Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues
Chad Who is your DHCP server ? Aruba ? I was wondering how you push them to a diff scope ? Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Street, Chad A" Date: Wednesday, March 7, 2012 1:24 pm Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > You do not have to pay extra for the device type identification; however, > you do need to be on the 6.x code levels. With the device fingerprinting, > you can easily push all the smartphones to a unique dhcp scope with very > low lease times. > > Chad Street - Emory > > > On 3/7/12 12:57 PM, "Pham, Loc" wrote: > > > Marcelo, > > The Aruba feature that allow fingerprint on the devices, do you > have to > >pay extra for it to be functional ? > > > > I hope our Cisco BU is listening ;-))) > > > >Regards, > > > >Loc Pham, CCIE > >office 415-353-4492 > >IT Enterprise Security & Services > >UCSF Medical Center > > > >-Original Message- > >From: The EDUCAUSE Wireless Issues Constituent Group Listserv > >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew > >Sent: Thursday, February 02, 2012 10:17 AM > >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to > smartphones to > >address IP usage issues > > > >Smartphones were killing us this quarter. While we only have 3500-3800 > >concurrent daily users, we have about 6500 devices connected. Most > of > >these extra 3000 devices were smartphones that come online for less > than > >a minute, and then go idle again. With our 30m DHCP renew times, we > were > >exhausting our 5500 public IP pool for our main SSID. Instead of moving > >to private space (which most likely we will in the near future), we > added > >6 more class c subnets. We are now NOT running out of IPs, at least > for > >a short while. We also thought of making the DHCP lease times very > short > >(like 5 minutes), but our DHCP admin is uncertain what issues might > arise > >from this. Another option we are thinking about, the new Aruba code > >allows fingerprinting devices before they are placed on a subnet, so > we > >could put all smartphones in specific subnets with short lease > times, and > >leave the rest of the devices (pads, netbook, notebooks, etc) on regular > >subnets with average DHCP lease times. > > > >Marcelo Lew > >Wireless Enterprise Administrator > >University Technology Services > >University of Denver > >Desk: (303) 871-6523 > >Cell: (303) 669-4217 > >Fax: (303) 871-5900 > >Email: m...@du.edu > > > > > > > >-Original Message- > >From: The EDUCAUSE Wireless Issues Constituent Group Listserv > >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell > >Sent: Thursday, February 02, 2012 9:22 AM > >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to > smartphones to > >address IP usage issues > > > >I agree, the school newspaper only shows it from a user's perspective. > > "The smartphones are shutting down the network" while it's more "the > >network has run out of public address space and the use of private > >address space on this network is ___ " > > > >We all know the major flaw in using private address space is logging > and > >tracking but there are solutions to this. Shutting down access (by > MAC > >block ID?) would not be one of mine. > > > >Jonn Martell, speaking as a network instructor and Director but not > on > >behalf of the Universities I work at > > > >On Thu, Feb 2, 2012 at 8:00 AM, Frank Bulk wrote: > >> http://www.vsuspectator.com/2012/02/02/outage-linked-to-usage/ > >> > >> Looks like VSU had to make some hard choices and is blocking Wi-Fi > >> access by smartphones. Not sure why they couldn't add another RFC > >> 1918 block, but I'm sure there's more going on than the school paper > >>shared. > >> > >> Frank > >> > >> ** > >> Participation and subscription information for this EDUCAUSE > >>Constituent Group discussion list can be found at &
Re: [WIRELESS-LAN] MRTG/ARUBA
Here are some useful oids. We graph "Total user count" via cacti. I use the others via some bash scripting and store to disk and web for stats. .1.3.6.1.4.1.14823.2.2.1.4.1.1 = Total User count .1.3.6.1.4.1.14823.2.2.1.4.1.4.3 = Web auth'd user count .1.3.6.1.4.1.14823.2.2.1.4.1.4.1 = 802.1x auth'd user count .1.3.6.1.4.1.14823.2.2.1.4.1.4.4 = MAC auth'd user count .1.3.6.1.4.1.14823.2.2.1.4.1.2.1.3 = user names .1.3.6.1.4.1.14823.2.2.1.4.1.2.1.10 = AP Names .1.3.6.1.4.1.14823.2.2.1.4.1.2.1.5 = User Timeticks/uptime .1.3.6.1.4.1.14823.2.2.1.4.1.2.1.4 = user Role Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Phil Date: Saturday, July 9, 2011 2:18 pm Subject: [WIRELESS-LAN] MRTG/ARUBA To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Anyone have examples of MRTG/perl script for graphing user stats from > ARUBA > controllers? More spefically, running ARUBA OS 6.0/6.1 > > Thanks. > > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] option 43 for finding master controller
After looking at your config the "light bilb" went off and we did a re-org on
the config and got it working :)
Ken Connell
Intermediate Network Engineer
Computer & Communication Services
Ryerson University
350 Victoria St
RM AB50
Toronto, Ont
M5B 2K3
416-979-5000 x6709
- Original Message -
From: "Colantuoni, Robert"
Date: Thursday, June 2, 2011 12:00 pm
Subject: Re: [WIRELESS-LAN] option 43 for finding master controller
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Here's ours... we use option 43 and we set the 'campus' code later in
> the config so that we can pass different controllers based on
> different parts of the campus. The link in the comments will take you
> to the cisco doc for their LWAPs.
>
>
> option campus code 180 = string;
> option controllers code 43 = string;
>
> class "wireless_controller" {
> match hardware;
> default-lease-time 604800; # 7 days.
> max-lease-time 1209600; # 14 days.
> min-lease-time 604800; # 7 days.
>
> #
> http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1130/1130hig5/113h_g.htm#wp1007971
> #
> # The hex string is assembled by concatenating the TLV values
> shown below:
> # Type + Length + Value
> #
> # Type is always f1(hex). Length is the number of controller
> management IP addresses
> # times 4 in hex. Value is the IP address of the controller
> listed sequentially in hex.
> #
> # For example, suppose that there are two controllers with
> management interface IP addresses,
> # 10.126.126.2 and 10.127.127.2. The type is f1(hex). The
> length is 2 * 4 = 8 = 08 (hex).
> # The IP addresses translate to 0a7e7e02 and 0a7f7f02.
> Assembling the string then yields
> # f1080a7e7e020a7f7f02. The resulting Cisco IOS command
> added to the DHCP scope is listed below:
> #
> # option 43 hex f1080a7e7e020a7f7f02
>
> if config-option campus = "north" {
> log(error, "wireless controller - north");
> # North
> # 10.3.240.2 == 0A.03.F0.02
> # 10.3.240.4 == 0A.03.F0.04
> option controllers f1:08:0a:03:f0:02:0a:03:f0:04;
> } elsif config-option campus = "south" {
> log(error, "wireless controller - south");
> # South
> # 10.3.241.2 == 0A.03.F1.02
> # 10.3.241.4 == 0A.03.F1.04
> option controllers f1:08:0a:03:f1:02:0a:03:f1:04;
> } else {
> log(error, "wireless controller - no campus");
> log(error, "handing off no controllers!");
> }
> }
>
>
> ---
> Robert G Colantuoni
> Senior Programmer Analyst
> CIT - Network and Classroom Services
> SUNY Buffalo
> r...@buffalo.edu
> 716.645.3552
>
>
> > -Original Message-
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danner, Mearl
> > Sent: Thursday, June 02, 2011 11:37 AM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: Re: [WIRELESS-LAN] option 43 for finding master controller
> >
> > Here's ours - at the top of dhcpd.conf. We got it from:
> >
> >
> > http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_
> > example09186a00808714fe.shtml
> >
> > option space Cisco_LWAPP_AP;
> > option Cisco_LWAPP_AP.server-address code 241 = string;
> >
> > class "Cisco AP c1130" {
> >match if option vendor-class-identifier = "Cisco AP c1130";
> >option vendor-class-identifier "Cisco AP c1130";
> >vendor-option-space Cisco_LWAPP_AP;
> >option Cisco_LWAPP_AP.server-address
> > ac:1e:00:0d:ac:1e:00:96:ac:1e:00:97:ac:1e:00:98:ac:1e:00:99;
> > }
> >
> > My assumption would be to declare the class definitions at the top
> and
> > move the option line to the scope.
