from:"Mathieu Sturm"

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

2021-06-08 Thread Mathieu Sturm

Hello all,

We were struggling with this issue as well on version 8.10.130.0. We created a 
tac case (SR 690110031) last year but due to covid and lockdowns we couldn’t 
reproduce the issue. We only saw these issues on places where there was a lot 
of clients/roaming. On these ap’s the logs were filled with “chatter: 
lat_client_add(422): Failed to add client”. Not sure if this was related 
though. We only saw this issue on newer ap’s (2800/3800 and 9120’s).

No fix so far (and apparently not even in 8.10.151). Cisco pointed us to bug id 
CSCvv78719 and we had to disable MU-MIMO.
We weren’t able to verify this fix.

Regards


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>






Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Jonathan Oakden
Verzonden: woensdag 2 juni 2021 17:38
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?

Not sure as yet as we have been too busy to get this over to TAC at the moment 
since we identified the problem and came across this bug ID at the end of last 
week. It’s certainly the closest match we can find.
We can see that most of our 2801 APs sit at around 30-50% memory utilisation, 
however around 6% of them (about 320) are currently above 60% which is unusual. 
These appear to be climbing steadily at around 3-4% per week as though there is 
a memory leak.
We first spotted this when we got reports from students in a residence saying 
they were connected to wifi but nothing was working. Looking at the AP it was 
sat at 95% memory utilisation. Rebooting the AP restored service. However, we 
then looked at nearby APs and could see them climbing as well. It doesn’t 
appear to be all our APs but some unknown subsection of them.
We only went to 8.10 as we had bought some 9105 APs.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, 2 June 2021 at 16:30
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
That one’s interesting because it shows affected code is 8.5(140.0), and only 
one case... is TAC agreeing it’s the same bug? Just curious.
Lee Badman (mobile)

On Jun 2, 2021, at 11:23 AM, Jonathan Oakden 
mailto:j.p.oak...@lboro.ac.uk>> wrote:

We are on 8.10.151 for the last couple of months here at Loughborough 
University in England. We think we are being hit quite badly by this bug:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp31778<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbst.cloudapps.cisco.com%2Fbugsearch%2Fbug%2FCSCvp31778=04%7C01%7Cmathieu.sturm%40HOGENT.BE%7C773a0b9ace374aadd25d08d925dc83d4%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637582451303687383%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=GKzgZL5hqtw%2BMtgghMUPe7aX1SFkCMhCIpdReyqGGUU%3D=0>
with around 6% of our 2802i APs being currently affected.
It’s a really annoying bug too as to the user they appear to be connected to 
Wi-Fi but they have no network activity at all. Also the APs seem fine from a 
monitoring perspective unless you are either carefully monitoring their memory 
usage, or they get so far out of memory that they appear to lose their 
registration with the controller.
As such, I really can’t recommend 8.10.151.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu<mailto:00db5b77bd95-dmarc-requ...@listserv.educause.edu>>
Date: Wednesday, 2 June 2021 at 16:06
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code 
Recommendation, Based on Stability?
Thanks, Jason and Dennis.

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto

RE: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

2021-02-10 Thread Mathieu Sturm

I've ordered a Pixel 5 and will do some testing as well.
I've been testing with a virtual android 11 on android studio. This virtual 
android 11 also had the option to select "don't validate" option.

I will share my findings once testing has been done.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>



Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Dom Colangelo
Verzonden: dinsdag 9 februari 2021 18:26
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

In my testing I found that networks saved prior to the patch retained the 
'Don't validate' option. Forgetting and re-configuring the network eliminated 
the option.

[cid:image005.png@01D6FFA9.5BA6C3E0]Dom Colangelo
Systems Engineer
Omada Technologies
Cell: (617)-446-3945
dcolang...@omadatechnologies.com<mailto:dcolang...@omadatechnologies.com>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tim Cappalli
Sent: Tuesday, February 9, 2021 12:15
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

Screenshot?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Walter Reynolds mailto:wa...@umich.edu>>
Date: Tuesday, February 9, 2021 at 12:03
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

I have a Pixel 3 that I did a factory restet on.  Next I did all the updates 
needed and it is running Android 11.  The build number is RQ1A.210205.004 which 
includes the latest security patch for the phone.

