ID back upstream to the APs Also, any stories about what to watch out for would be greatly appreciated. Thanks. John Watters UA: Office of Information Technology 205-348-3992 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.