> >
> > Can't remember why we hex encoded the controller addresses.
> >
> > -Original Message-
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ken Connell
> > Sent: Thursday, June 02, 2011 10:11 AM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: Re: [WIRELESS-LAN] op
Re: [WIRELESS-LAN] option 43 for finding master controller
The following is at the top of my dhcpd.conf:
option serverip code 43 = ip-address;
class "vendor-class" {
match option vendor-class-identifier;
}
.
.
.
Scope is as follows:
subnet 10.16.0.0 netmask 255.255.254.0
{
option broadcast-address 10.16.1.255;
option domain-name "rbb.ryerson.ca";
option domain-name-servers 141.117.100.1, 141.117.100.4;
option routers 10.16.0.1;
range 10.16.0.5 10.16.0.9;
default-lease-time infinite;
max-lease-time infinite;
subclass "vendor-class" "ArubaAP" {
option vendor-class-identifier "ArubaAP";
#
# option serverip
#
option serverip 10.10.10.1;
}
}
Ken Connell
Intermediate Network Engineer
Computer & Communication Services
Ryerson University
350 Victoria St
RM AB50
Toronto, Ont
M5B 2K3
416-979-5000 x6709
- Original Message -
From: "Danner, Mearl"
Date: Thursday, June 2, 2011 9:48 am
Subject: Re: [WIRELESS-LAN] option 43 for finding master controller
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> We use it globally for our Cisco LWAPPs, but not per scope. The ISC
> server is a bit ticky about using class declarations. I worried with
> it (not pertaining to LWAPPS) several years ago. The manner of
> declaring and using them is not intuitive.
>
> Could you show us relevant areas of your dhcpd.conf (obfuscated if
> necessary)? Might bring back an unfond memory of the struggle.
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ken Connell
> Sent: Thursday, June 02, 2011 7:42 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] option 43 for finding master controller
>
> Is any one using this on a per-scope basis with an ISC DHCP server ?
>
> We're an Aruba shop an currently find our masters via dns, but are
> also exploring giving the master controller address via DHCP option
> 43.
>
> We currently have this working on a limited basis and have it defined
> in a particular scope, but have found that its seems to be working as
> a global option.
>
> So, and AP that gets DHCP from this server via a different subnet and
> therefore a different scope that does not have the subclass details
> for the master controller defined, in the end still gets the IP
> address as defined in a different scope.
>
> I wondering if this is just how it works ? or can a define different
> master controllers on a per-scope basis ?
>
>
> Ken Connell
> Intermediate Network Engineer
> Computer & Communication Services
> Ryerson University
> 350 Victoria St
> RM AB50
> Toronto, Ont
> M5B 2K3
> 416-979-5000 x6709
>
> **
> Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Channel Selection on APs
Aruba handles the RF (channel & pwr levels) dynamically...one less worry... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Martin Jr., D. Michael" <[EMAIL PROTECTED]> Date: Thursday, October 16, 2008 9:52 am Subject: [WIRELESS-LAN] Channel Selection on APs To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > In the past, we have always setup wireless access points to use > channels 3, 6, and 11, since these channels are the non-overlapping > channels. We have tried to be careful in spacing out APs and picking > one of these three channels where it seems appropriate to prevent > interference from one another. > > A question was posed by someone in my staff about using the "least > congested channel" setting instead of going through all the trouble of > determining and setting the channel. > > So, the questions are... > > 1. What are you other institutions doing about channel selection on > your Access Points? > 2. If you are using 3, 6, and 11, what is your strategy for use and > what problems and/or successes have you seen? > 3. If you are not using 3, 6, and 11, why not? What are you doing? > And what problems and/or successes have you seen? > > > Any input is appreciated. > > Thanks, > > D. Michael Martin, Jr. > Network Administrator > University of Montevallo > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Aruba EAP-GTC and Vista error
I've done a few without issues using WPA2/AES/EAP with the Aruba snapin and LDAP in the backend Try via CLI with the attached xml file (you'll have to change the SSID within the file of course) netsh wlan add profile filename=c:\temp\wpa2.xml Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Jonathan Czar <[EMAIL PROTECTED]> Date: Tuesday, August 26, 2008 8:50 am Subject: [WIRELESS-LAN] Aruba EAP-GTC and Vista error To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > We're using Aruba's Fastconnect to authenticate to an LDAP server on > the backend. We're installing the Aruba EAP-GTC shim and on some > Vista machines we're getting an error when we go to EAP/PEAP > properties that says "Windows has encountered an error saving EAP > properties. Specific error: the specified module could not be found". > This prevents us from choosing the generic EAP Token. > > Has anyone seen this error and found a solution? Thanks. > > Jonathan Czar > Castleton State College > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. http://www.microsoft.com/networking/WLAN/profile/v1";> RYE_WPA 5259455F575041 YourSSID false ESS auto true WPA2 AES true http://www.microsoft.com/networking/OneX/v1";> http://www.microsoft.com/provisioning/EapHostConfig";>http://www.microsoft.com/provisioning/EapCommon";>25http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0010036000100010001001500170001000F000600
Re: [WIRELESS-LAN] Vista Issues Seeing Wireless Network
We're an Aruba shop and are currently working with one student with a Vista machine that has a similar problem... Some locations the SSID's are seen and available, but then other locatons they are not...so far I've narrowed it to our AP type...If there is an AP61 in range, then all is well and he connects without any issue. If it's a location with only AP65's, then he's dead in the water... I'm currenlty waiting for him to come back so we can sniff with the two AP types and see what gives Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Jorge Bodden <[EMAIL PROTECTED]> Date: Monday, July 21, 2008 11:55 am Subject: [WIRELESS-LAN] Vista Issues Seeing Wireless Network To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Hello All, > > I was wondering if any of you guys have experienced this type of behavior. > > I had a device that had no connectivity issues at the first location. > > Then when I moved it to another/second location it was not able to > see > any of these networks, at all. I thought that it may be a difference > in > the way the two controllers were set up. Therefore, I put all the > APs > at the second location on the same controller as the APs in the first > > location. This got the same results. > > I have read several articles pertaining to issues with Vista and > SSIDs > that are not broadcasting. But all my SSIDs are broadcasting. > However, > we are in the middle of testing to see if the laptop now works at the > > site when telling the PC to connect to a network that is /no > broadcasting/. But if any members of the group have seen this issue > > before, and could provide information, it would be greatly appreciated. > > Thanks > > Jorge Bodden > > btw...all other devices work fine (XP, Macs & Linux) > > > > > This electronic message is intended to be for the use only of the > named recipient, and may contain information that is confidential or > privileged. If you are not the intended recipient, you are hereby > notified that any disclosure, copying, distribution or use of the > contents of this message is strictly prohibited. If you have received > this message in error or are not the named recipient, please notify us > immediately by contacting the sender at the electronic mail address > noted above, and delete and destroy all copies of this message. Thank > you. > > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] NAT in large scale wireless networks