When I go to configure a WPA2 Enterprise network I still have the "Don't 
validate" option.

What am I missing here?


Walter Reynolds
Network Architect
Information and Technology Services
University of Michigan
(734) 615-9438


On Sun, Feb 7, 2021 at 3:29 AM Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>>
 wrote:
I would not expect Pixel 2 and earlier to receive this update as they are end 
of support.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Richie Penuela 
mailto:richie.penu...@ucf.edu>>
Sent: Friday, February 5, 2021 09:37
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021


Mathieu,



Currently this is affecting Google Pixel 3 and up that have installed the 
Android 11 security patch in December. We have Google Pixel 2A w/ Android 11 
but the last security patch was provided prior to the one in December and we 
are still to select "Do not validate" option. In conversation with some of our 
integrators they believe that other Android platforms will follow suit.



-Respectfully,



[signature_2043038681]

Sr. Wireless Engineer

UCF IT | Telecommunications

University of Central Florida

407.823.4906

richie.penu...@ucf.edu<mailto:richie.penu...@ucf.edu>



Please note: Florida has a very broad open records law (F.S. 119). Emails may 
be subject to public disclosure





From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Friday, February 5, 2021 at 9:32 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021



Hello all,



I've been testing with 2 devices (Samsung s10 upgraded to android 11 and 
Samsung s20 also upgraded to android 11).

It seems that I'm still able to select "Do not validate" on these devices.



Is this because these devices were upgraded to android 11 and that the newer 
devices which were relea

RE: android 11 upcoming changes Feb 15th 2021

2021-02-05 Thread Mathieu Sturm

Hello all,

I've been testing with 2 devices (Samsung s10 upgraded to android 11 and 
Samsung s20 also upgraded to android 11).
It seems that I'm still able to select "Do not validate" on these devices.

Is this because these devices were upgraded to android 11 and that the newer 
devices which were released with android 11 don't allow the "Do not validate"?
Or are the pixel phones the only ones?

Regards,

Mathieu

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Hurt,Trenton W.
Verzonden: maandag 1 februari 2021 22:47
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

FYI

I just received the following from securew2 about some additional security 
changes coming to android 11.




This action will need to take place before the upcoming Android application 
update that is planned for February 15th, 2021.



As you may already be aware, Google mandates server validation to be properly 
configured for WiFi from Android version 11. This means that any 802.1X WiFi 
configuration without the following two settings will fail to connect.



1.  Server Validation

2.  Connect to these server names



For more information about these configurations, please read below.



What is Server Validation in a Network Profile?

This configuration item is for clients to validate a RADIUS server certificate 
chain during an EAP authentication. Clients would forward its requests only 
when the received server certificate is signed by the CA that is configured on 
the SecureW2 Network Profile.  It may be required to upload only the Root CA of 
the RADIUS server certificate, however, in some cases, the full chain may need 
to be provided.



What is the Connect to these server names field?

This field is used to specify the name of your RADIUS server certificate using 
its Common Name. If there is only one RADIUS server in your setup, you can 
quickly find this name from the certificate. If there are more than one RADIUS 
servers, or if the RADIUS server Common Name has more than two subdomains, we 
advise to use a wildcard name.



For example:

If the RADIUS server certificate's Common Name = radius.domain.com Connect to 
these server names should be radius.domain.com



If the RADIUS server certificate's Common Name = 
radius.lab.department.domain.com Connect to these server names should be 
*.department.domain.com or *.domain.com









Thanks

Trent

Trenton Hurt, CWNE #172,ACMP,ACCP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Network Analyst
University of Louisville
Phone (502) 852-1513


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Cisco licensing - alternative vendors

2021-02-03 Thread Mathieu Sturm

Hello all,

We are a Cisco shop when it comes to wireless (Cisco AP's, controllers and ISE).
Since Cisco is becoming a nightmare when it comes to licensing and software 
quality we want to explore new vendors.

We are looking at Fortinet and Aruba.

Any thoughts on these concerning licensing model, software/hardware quality, 
user community, support?