Stan... Since "we've" touched on Aruba and SyslogI have a question... We too are an Aruba shop, and do push info to a syslog server. In previous code 2.x, as you mentioned, an authentication log would include username, mac, IP, and APbut since we've upgraded to 3.x, it seems the username and mac/IP have been separated and are no longer tied together. I do get username authentications, and mac/IP info, but I have no way of tying them together... What ver code are you running and/or do you have the same issue ? Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Brooks, Stan" <[EMAIL PROTECTED]> Date: Thursday, July 3, 2008 5:39 pm Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Greg, > > Depending on the code version, you can set the logging levels to > capture user associations and authentications to a syslog server. The > data logged includes the location name/group of the AP the user > connected to, the SSID, along with the user's MAC, IP and user ID. > > >>-> Stan Brooks - CWNA/CWSP >Emory University >Network Communications Division >404.727.0226 > AIM/Y!/Twitter: WLANstan > MSN: [EMAIL PROTECTED] > GoogleTalk: [EMAIL PROTECTED] > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Scholz, Greg > Sent: Thursday, July 03, 2008 8:55 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks > > Stan, > Can you tell me what type of location information you get and from what > log? "802.1x/WPA-Enterprise, so we have usernames and locations in our > logs" > > We are trying to figure out if there is a way to determine what APs user > are/have been on but all we have seen in the radius logs is the > controller as the NAS. > > > Thanks, > Greg > > > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Brooks, Stan > Sent: Wednesday, July 02, 2008 6:34 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] NAT in large scale wireless networks > > Mike, > > We, too, are an Aruba shop, and have been doing NAT on our academic and > ResNet wireless networks for about a year now. Two years ago, we ran > out of IP addresses on our wireless network on Move-In Weekend and had > to scramble to add additional subnets - a scarce commodity here at > Emory. To prevent that from happening last year, we implemented NAT > for > our wireless clients and now have plenty of address space for our > growing user base. > > We let the Aruba controllers perform the NAT function (very easy to set > up - just a firewall rule in the user role in the Aruba config). We've > not had any complaints from users regarding NAT issues; we were > concerned that it might break some apps, but no problems have been > observed or reported. We've even got our homegrown NAC (NetReg/CAT) > working over the wireless, too - NetReg DHCP traffic is not NAT'ed, but > all other traffic is. This all works great, thanks to the Aruba > capabilities. > > The only issue we've had with NAT have been voiced by Philippe - DCMA > notices are hard to isolate. Our wired network has some protection in > place to identify and reduce peer-to-peer traffic (Tipping Points), so > we don't generally get a lot of notices. User tracking and RF location > still works well as those are functions of the radio and authentication > subsystems. Our academic users log on using 802.1x/WPA-Enterprise, so > we have usernames and locations in our logs. Connecting those usernames > to the NAT pool IP addresses is the hard part. > > I'd be happy to share some basic configuration tips and tricks regarding > NAT with you off-list, or on-list if other s are interested. > > BTW - We've been NAT'ing our guest access users since day one on the > Aruba equipment. Guests "log in" through the captive portal and are > given limited access - bandwidth limited web access and VPN access back > to their home organizations. > > >>-> Stan Brooks - CWNA/CWSP >Emory University >Network Communications Division >404.727.0226 > AIM/Y!/Twitter: WLANstan > MSN: [EMAIL PROTECTED] > GoogleTalk: [EMAIL
Re: [WIRELESS-LAN] WAP Enclosures
We have never used any type on enclosures. In the past 9 years we've had only 2 APs stolen, but we tend to install our APs in sight below the ceiling. Users know what they are, and knocking them down is only going to affect their access, so for the most part they're left untouched. We have had issues with leaving them in the ceiling though...contractors will come in and demo a room which has APs and I find out the hard way that a particual area is under reno...with the APs below ceiling, they usually ask about it, and I get call about removing APs before renos start... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Jim Gogan <[EMAIL PROTECTED]> Date: Monday, April 14, 2008 9:51 am Subject: [WIRELESS-LAN] WAP Enclosures To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > I'm curious to know what other campuses are doing in regards to > ceiling > enclosures for access points. > > We've been using PANDUIT-PZXIFIED and PANDUIT-PZW2X2DCB ceiling > enclosure hardware but our Facilities folks and our Infrastructure > Engineering folks in conversations with the State Building Code > officers > have determined that the labor/installation costs for those enclosures > > are now going to go up (see below) and, well suffice it to say, when > it > gets to the point that the enclosures themselves start to get closer > in > cost to the APs, you gotta wonder. > > Would be interested to hear what others are doing in this regard. > Thanks in advance. > > -- Jim Gogan > Director, Networking / ITS Telecommunications > Univ of North Carolina at Chapel Hill > > > Original Message > Subject: Re: WAP - Mounting Brackets and Enclosures - Support > Requirements Reseach and Conclusions-11-01-07 > Date: Fri, 04 Apr 2008 11:41:18 -0400 > > All: > > I just concluded a conversation with Mike WardDepartment of > Insurance Risk Management (Electrical Section) State Building Code > Enforcement Officer.the AHJ (Authority Having Jurisdiction) on Campus. > > Mr. Ward had done research regarding our request for clarification on > the support requirements for WAP (Wireless Access Point) back boxes. > > Simply stated: > > * to satisfy NEC requirementsthe back box must be secured to the > ceiling grid system w/ approved clips or brackets. > > * to satisfy DOI requirementsthe back box must be secured to the > building support structure. > > This can be accomplished by securing at least a single support > wireof gauge adequate to support weight of devicefrom the back > box to an anchor in structure. The anchor may be newor an existing > ceiling support eye (existing support of grid system) or an anchor in > structure that currently is used in support of duct workconduit > trapeze.etc. > > Thank you. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Adding wireless without losing the jacks?