Best Regards,


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

2020-11-19 Thread Mathieu Sturm

Hello everyone,

We’ve been having issues on 8.10.130.0 where a client could connect to a 
certain 2800/3800/9120 but didn’t have network access. Since the client was 
already connected they couldn’t roam to another AP.

We first thought it to be this bug: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv78366
Cisco thinks this is only cosmetic… so they now think we are facing this bug: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv78719%20/?rfs=iqvred

Their (temporary) solution is to

Step 1
Choose WLANs and click the WLAN ID.
Step 2
In the Advanced tab, check or uncheck the 11ac MU-MIMO check box.
Step 3
In the 802.11ax BSS Configuration section, check or uncheck the Down Link 
MU-MIMO and Up Link MU-MIMO  disable MU-MIMO on 802.11ax APs.

I’m not to keen on doing this. It makes our 2800/3800/9120’s pretty worthless.

We also saw these bugs:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk68674/?rfs=iqvred
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh04804/?rfs=iqvred

We are waiting for MR4 were hopefully these bugs will be gone (We can only hope 
)

Regards,


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>




Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Phill Solomon
Verzonden: donderdag 1 oktober 2020 1:15
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

We have upgrade 2/3 WLC pairs from 8.5.151 to 8.10.103.0 – seems to be going ok 
with the exception of DNAC-C reporting slower / more DHCP failures – while we 
have received no support calls – just wondering if anyone else has seen this?

Mathieu, thanks for the tip on the bug, now watching that too.

thanks

Phill Solomon
Senior Network Engineer
Deakin University, IS - AV & Networks,  ICT Infrastructure Services, eSolutions
• Phone: +61 3 924 46069

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Thursday, 24 September 2020 10:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Little update, I came across this bug id: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65125/?rfs=iqvred<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbst.cloudapps.cisco.com%2Fbugsearch%2Fbug%2FCSCvu65125%2F%3Frfs%3Diqvred=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C8f16fa3f458248ddd86808d86596c4fd%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637371045528043511=oRxCC%2BNXXmwGOXEMbFpukuN2uMj9Xjg1%2FUgBzxIbH%2FE%3D=0>
 (thanks Jeff for the hint about version 8.10.139.43)

So I decided to change the settings on the SSID from WPA2 + WPA3 back to 
WPA+WPA2 and this seems to have resolved our issues (we’re testing right now).

My wife is about to deliver our 2nd daughter so I will ask my colleagues to 
update if possible.

Regards,


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C8f16fa3f458248ddd86808d86596c4fd%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637371045528053512=uSvsKRztnJ9S70n420KbR622SG%2Bs1tDC8vngr2MjP2o%3D=0>



Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Tristan Gulyas
Verzonden: donderdag 24 september 2020 7:22
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Hi,

Watching this thread closely.  We're currently on 8.5.151 but need to migrate 
to an 8.10 release for the 9130ax's.

If anyone has any TAC cases or bug IDs that may reference this issue, that 
would be super useful!

Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmonash.edu%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C8f16fa3f458248ddd86808d86596c4fd%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637371045528063501=EYV0uFpBTg

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Transitioning from older controller to new controller

2020-11-12 Thread Mathieu Sturm

I’d like to be added as well. Have been experimenting with the 9800-cl but it 
certainly is something different than our old 5520’s.

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Turpin, Max
Verzonden: donderdag 12 november 2020 3:49
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Transitioning from 
older controller to new controller

I’m interested as well, please add me.

Thanks.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tariq Adnan
Sent: Wednesday, November 11, 2020 6:06 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXTERNAL] Re: [WIRELESS-LAN] Transitioning from older controller to 
new controller

Please add me as well.

Thanks,

-
Cheers,

Kind regards,
Tariq Adnan
tariq.ad...@sydney.edu.au

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Michael Usher
Sent: Thursday, 12 November 2020 7:52 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Transitioning from older controller to new 
controller

I took a list of names a few weeks ago, but then I went dark when work got 
busy.  My apologies for the silence.

I'm reaching out to Mike Atkins to see if we can get everyone together on a 
single session.  I envisioned more of a "panel discussion" than a formal 
presentation -- but I've sure got my list of "gotchas" to share, so I'm sure it 
will be useful.

Looking forward to sharing experiences with others.

Michael Usher



On Wed, Nov 11, 2020 at 12:48 PM Matthew Craig 
mailto:matcr...@nmsu.edu>> wrote:
I am intersted as well.



-
Matt Craig
Network Engineer
Information and Communication Technologies
New Mexico State University








On Nov 11, 2020, at 1:25 PM, Mike Atkins 
mailto:matk...@nd.edu>> wrote:

WARNING: This email originated external to the NMSU email system. Do not click 
on links or open attachments unless you are sure the content is safe.
You are not late at all.  I certainly am.  I have 8-9 e-mails for interest.  
I'll send out a quick survey to collect information from those that responded.  
I will send it to the list again to pickup others that might be interested.


On Wed, Nov 11, 2020 at 3:17 PM Michael Heflin 
<02002057e293-dmarc-requ...@listserv.educause.edu>
 wrote:
Little late but would be interested in this as we are moving from 8540's to 
9800's

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community


--




Mike Atkins
Infrastructure Architect
Office of Information Technology
University of Notre Dame





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to

RE: [EXTERNAL] Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

2020-10-01 Thread Mathieu Sturm

@Phil, I requested more information about that bug 
(https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65125/?rfs=iqvred) and 
Cisco TAC send me this:

FT : disabled PMF : optional policy : wpa2 + wpa3 wpa2 : enabled wpa3 : enabled
Condition is this : When a user configures WPA2 PSK in pre WPA3 supported 
version and upgrades to WPA3 supported WLC version. The SAE password store is 
not configured during upgrade. This causes no passphrase to be sent to AP that 
causes no client connection

@Jason
On 8.10.121.0 we had issues with android devices that wouldn't connect. 
Updating to 8.10.130.0 and changing Fast Transition to enable fixed this 
(https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu24770/). There is also this 
bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu67048 on 
8.10.121.0<https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu67048%20on%208.10.121.0>

Regarding 8.10.130.0 Our IT helpdesk has had their work on upgrading NIC's. 
Most of our issue's are solvable with updating the NIC or manually making a 
profile in W10. The eduroam cattool has helped a lot as well.

I  saw that there is a beta for 8.10MR4 but I'm not to keen to experiment with 
this.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>




Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Mallon, Jason
Verzonden: donderdag 1 oktober 2020 2:17
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Cisco 8.10.130.0 
eduroam issues

We saw this all the way through 8.10.121 and actually thought the radius 
servers/NAC were causing an issue.  We had multiple TAC cases opened, before 
Cisco finally recommended we move to 8.10.130.  Upgrading code solved a lot of 
our issues.  There are still a handful of devices that have issues, and we have 
been working on getting them to upgrade their drivers.
Jason Mallon
Network Engineer, OIT
The University of Alabama
jemal...@ua.edu<mailto:jemal...@ua.edu>

On Sep 30, 2020 18:16, Phill Solomon 
<0150915d379b-dmarc-requ...@listserv.educause.edu<mailto:0150915d379b-dmarc-requ...@listserv.educause.edu>>
 wrote:
We have upgrade 2/3 WLC pairs from 8.5.151 to 8.10.103.0 - seems to be going ok 
with the exception of DNAC-C reporting slower / more DHCP failures - while we 
have received no support calls - just wondering if anyone else has seen this?

Mathieu, thanks for the tip on the bug, now watching that too.

thanks

Phill Solomon
Senior Network Engineer
Deakin University, IS - AV & Networks,  ICT Infrastructure Services, eSolutions
* Phone: +61 3 924 46069

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Thursday, 24 September 2020 10:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Little update, I came across this bug id: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65125/?rfs=iqvred<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbst.cloudapps.cisco.com%2Fbugsearch%2Fbug%2FCSCvu65125%2F%3Frfs%3Diqvred=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cf6c43d3d3288475ca4f408d8659f58fe%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637371082380355154=5PInUNtudOzIrnYGuvgUsXRqiJufvy4eTkJPNbM69y8%3D=0>
 (thanks Jeff for the hint about version 8.10.139.43)

So I decided to change the settings on the SSID from WPA2 + WPA3 back to 
WPA+WPA2 and this seems to have resolved our issues (we're testing right now).