For the most part, our wired network is up 100% of the time and fully redundant in the core and data centers. Edge devices such as L2 switches if down will be replaced ASAP, so uses pretty much know the wired network is always avail... With our wireless, even though it's virtually up 100% of the time, our "wireless policy' states there is no guarantees. Faculty/staff therefore shy away from "living" on the wireless. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Michael Dickson <[EMAIL PROTECTED]> Date: Thursday, December 27, 2007 1:24 pm Subject: [WIRELESS-LAN] Adding wireless without losing the jacks? To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Wondering if others face a similar situation and what they are doing > about it. In short, what is *wireless* used for and what is *wired* > used > for and how are the intended uses enforced? > > We currently have a funding model that includes a per-jack monthly > charge for wired users. As we add wireless coverage to these > traditionally "wired floors" we are faced with the potential of > canceled > jacks and a migration to wireless. If other schools have a similar > funding model, how have you dealt with this issue? > > How are other schools dealing with a wireless overlay in > traditionally > fully wired areas with respect to migration onto wireless? Is > migration > away from the jacks desired? Is it suppressed through policy > restrictions? What has worked for ensuring the wired infrastructure > is > still used? Just saying "stay on the jack for better performance and > > security" doesn't appear to be enough. > > In IT we often discuss the need to upgrade older Cat3 jacks to the > newest cabling, as well as install wireless coverage in the same > areas. > These two efforts seem at odds with each other and appears > financially > risky to management. How are schools achieving harmony in a mixed > wired/wireless world? > > Thanks, >Mike > > --- > Michael Dickson > Network Analyst > University of Massachusetts Amherst > Network Systems and Services > [EMAIL PROTECTED] > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Classroom wireless WAP counts
We are currently running a 4-channel plan with Aruba gear and try to max out with 25 clients per radio...I try not to have more than 4 WAPs in any one room because of the channel limitaltions, but we do have a few cases, like a 500 seat lecture hall, where we have 12 WAPs in the room. We let Aruba take care of the RF and power levels...so far so good I try to add/plan for one of two more WAPs than needed and disable (or not install some but have cabling/PoE avail if need be)...of couse that's only of budget allows... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Gruenhagen, Timothy T. Mr." <[EMAIL PROTECTED]> Date: Friday, December 14, 2007 12:23 pm Subject: [WIRELESS-LAN] Classroom wireless WAP counts To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > I am working to develop a rule of thumb number of seats per classroom > WAP for our institution. I realize that it is a highly variable ratio > depending on what type of applications are being run, size of room, > etc. I'm considering 1 WAP per 25- 50 seats. Does anyone have a > number they use for a starting point? > > Thanks, > Tim Gruenhagen > Manager of Network Engineering > Miami University > Oxford Ohio > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wi-Spy device: Spectrum Analyzer
I have tried the Wi-Spy...it works, but you really need to know the patterns that certain RF devices to get use of the device. You need to study patterns for devices and noise, then remember whats what when you go to troubleshootI'm no RF expert, and trying to remember what the pattern of some device on the RF graph just ain't happeing for me... It currently sits on a shelf at my desk collecting dust.... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Shari Kimlinger <[EMAIL PROTECTED]> Date: Wednesday, December 5, 2007 4:05 pm Subject: [WIRELESS-LAN] Wi-Spy device: Spectrum Analyzer To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > We are looking for a spectrum analyzer. We have read that Airmagnet is > a > good solution. We are curious if anyone has experience with the less > expensive USB Wi-Spy device? > > Thanks in advance, much appreciated. > > > > Shari Kimlinger > > Central Piedmont Community College > > Charlotte NC > > > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Guest wireless access at University Conference Centers
Here at Ryerson University we have GUEST SSID with captive portal along with a username/password which changes daily and is available to faculty/staff from our helpdesk. Special GUEST accounts can also be created to be valid for days or weeks if need be. Those accounts are then limited to web access only. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: John Center <[EMAIL PROTECTED]> Date: Friday, September 14, 2007 9:20 am Subject: [WIRELESS-LAN] Guest wireless access at University Conference Centers To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Hi, > > We're planning to offer guest wireless access at our Conference > Center. > Several questions have come up as to how much information we need to > > collect from guests, and how long we would need to retain the > information. We were wondering what other schools are doing in this > regard. Any information you would share with us would be greatly > appreciated. > > Thanks. > > -John > > -- > John Center > Assistant Director > Network/Communications > Office for University Information Technologies > Villanova University > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco vs. Meru article
Kevin, Regarding feedback on Aruba, I can tell you this: We been extremely happy with Aruba's solution which has allowed us to load balanced users with easy, manage our WLAN from one GUI, and config changes are a snap. We had a think AP (Proxim) deployment of 150 AP's and had major issues with the classroom environment. Every time there was a test with 40-50 students there was always complaints afterwords with connectivity and thoroughtput issues. Our deployment stratagie now is based more on user count and not coverage. We have some classrooms that have upto 9 AP's with a 4 channel plan and Aruba takes care of the channel assignment and radio power levels. We've had plenty of online tests and the results for us have been like "night and day "... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Kevin Whitney <[EMAIL PROTECTED]> Date: Thursday, June 14, 2007 2:37 pm Subject: Re: [WIRELESS-LAN] Cisco vs. Meru article To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > May be a little off subject but I would like to post question out there > as it seems there are some happy Meru users here on this forum.. > > Any thoughts or advice on implementing/selecting a wireless system for > use in a High School environment ? > > Specifically, would love any feedback on pros/cons of a central > controller based system (ie -Meru, Aruba, etc) vs installing Fat AP's > around our building. > > While our needs are quite simple I am sure, compared to the size of > other user's who have posted, I can see there is a great deal of > knowledge and experience in this area. Basic site surveys conducted here > have indicated we need somewhere around 25 access points to provide > coverage throughout our building. > > Appreciate any input on this subject. > > Kevin Whitney > District Technology Coordinator > Cresskill Public Schools > 1 Lincoln Drive > Cresskill, NJ 07626 > 201-541-4162 > [EMAIL PROTECTED] > http://www.cresskillboe.k12.nj.us > > > > > > -Original Message- > From: Dave Molta [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 14, 2007 12:21 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] Cisco vs. Meru article > > Debbie, > > They were Intel 2915 clients. I have some pretty dense spreadsheets > covering various permutations of clients and infrastructure if you are > interested in seeing raw results. We didn't come away from this with any > firm conclusions about what's good and what's bad (I guess we've learned > our lesson about pointing the finger too soon!). What was most > interesting to us was the fact that there was so much variation, which > is something we didn't expect from such a mature standard. > > dm > > > -Original Message- > > From: debbie fligor [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 14, 2007 11:59 AM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: Re: [WIRELESS-LAN] Cisco vs. Meru article > > > > On Jun 14, 2007, at 10:24, Dave Molta wrote: > > > > > Just to elaborate a bit, the article James sent around was not the > > > > original Meru-Cisco feature story but rather a column that > > reports on > > > results of subsequent testing. In this column, I reported three > > > things. First, Cisco was unsuccessful in getting the Wi-Fi > > Alliance to > > > rescind Meru's certification. Since WFA certifies interoperability > > > > rather than standards compliance, this is not proof that Meru > isn't > > > stretching standards a bit but it still casts a cloud over Cisco's > > > > allegations. Second, I reported findings from subsequent > > tests where > > > we added Aruba to the mix and found that Cisco's performance also > > > > cratered when co-located with Aruba gear. > > > Again, that could indicate that Aruba is also somehow > > playing foul as > > > well (Cisco speculated that they might be using a variation of PCF > > > > interframe spacing, though Aruba denied it) but it doesn't > > look that > > > way to me. Finally, we decided to re-run these interference > > tests with > > > different mixes of clients, using Atheros, Broadcom, and Intel > > > chipsets. We found significant differences in the > > performance results. > > > Atheros-based clients performed best. > > > > Something I noticed in the article was that Meru did the worst with >