My wife is about to deliver our 2nd daughter so I will ask my colleagues to 
update if possible.

Regards,


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cf6c43d3d3288475ca4f408d8659f58fe%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637371082380355154=0vjE8cIeVRoxAd4DYM4wPLykPVvkXjaf6pUQxXppx2s%3D=0>



Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Tristan Gulyas
Verzonden: donderdag 24 september 2020 7:22
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRE

RE: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

2020-09-24 Thread Mathieu Sturm

Little update, I came across this bug id: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu65125/?rfs=iqvred (thanks 
Jeff for the hint about version 8.10.139.43)

So I decided to change the settings on the SSID from WPA2 + WPA3 back to 
WPA+WPA2 and this seems to have resolved our issues (we’re testing right now).

My wife is about to deliver our 2nd daughter so I will ask my colleagues to 
update if possible.

Regards,


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>



Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Tristan Gulyas
Verzonden: donderdag 24 september 2020 7:22
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Hi,

Watching this thread closely.  We're currently on 8.5.151 but need to migrate 
to an 8.10 release for the 9130ax's.

If anyone has any TAC cases or bug IDs that may reference this issue, that 
would be super useful!

Tristan
--
TRISTAN GULYAS
Senior Network Engineer

Technology Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmonash.edu%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C6078e49e647e41bd416c08d86049bbde%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637365217102685605=6Regh9vt9RkykD0R6GjrxBMAUVcdXFI6hdBCfXGOazU%3D=0>


On 24 Sep 2020, at 2:23 am, Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>> wrote:

You probably want 8.10.139.43, which is fully BU supported and suggested for 
production. This is a link to the release notes, I’d check to see if any of 
these apply. Also, verify your timeouts aren’t set too low for the radius 
responses coming from eduroam.  I ran into this at Cal Poly in Pomona, where I 
could not interactively login to eduroam, but I could save my credentials and 
it worked just fine.  I suspected a timeout set too low (this was Aruba 
equipment however). Had an entire group there for a meeting that faced the same 
issues.

https://www.cisco.com/web/software/280926587/153915/Release_Notes_8_10_139_43.pdf<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fweb%2Fsoftware%2F280926587%2F153915%2FRelease_Notes_8_10_139_43.pdf=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C6078e49e647e41bd416c08d86049bbde%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637365217102695599=lNJqE8txYPSQ%2B0e5dW8QBscMaH2K6QJXUP%2FgZi0vGRs%3D=0>

Jeff


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Wednesday, September 23, 2020 3:07 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Hello,

We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the 
update we have issues with eduroam. Before the update the students and other 
users could select the ssid eduroam and fill in the credentials and they were 
connected.
Now we have to update the NIC’s (mostly AX200) to the latest version and/or 
update to W10 version 2004. And even then we often have to configure the SSID 
manually and save credentials.

We see that the users get to the ISE and are permitted but the WLC doesn’t 
always see this permit. Or the ISE gives a certificate warning (I’ve checked 
our certificates, all are valid).

Is anyone experiencing the same thing?

We went tot 8.10.130.0 for our new 9120’s.

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer



Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C6078e49e647e41bd416c08d86049bbde%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C1%7C637365217102695599=PIdACvXLn2TSxtAgy1Y4DBiicgvzdJFn7gHJe3YHQM0%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.

Cisco 8.10.130.0 eduroam issues

2020-09-23 Thread Mathieu Sturm

Hello,

We updated our Cisco 5520 controllers from 8.5.151.0 to 8.10.130.0. Since the
update we have issues with eduroam. Before the update the students and other
users could select the ssid eduroam and fill in the credentials and they were
connected.
Now we have to update the NIC's (mostly AX200) to the latest version and/or
update to W10 version 2004. And even then we often have to configure the SSID
manually and save credentials.

We see that the users get to the ISE and are permitted but the WLC doesn't
always see this permit. Or the ISE gives a certificate warning (I've checked
our certificates, all are valid).