Re: [WIRELESS-LAN] wireless guest access
We have a GUEST SSID with WEP and captive portal. There is a daily username/password any faculty/staff member can get for the day, or accounts can be made for guests who need access for longer periods. So far that's worked for us... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Lee Badman <[EMAIL PROTECTED]> Date: Monday, February 26, 2007 1:05 pm Subject: Re: [WIRELESS-LAN] wireless guest access To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Would like to expand out Kevin's question- what of wireless access for > guests, and for the non-affiliated folks (anonymous) that might end up > on campus? > > Anybody rethinking any of their sponsored guest/open access policies > because of CALEA concerns? > > Regards- > > > > Lee Badman > Network/Wireless Engineer > Syracuse University > 315 443-3003 > > >>> Kevin Lanning <[EMAIL PROTECTED]> 2/26/2007 12:46:48 PM >>> > Wondering what academic institutions are doing these days regarding > wireless access for guests? > -- > -- > Kevin Lanning > lanning at unc.edu > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] wireless IP addressing
Regarding part 2: Here at Ryerson University we still use WEP, not for security, but for user stats and IP address assignment. Chances are if your wireless NIC is configed with our WEP key, then you probably are using the wireless...your not just a client who happens to have their radio enalbed or on. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Jorge Bodden <[EMAIL PROTECTED]> Date: Tuesday, October 3, 2006 8:00 pm Subject: Re: [WIRELESS-LAN] wireless IP addressing > Are there devices that connect to the network, which are > stationary? If you do have stationary devices, run a line. > You'll be better off. > > You should also try to consider which of those devices require a > public ip address. Determine the ones that don't and assign those > public ip addresses. You are going to have to manage another > ssid. But it will address your ip address issue for the time being. > > And if you do not want to waste ipaddresses look to see what > 802.1x solution best fits your environment. This is much harder > to implement because it severely impacts your user population. > Some of the other solutions are done behind the scenes, while > 802.11x requires a front end solution as well a back end solution. > > Thanks. > > Jorge > BlackBerry service provided by Nextel > > -Original Message- > From: Walter Reynolds <[EMAIL PROTECTED]> > Date: Wed, 04 Oct 2006 11:34:06 > To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] wireless IP addressing > > On Wed, 4 Oct 2006, Jamie Savage wrote: > > > Hi, > >'Way back when' we first deployed wireless we weren't exactly > sure> where it was going so the decision was made to give all > wireless users > > their own public IP. Of course, due to it's popularity > (currently ~2000 > > concurrent users and growing) we're concerned about running out > of IP > > addresses. I'm wondering what others are doing to address this? > I asked > > a similar question back in 2004 referring to the coverage of > large lecture > > halls and received the following suggestions; > > > > 1) run NAT (which I refer to as PAT in this case)ie...one > public IP > > address for many users translating ports to private IPs for > users on the > > 'inside' > > > > apparently PAT causes issues for IPSEC connections and is an > issue for > > those wishing to run servers but I'd love to hear from others > who are > > doing this regarding pitfalls, do's and dont's, other things > that PAT > > 'breaks'etc. > > > > This will break IPSec running in AH, but you can run ESP mode or > set up > UDP transport. > > > 2) create larger subnets, /21 was suggested (we currently use /24) > > > > ...I'd be concerned here about the large broadcast domain. In > 2004 there > > were a couple of comments that no problems were experienced with > ~1200> users.is this still the case? Any other issues to be > aware of? > > > > In another but similar vein. In our set-up a user with a > powered up > > wireless device is DHCP'd an IP address whether or not they > intend to use > > the wireless service. They continually renew the lease on this > IP as long > > as they remain in radio contact. As a result a significant > percentage of > > our IPs are wasted by these users. I don't see a way around > this but > > perhaps others have some suggestions? > > > > This is one of the reason we are moving to an 802.1X model in that > the > addresses we do assign are used more efficiently than the scenario > you > describe. > > > .all comments greatly appreciated...thanks in > > advance..Jamie > > > > James Savage York University > > Senior Communications Tech. 108 Steacie Building > > [EMAIL PROTECTED]4700 Keele Street > > ph: 416-736-2100 ext. 22605Toronto, Ontario > > fax: 416-736-5701M3J 1P3, CANADA > > > > ** > > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > -- Walter Reynolds >Principle Systems Security Development Engineer >Information Technology Central Services >University of Michigan >(734)615-9438 > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Any one Interested in Proxim Gear ?
Regarding Aruba, so far so good, we're only up to 170 AP's right now, and still have about 60 or so Proxim AP's to come out. The web interface to manage is a bit slow, but it does the job well. As for scalability, you just add controlers (which will handle up to 256 AP's) and point them to you master. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Jorge Bodden <[EMAIL PROTECTED]> Date: Wednesday, May 24, 2006 11:45 am Subject: Re: [WIRELESS-LAN] Any one Interested in Proxim Gear ? > Ken, > > How do you like the Aruba solution, as far as scalability, > manageability, etc? > > We actually went with the Cisco Airespace solution, which is much > better > than the Cisco Aironet solution. > > Jorge Bodden > Network Analyst > New York Hospital > > Agnes Box wrote: > > Dear Ken, > > > > What model numbers on the Proxim radios? > > > > Agnes -- > > OIT www.oit.edu > > ITS, Telecommunications Coordinator > > 3201 Campus Drive > > Klamath Falls OR 97601-8801 > > 541/885-1728 Voice/FAX > > mailto:[EMAIL PROTECTED] > > > > -Original Message- > > From: Ken Connell [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, May 24, 2006 8:07 AM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: [WIRELESS-LAN] Any one Interested in Proxim Gear ? > > > > Anyone out there still using Proxim gear or needs more ? > > > > We've been upgrading our wireless infastructure from Proxim to > Aruba and > > have a tonne of AP's and PoE injectors if any one is interested > (I'm not > > holding my breath ), just thought there might be some small wlan > > projects or some one just getting into deploying. > > > > > > > > Ken Connell > > Intermediate Network Engineer > > Computer & Communication Services > > Ryerson University > > 350 Victoria St > > RM AB50 > > Toronto, Ont > > M5B 2K3 > > 416-979-5000 x6709 > > > > ** > > Participation and subscription information for this EDUCAUSE > Constituent> Group discussion list can be found at > http://www.educause.edu/groups/.> > > ** > > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/.> > > > > > > > This electronic message is intended to be for the use only of the > named recipient, and may contain information that is confidential > or privileged. If you are not the intended recipient, you are > hereby notified that any disclosure, copying, distribution or use > of the contents of this message is strictly prohibited. If you > have received this message in error or are not the named recipient, > please notify us immediately by contacting the sender at the > electronic mail address noted above, and delete and destroy all > copies of this message. Thank you. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Any one Interested in Proxim Gear ?