Is anyone experiencing the same thing?

We went tot 8.10.130.0 for our new 9120's.

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community

RE: WLC 8.10.122 Bug

2020-08-28 Thread Mathieu Sturm

We are experiencing CSCvu67048 and are upgrading to 8.10.130. Also on version 
8.10.122 is this bug CSCvu24770

8.10.122 should be avoided.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40hogent.be%7C86879fbc6e8c49ab13ff08d67ac4edef%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C636831383554731873=8NfYjNEE4XDViDT6wMtCYFa0cY8g5CXqS9kf7VtYBcU%3D=0>




Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Rios, Hector J
Verzonden: donderdag 27 augustus 2020 18:43
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] WLC 8.10.122 Bug

For those of you on or considering 8.10., be aware of this bug:


CSCvt38486:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt38486<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbst.cloudapps.cisco.com%2Fbugsearch%2Fbug%2FCSCvt38486=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cc8ea3053fe7944fe246608d84aa84468%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C63734143384762=m9YmWtHN8WrijL520jqPkYyqDniFM%2Fbsg2PIt9cAJGQ%3D=0>

This was actually brought up a couple of months ago on subject "WLC 8.10.121 
Deferred". We did experience the issue with Windows clients. And testing on 
8.10.130 looks to resolve the problem.

Thanks,

Hector Rios, Wireless Network Architect
The University of Texas at Austin


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cc8ea3053fe7944fe246608d84aa84468%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637341433847637770=7EI7s0QJ9UJVFkBKokNK%2FP41R6tVRzqUO9s3Qud50es%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: WLC 8.10.130

2020-08-20 Thread Mathieu Sturm

I upgraded tot hat version on one of our controllers. Luckily I only had 6 ap's 
on that WLC. 5 of them got in a loop where they wouldn't join the controller. 
Only 1 eventually joined after more than an hour. I wouldn't recommend that 
version for now. All AP's were 2802's.

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Rios, Hector J
Verzonden: dinsdag 18 augustus 2020 17:01
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] WLC 8.10.130

Has anyone upgraded to WLC 8.10.130? I'm running it in the lab. No issues with 
the upgrade. Just wanted to see if anyone is on it and with students back.

Thanks,

Hector Rios, Wireless Network Architect
The University of Texas at Austin


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

That was the reason I haven’t updated as well. I find it super confusing where 
everything went. Don’t know what they were thinking

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Heavrin, Lynn
Verzonden: donderdag 10 oktober 2019 15:28
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

I’m sure you’re aware but you should skip 2.3 (super buggy) and go to 2.4, but 
the policy set UI has totally changed and in my opinion, is much, much harder 
to navigate than 2.2.  That’s the only reason I’m holding off from upgrading 
2.2 to 2.4.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, October 10, 2019 at 3:14 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

Thinking on going to latest ISE version (to get rid of that stupid flash ) 
when we have a new maintenance window.

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Heavrin, Lynn
Verzonden: woensdag 9 oktober 2019 22:23
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

We have the same 5441 messages and we are on 8.5.135.0 and ISE 2.2 patch 12.   
I don’t have any evidence it’s service impacting but it is annoying.   You need 
to upgrade from patch 5 to address some serious bug and vulnerabilities.  Patch 
15 is out.

We also get the 5441 messages on our VPN auth on ISE so it’s not isolated to 
wifi.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Kitri Waterman mailto:wate...@wwu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, October 9, 2019 at 10:17 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fwireless%2Fwireless-lan-controller-software%2F200046-tac-recommended-aireos.html%23anc13=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C349ddc42f3984ebea74708d74d85bee4%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637063109151199539=f6VSxWBxRTpDzraZLbpVPUz9NP0kD7GT%2FsGCzySJpPE%3D=0>



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, October 8, 2019 at 11:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained<https://eur03.safelinks.pr

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

I actually looked into this but couldn’t find anything that made sense.

Update to everyone: the problem is somehow solved. As I said we had 3 wlc’s, 2 
hot, 1 standby. We moved AP’s from the failing wlc to the standby and 
everything started working like it was before the start of the academic year.  
I suspect some sort of a bug in the WLC where auth requests were put in a queue 
that wasn’t emptied or at a super slow pace.

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Carlo Terminiello
Verzonden: woensdag 9 oktober 2019 9:28
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

Hi,

Have you had a look at the AAA server statistics, will list number of auth 
requests, passes, fails, timeout etc.. example output below, may help focus the 
investigation. Of course a ‘debug client ’  always helps

Example output:

(wlc01) >show radius auth statistics
Authentication Servers:

Server Index. 1
Server Address... 10.203.251.110
Msg Round Trip Time.. 41087 (usec)
Average Msg Round Trip Time.. 154 (usec)
Exponential Msg Round Trip Time.. 37068 (usec)
First Requests... 303910
Retry Requests... 42
Accept Responses. 22698
Reject Responses. 213
Challenge Responses.. 280986
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 0
Timeout Requests. 42
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 13
AuthZ Requests... 0
AuthZ Accept Responses... 0
AuthZ Reject Responses... 0

--More-- or (q)uit


Server Index. 2
Server Address... 10.128.50.42
Msg Round Trip Time.. 154643 (usec)
Average Msg Round Trip Time.. 163837 (usec)
Exponential Msg Round Trip Time.. 208352 (usec)
First Requests... 24776
Retry Requests... 34
Accept Responses. 24380
Reject Responses. 396
Challenge Responses.. 0
Malformed Msgs... 0
Bad Authenticator Msgs... 0
Pending Requests. 0
Timeout Requests. 34
Consecutive Drops ... 0
Unknowntype Msgs. 0
Other Drops.. 0
AuthZ Requests... 0
AuthZ Accept Responses... 0
AuthZ Reject Responses... 0

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, 9 October 2019 at 08:11
To: 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocumentation.meraki.com%2FMR%2FWiFi_Basics_and_Best_Practices%2F802.11_Association_process_explained=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Ccb67af74b14b420cd

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

Yes

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Jonathan Oakden
Verzonden: donderdag 10 oktober 2019 10:25
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

Are you using PEAP/MSCHAP?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply to: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, 8 October 2019 at 20:00
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C81978c8f734e4806438f08d74d5b5fd5%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062927155163456=0YQYXA10zbW7NZxE3g5SJR34deS%2F%2FGU7ceN6yU%2BKJFg%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C81978c8f734e4806438f08d74d5b5fd5%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062927155173453=FhehFOmaBbnLbw58aBAb8JzJ8kgKDM%2Fo3rFPOEggIxM%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C81978c8f734e4806438f08d74d5b5fd5%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062927155173453=FhehFOmaBbnLbw58aBAb8JzJ8kgKDM%2Fo3rFPOEggIxM%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

Thinking on going to latest ISE version (to get rid of that stupid flash ) 
when we have a new maintenance window.

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Heavrin, Lynn
Verzonden: woensdag 9 oktober 2019 22:23
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

We have the same 5441 messages and we are on 8.5.135.0 and ISE 2.2 patch 12.   
I don’t have any evidence it’s service impacting but it is annoying.   You need 
to upgrade from patch 5 to address some serious bug and vulnerabilities.  Patch 
15 is out.

We also get the 5441 messages on our VPN auth on ISE so it’s not isolated to 
wifi.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Kitri Waterman mailto:wate...@wwu.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, October 9, 2019 at 10:17 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fwireless%2Fwireless-lan-controller-software%2F200046-tac-recommended-aireos.html%23anc13=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C0e0d9fa7f9b84cb5569908d74cf68a44%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062494090192545=1Wea7FcwIHYXTDfd66dK2jonTcxZBlPyzurrvBdd84k%3D=0>



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, October 8, 2019 at 11:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocumentation.meraki.com%2FMR%2FWiFi_Basics_and_Best_Practices%2F802.11_Association_process_explained=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C0e0d9fa7f9b84cb5569908d74cf68a44%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062494090192545=OxOm2kKVpG%2FKEQw7McWOqZZP2cGg9o9yaa8ZphNwDw4%3D=0>

anyway, I think you’re going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K ass

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

There is a 8.5 MR5 since June. Any known major issues on that?