Sorry, should have noted that from the start... Mostly AP2000's, but I have a few 4000's and even older stuff like an AP1000 and WavePoint II's (if you've been doing wireless for a while). As for PoE, I have single port, 6 port and 12 port units, some still in the box. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Agnes Box <[EMAIL PROTECTED]> Date: Wednesday, May 24, 2006 11:36 am Subject: Re: [WIRELESS-LAN] Any one Interested in Proxim Gear ? > Dear Ken, > > What model numbers on the Proxim radios? > > Agnes -- > OIT www.oit.edu > ITS, Telecommunications Coordinator > 3201 Campus Drive > Klamath Falls OR 97601-8801 > 541/885-1728 Voice/FAX > mailto:[EMAIL PROTECTED] > > -Original Message- > From: Ken Connell [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 24, 2006 8:07 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Any one Interested in Proxim Gear ? > > Anyone out there still using Proxim gear or needs more ? > > We've been upgrading our wireless infastructure from Proxim to > Aruba and > have a tonne of AP's and PoE injectors if any one is interested > (I'm not > holding my breath ), just thought there might be some small wlan > projects or some one just getting into deploying. > > > > Ken Connell > Intermediate Network Engineer > Computer & Communication Services > Ryerson University > 350 Victoria St > RM AB50 > Toronto, Ont > M5B 2K3 > 416-979-5000 x6709 > > ** > Participation and subscription information for this EDUCAUSE > ConstituentGroup discussion list can be found at > http://www.educause.edu/groups/. > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Any one Interested in Proxim Gear ?
Anyone out there still using Proxim gear or needs more ? We've been upgrading our wireless infastructure from Proxim to Aruba and have a tonne of AP's and PoE injectors if any one is interested (I'm not holding my breath ), just thought there might be some small wlan projects or some one just getting into deploying. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Power! Finally
Is this for real, you gotta be kidin me... I love the warning... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Ryon Price <[EMAIL PROTECTED]> Date: Friday, March 31, 2006 11:38 am Subject: [WIRELESS-LAN] Wireless Power! Finally > Now I can get get rid of all those POE injectors. > > http://www.thinkgeek.com/stuff/41/wec.shtml?cpg=28H > > Ryon Price - WLAN Manager > Information Technology > Utah Valley State College > Office : (801) 863-7019 > [EMAIL PROTECTED] > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Guest access
We take our GUEST traffic, wired and/or wireless, pump that through a vlan which sits behind some RovingPlanet equipment and pass on username/password to a different leaf in LDAP that's specific to GUEST accounts. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Entwistle, Bruce" <[EMAIL PROTECTED]> Date: Thursday, March 30, 2006 7:32 pm Subject: [WIRELESS-LAN] Guest access > We have recently installed a wireless network on a portion of the > campus. The student and administrators are all authenticated > through a > front end device which validates user accounts against an LDAP server > running on a domain controller. However we now have the requirement > for guests of the campus to connect to the wireless network. We have > some ideas how we would like to handle this issue but are curious > as to > what others have done to accommodate these guest connections. Please > let me know. > > > > Thank you > > Bruce Entwistle > > Network Manager > > University of Redlands > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless Guest Access
We offer guest access with captive portal. Users must ask for access and a temp account will be created. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: David Gillett <[EMAIL PROTECTED]> Date: Wednesday, March 22, 2006 3:25 pm Subject: Re: [WIRELESS-LAN] Wireless Guest Access > At the moment, all of our access is "guest" except for specific > client laptops that belong to the college. This will provide access > to our portal when it comes online, so users with portal accounts > will be able to reach additional resources through that. > Eventually, deployment of Identity Management and 802.1x and VPN > may, in some combination, allow us to offer non-guest access at > the wireless connection, but that's still somewhere in the pipeline. > > Note that there are a variety of "wireless security" products > which focus on access to the wireless service, and so don't apply > if you offer "guest" access. Instead, attention needs to focus on > "where can these clients get to", and that applies as well to open > wired ports (we're starting to see these in some classrooms and > drop-in areas) as to wireless. > > David Gillett, CISSP CCNP > Foothill-DeAnza College District > > > > -Original Message- > > From: Bennefield, Cully A. [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 22, 2006 12:03 PM > > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > Subject: [WIRELESS-LAN] Wireless Guest Access > > > > We are exploring the possibility of offering guest wireless > > access and I would like to get a feel for how others might be > > handling it. Any and all information and opinions will be > > greatly appreciated. > > > > Thanks, > > Cully > > > > Cully Bennefield > > Baylor University > > > > ** > > Participation and subscription information for this EDUCAUSE > > Constituent Group discussion list can be found at > > http://www.educause.edu/groups/. > > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Free WiFi Hotspot Authentication
A simple linux box with http://nocat.net/ will do the trick for you. It's basically a box with 2 nics and captive portal that will re-write iptables rules. Not too sure about the logging though... Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Bill Barge <[EMAIL PROTECTED]> Date: Thursday, March 16, 2006 7:16 pm Subject: [WIRELESS-LAN] Free WiFi Hotspot Authentication > I am looking for help/ideas on solving a problem. > > I have a small sandwich shop/deli. I am swamped from about > 11:15 to 1:15 each day, but am pretty dead otherwise. A few weeks > ago, I put a wireless access point in my shop and advertised in > the window that I now have free WiFi Internet. I now have a few > "regulars" that come in with their laptops, but I have not had > problems (yet). > > I am using a Netgear wireless router switch. It was about $10 > on sale at Staples. > > I would like to track who is using my Internet. I looked at a D- > Link setup that would print receipts with an access code, but that > is $900. > > I would like to identify each user (via MAC address?) and record > where they go while online, how long, etc. > > Any suggestions? > > Thanks, > Bill > > > > - > Yahoo! Mail > Use Photomail to share photos without annoying attachments. > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Guest Access
We provide GUEST access as follows: - The SSID is not hidden - Static WEP. They are given the key (don't want every Tom, Dick & Harry associating just because) - Captive Portal with limited rights - Given an ID for x amount of days which is in LDAP We have a group/dept that deals with users coming on-site for conferences, meeting, and so on... They have a GUI to input guest names into LDAP and provide basic support for the "guest" users. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Casey, J Bart" <[EMAIL PROTECTED]> Date: Tuesday, January 31, 2006 12:07 pm Subject: [WIRELESS-LAN] Guest Access > Hey All, > > > > It has been deemed necessary by the powers that be that we provide > somelevel of wireless access to guests on our campus. Some of > these people > might include members of the Media for athletic events, alumni > visitingthe campus, and guest professors/speakers. While I am not > exactlythrilled about the idea, I can certainly understand the > need. I would > like some feedback on how other schools are handling issues such as > this. > > > > Our current wireless network is comprised solely of Cisco Aironet 1200 > series APs. We use a single SSID which allows authenticated users > to be > placed in a wireless VLAN. We do not beacon our SSID. In order to > connect to the wireless network, our users must know the SSID. We > require users to install a secure certificate, and also require > them to > authenticate their domain user credentials against a radius > server. We > currently use IAS but are migrating to CSACS. > > > > My initial plan is as follows: > > > > 1.Determine which APs are going to provide this guest access. > Guest access won't be necessary for all APs > 2.Configure the selected APs with a second SSID > 3.Create a new VLAN for the second SSID > 4.Place users who use the second SSID into the new VLAN > 5.Only allow the new VLAN to access the internet > 6.Limit the bandwidth to the internet to about 512Kbps (This > should be sufficient for the Media's needs and allow any guest to > checkemail etc.) > 7.Provide some sort of security but not as in depth as we > currently use. > > > > > > What are your comments on beaconing the new SSID? > > What are you thoughts on security and encryption? > > Does a user that connects to our network have expectations of security > and encryption? > > Are we obligated to provide some sort of security and encryption to > protect these guest users? > > At what point does administrative burden overcome security? > > > > > > Your thoughts and ideas are greatly appreciated. > > > > Thanks in advance, > > > > J. Bart Casey > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Quick Wireless Survey
1. Number of user on your Wireless network? - Typical day ranges from 400 to 1000 2. Number of AP’s? - just over 200 (mix of Aruba & Proxim) 3. What type of line do you have (i.e T1, T3)? - 100Meg, 40Meg, 4. How many lines do you have (Just for wireless)? - nothing dedicated 5. What type of speed do you students get(both download and upload) just an average? - Not sure, but P2P apps are throttled Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Patel, Amish" <[EMAIL PROTECTED]> Date: Wednesday, January 25, 2006 12:18 pm Subject: [WIRELESS-LAN] Quick Wireless Survey > Hello everyone, > > I just wanted to do a quick survey about wireless, if you have a > minuteyour input would be greatly appreciated. > > 1.Number of user on your Wireless network? > 2.Number of AP's? > 3.What type of line do you have (i.e T1, T3)? > 4.How many lines do you have (Just for wireless)? > 5.What type of speed do you students get(both download and upload) > just an average? > > Thank you in advance, > > Amish Patel > Computer Services > The John Marshall Law School > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 312-427-2737 x550 > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Proxim AP-4000, problems!
During some testing of 802.1x and the AP4000 with Ver 2.4.11 set in mixed mode ( to allow static WEP and/or 802.1x clients simutaneously) I noticed after about a day my WEP clients could not longer pass traffic. A reboot would fix things up but I'd be staring at the same prob the next day. Left in a static WEP mode config, the AP4000 is rock solid. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: "Seth H. Bokelman" <[EMAIL PROTECTED]> Date: Wednesday, November 16, 2005 1:58 pm Subject: Re: [WIRELESS-LAN] Proxim AP-4000, problems! > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I've seen both behaviors here. I originally tried moving from the > 2.4.11 firmware to the 2.5 and 2.6 series about 8 months ago, but had > massive lockup problems requiring me to unplug and reboot the devices. > Just last month, after some more testing, things seemed better, and I > moved back to 2.5.3 on the AP-2000 gear and 2.6 on the AP-4000 gear > andI'm seeing spontaneous reboots now of some of the AP-4000 boxes. > We are > using multiple VLANs and SSIDs too. > > The only thing I can speculate is that it's some type of network > traffic, as they seem to happen in small groups when they do > happen, but > I haven't captured anything with a network trace yet. It's so > sporadicthat it's hard to diagnose, but it's definitely happening. > > Michael Griego wrote: > > Good luck. We had a similar issue with the most recent revs of the > > AP-2000 firmware. The AP would lock up solid about once per day > > requiring a physical power reset of the device. We've had to > hang back > > on the firmware revisions of those guys due to these various > issues. It > > was about that time that Proxim stopped releasing any new firmware > > revisions for the 2000s. > > > > As to the 4000s, I've not noticed the problems you mention, but > we're> hanging back a few revs on the firmware for those guys too. > We do use > > VLAN tagging, but not multiple SSIDs... we just use it currently to > > separate management traffic from user traffic. > > > > --Mike > > > > --- > > Michael Griego > > Wireless LAN Project Manager > > The University of Texas at Dallas > > > > > > > > Philippe Hanset wrote: > >> To respond to Mike, we use AP-4000. But not the controller yet. > >> > >> Which leads to my question: > >> anyone else using the AP-4000 and noticing uncontrolled reboots > >> on a daily basis? > >> The AP-4000 was working fine until we enabled VLAN tagging and > >> security/SSID (eg: "nomad" does unencrypted traffic and "nomadx" > >> does 802.1x based traffic with dynamic WEP). > >> > >> Please let me know as we are trying to solve this issue with > Proxim.>> > >> Regards, > >> > >> Philippe Hanset > >> University of Tennessee > >> > >> > >> On Wed, 9 Nov 2005, Michael Griego wrote: > >> > >> > >>> You are correct in your belief that these units are simply > bridges.>>> Proxim does have a new controller, though, that will > turn our AP-4000 > >>> installations into a switched wireless infrustructure, similar to > >>> Airespace/Aruba/Meru deployments. I have not looked at this, > however it > >>> seems possible that this box may be able to do NAT for the > clients.>>> > >>> --Mike > >>> > >>> > >>> Matt Ashfield wrote: > >>> > >>>> Hi All > >>>> > >>>> I'm using avaya ap-8's which is the same as the proxim4000 > unit. A > >>>> request > >>>> came in to have the box act as a NAT box. I had thought this > was not > >>>> possible, but I see NAT listed as one of the options on a few > sites>>>> on the > >>>> Internet. > >>>> > >>>> Is anyone using these boxes, and if so, do you know if they have > >>>> router/nat > >>>> capabilities? > >>>> > >>>> Thanks > >>>> > >>>> > >>>> Matt > >>>> [EMAIL PROTECTED] > >>>> > >>>> ** > >>>> Participation and subscription information for this EDUCAUSE > >>>> C
Re: [WIRELESS-LAN] anyone using avaya ap-8 or proxim 4000?
Not sure about the AP8 or 4000's, but Proxim had/has the AP2500 which is basically an AP2000 with NAT capabilities. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Matt Ashfield <[EMAIL PROTECTED]> Date: Wednesday, November 9, 2005 10:28 am Subject: [WIRELESS-LAN] anyone using avaya ap-8 or proxim 4000? > Hi All > > I'm using avaya ap-8's which is the same as the proxim4000 unit. A > requestcame in to have the box act as a NAT box. I had thought > this was not > possible, but I see NAT listed as one of the options on a few > sites on the > Internet. > > Is anyone using these boxes, and if so, do you know if they have > router/natcapabilities? > > Thanks > > > Matt > [EMAIL PROTECTED] > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WLAN Analysis Tools
I too have/had Airwave. Their support for the Proxim products is lacking to say the least and therefore it wasn't much use to me. I hear it works well with CSICO. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Tom Zeller <[EMAIL PROTECTED]> Date: Wednesday, July 27, 2005 12:24 pm Subject: [WIRELESS-LAN] WLAN Analysis Tools > In response to Dave Molta's query: > > Indiana University has well over 1000 access points. Our favorite > tool is the AMP software from Airwave. It provides an excellent > overall central management platform, supports many brands of APs, > pushes firmware, provides realtime data with detailed drill-down, > holds a database of configurations and matches that against SNMP > results (flagging mismatches due to mis-configuration), and > provides > a ping failure alert service. > > Sorry if that sounds like an ad, but unlike most management > software > we have tried, it works well for us. > > Another tool: One of our engineers carries a WiFi telephone (we > don't > support this generally) as an application-level test of wireless > connectivity. If he gets good voice quality on the phone, his > laptop > will be happy too. And it's a faster test than booting a laptop. > > Tom Zeller > Telecommunications Technical Advisor > Indiana University > (812) 855-6214 > [EMAIL PROTECTED] > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] wireless survey results
Here at Ryerson people visiting and wanting wireless access are to contact our conference services at which point a staff member will enter in a temporary user ID into LDAP via a custom web page and choose a date to expire that entry. The user then falls into 1 of 3 guest networks and is forced to login via captive portal. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: ray <[EMAIL PROTECTED]> Date: Monday, July 18, 2005 10:42 am Subject: Re: [WIRELESS-LAN] wireless survey results > Here's how we handle guest access. All of our APs are on a > separate VLAN > behind a linux firewall/router. Your mac address must be > registered in > LDAP before you're permitted past the firewall (which is done online). > > For guests, they have to know someone on campus. They click the guest > link on the wireless login page, fill in their name, email, > company, and > the email address of someone they know on campus (with selu.edu > domain).That person will get an email saying Joe Somebody wants > wireless access, > click here to approve it or ignore this message to deny it. If > they > approve, the guest will be allowed wireless access for two days. > > It isn't the best security, it's basically the honor system. But > it's a > good tradeoff between security, usability, and low administration. To > date, we haven't had any problems with anyone abusing the guest > system. > I'd also like to hear how others are handling guest access. > > ray > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Ray DeJean http://www.r-a-y.org > Systems EngineerSoutheastern Louisiana University > IBM Certified Specialist AIX Administration, AIX Support > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > > On Mon, 18 Jul 2005, Scott, Candice C wrote: > > > Good morning, All. > > > > I would also like to know what other campuses are doing for guest > > access. We have several camps here during the summer and this is > the> first year that we've also had people assuming that they could > get> access -- also assuming no charges for it. > > > > Have any of you been down this road? How are you handling it? > > > > thanks -- > > candice > > > > > > Candice Scott > > Dir. of Library and IT Services > > Schreiner University > > Kerrville, TX 78028 > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Redundancy question
Speaking with a little experience with the Aruba product... They do this automatically, with one catch: You need to design your deployment with quite a bit of cell overlay and by default the radios are at half power. If an adjacent AP dies, the others close by up their radio power to full. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Yair Oren <[EMAIL PROTECTED]> Date: Friday, April 1, 2005 8:40 am Subject: [WIRELESS-LAN] Redundancy question > Many AP vendors are advocating "power-adjustment"-based redundancy > schemes, i.e. if an AP fails its neighbors will power up to cover its > territory. > > Does this mean the number of required APs grows 4X or is there a > way to > make this work with less APs ? > > > > Yair Oren > > > > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Hidden SSID?
We had tried using the "closed system" feature as well, but fond that some D-Link and Linsys cards would not connect even thoght they we're configured correctly. Complaints started rolling in, so we removed the setting and have never used it since. I think it's suited for a smaller more private type network environmnet. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Ryon Price <[EMAIL PROTECTED]> Date: Monday, January 10, 2005 2:15 am Subject: [WIRELESS-LAN] Hidden SSID? > Just wondering what everyone thinks of using a hidden SSID. In our > casewe use Proxim AP-2000& 4000 and they call it a "closed > network". We > chose to use hidden SSIDs originally to deter people from seeing the > network and trying to get around our MAC address authentication. We > also like to use it because we require users to have the Helpdesk > set up > the wireless connection on the user's laptops, as well as make > sure they > have current Windows updates and a virus scanner and scan the machine > for viruses. Since we allow the user to register online this keeps > usersfrom getting on the network by putting the SSID in by > themselves and > putting a possibly infected machine on the network. Most cards don't > even see the network and some pick it up as a blank SSID. Recently we > have ran across many client cards that have a hard time connecting to > the AP with it hidden, as soon as it is set it to broadcast they are > able to connect. Microsoft cards flat out don't support it, they say > it isn't a security measure at all. Lately we have been having > troublewith the Centrino/Intel 2200bg cards connecting.. Any > thoughts or > comments? > > Thanks in advance > > Ryon Price > LAN Manager > Utah Valley State College > [EMAIL PROTECTED] > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Guest Access On Wireless
Here at Ryerson we don't have any guess access but are currenlty looking into something cheap and easy. We currebtly do mac based vlans and if your mac is not registered you fall into a dead vlan that goes no where. I'm looking at adding a guest SSID on a vlan with no routing and then putting a NoCat Auth box which will give out DHCP, NAT, and also force users to login via captive portal. There would be a guest account with a password which would change from event to event. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Lee Badman <[EMAIL PROTECTED]> Date: Tuesday, January 4, 2005 1:45 pm Subject: [WIRELESS-LAN] Guest Access On Wireless > Wondering what others might be doing for guest access on wireless > networks. Meaning- a visitor to campus (who otherwise would have no > authorization on your network) needs to use the Internet in the course > of a meeting or whatever. Do you provision for quick generation of > guestaccounts by a sponsor? Guest VLAN that is the equivelent of a > hotspotnetwork that takes users only to the Internet? Guests need > to be > sponsored well in advance with MAC address, etc, or they're just > out of > luck? > > Lee Badman > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] campus wireless survey
> How many APs on your campus? Approx 150 > Which vendor did you choose? Are you happy with it? Lucent/Orinoco/Proxim Software is sometimes buggy, but the hardware is good. Haven't much experience with other vendors, so we fairly happy. Have had only one fail in 5 yrs. > What kind of security mechanism do you use? Are you happy with that? Mac based Static WEP HTTP Hi-jacking with RovingPlanet's solution. So far so good, couple bugs with fail-over, but for the most part it works great and has had no problems since deployment. Hoping to do more with client security, but for now, with multiple OS's and not wanting to re-configure everyone's laptops, we're keeping things as is for now. Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - Original Message - From: Chris Hessing <[EMAIL PROTECTED]> Date: Tuesday, August 3, 2004 2:30 pm Subject: Re: [WIRELESS-LAN] campus wireless survey > > How many APs on your campus? > > Approx. 800 > > > Which vendor did you choose? Are you happy with it? > > Different departments have chosen different vendors. The big ones > are : > > 1. Proxim/Avaya - We have had terrible support, LOTS of bugs (many > of them > show stoppers), and are not too happy with them. (As in looking > to get > rid of them as soon as possible. :-/ > > 2. Cisco - Overall very solid APs, if you can afford them. RADIUS > accounting isn't correct which can cause problems if you are > trying to use > accounting records to generate stats. > > 3. Foundry - Pretty good support, but lacking in some features. They > don't do any form of RADIUS accounting. And, have issues with > Macs when > 802.1X is used with anything other than straight WPA. (This is > also true > of all other APs we have looked at based on the Accton reference > design.HP, 3Com, Extreme, Foundry.) > > 4. Trapeze - Just ordered some of this after hammering on it in > the lab. > They have the best, and most correct RADIUS accounting of any AP > we have > seen. The APs are solid, but lacking in good ways to physically > securethem. (No Kensington lock holes..) There is also currently > no SNMP > management support. (We have been banging on them to try to get > them to > add support.) Technical support during our tests was outstanding! > And we > hope/expect it to continue after the purchase. > > > Overall, I would suggest looking at Cisco, and Trapeze. > > > What kind of security mechanism do you use? Are you happy with > that? > 802.1X with dynamic WEP. (With TTLS-PAP) We are happy with it, > howeverwe are looking at changing clients to SecureW2 for Windows. > There is some > desire to move up to WPA but there are too many compat. issues at this > time. > > > What kind of monitoring/managing software are you using? Are > you happy > > with it? > > Nothing specific to wireless. But we use Nagios, and are happy > with it. > > > > > > > Many Thanks! > > > > -- > > > > - > > Sean Che > > Network Engineer > > Network Services > > Wayne State University > > Voice: (313)577-1922 > > Pager: (313)990-5403 > > Email: [EMAIL PROTECTED] > > - > > > > ** > > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/cg/.> > > ** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/cg/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