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Kitri Waterman
Verzonden: woensdag 9 oktober 2019 17:17
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

8.3.x? Or 8.5.x?

8.5 will support AP2600’s. We’re currently at 8.5.140.0 (we still have AP3500’s 
to support…) and it’s been fairly stable for AireOS.

8.3 also has some escalation fixes: 
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html#anc13<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fwireless%2Fwireless-lan-controller-software%2F200046-tac-recommended-aireos.html%23anc13=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C6a49a279d91d45665d1108d74ccbb979%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062310199002274=vTqb189Y8NHSVK7DJ%2B0zDT08wQiFiS%2FFLgk4CAO4P1M%3D=0>



Kitri
Network Architect/Engineer
Enterprise Infrastructure Services
Western Washington University



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
mailto:mathieu.st...@hogent.be>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, October 8, 2019 at 11:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

The WLC is on version 8.3.140.0 (we still have 2600 series AP’s that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a ‘bad password’ (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn’t the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocumentation.meraki.com%2FMR%2FWiFi_Basics_and_Best_Practices%2F802.11_Association_process_explained=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C6a49a279d91d45665d1108d74ccbb979%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062310199012272=TB6z94eD94rF%2FPsB5fz%2BRH%2FZ5BGhd0ugsXJdtlyPCqs%3D=0>

anyway, I think you’re going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we’ve been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is standby), 
around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it’s taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC’s but don’t see them trying in the ISE’s (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B

RE: [WIRELESS-LAN] WLC & ISE combo issues

2019-10-10 Thread Mathieu Sturm

This is a setup that's around for some time. Definitely not something new. We 
might have around 500 users more than last year but I think this couldn't make 
a lot of difference.

-Oorspronkelijk bericht-
Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Dennis Xu
Verzonden: woensdag 9 oktober 2019 15:20
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

Is this a new deployment or do you have more users this year than last year? It 
could be load related. That 5441 error log indicates there are queued RADIUS 
packets at ISE which cannot be processed in timely manner. Try adding ISE 
service node to see if that can help. Also check this link about something to 
be tuned at WLC side: 
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fwireless-mobility%2Fwireless-lan-wlan%2F118703-technote-wlc-00.htmldata=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C08b3e497408d4872b44a08d74cbb5da9%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062239935089762sdata=agnSRfe0pr2Z%2FgsHPU1LCc%2F3GFIMO4ovD9kDpVme5s8%3Dreserved=0.

Cheers,

Dennis Xu | Analyst III, Network Infrastructure Computing and Communications 
Services (CCS) | University of Guelph University Centre | 50 Stone Rd E | 
Guelph, ON | N1G 2W1
519-824-4120 Ext. 56217 | d...@uoguelph.ca
https://eur03.safelinks.protection.outlook.com/?url=www.uoguelph.ca%2Fccsdata=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C08b3e497408d4872b44a08d74cbb5da9%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062239935089762sdata=db9UP6fXQhd%2FoCiqlrW3%2FUlZaZMJJ02wt3xLjw%2FJFGU%3Dreserved=0
 | twitter.com/ccsnews | facebook.com/CCSUofG


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Kenny, Eric
Sent: Wednesday, October 9, 2019 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC & ISE combo issues

Hi Mathieu,

One thing you might want to verify is that the RADIUS timeout values match in 
both the WLCs and in ISE.  If these values differ, you may end up in a 
situation like this where one side gives up and the other side is not aware.
---
Eric Kenny
Network Architect
Harvard University ITS
---

> On Oct 8, 2019, at 2:50 PM, Mathieu Sturm  wrote:
> 
> Hello, since the start of the new academic year we’ve been having some 
> troubles with our Cisco setup. We have 3 Cisco WLC 5520’s (one of these is 
> standby), around 850ap’s and 5 Cisco ISE’s (1 admin node, 1 monitor node and 
> 3 radius-only nodes). 
>  
> We have this setup since 2018. There were some problems sometimes but nothing 
> major. Now recently it’s taking a long time for people to get connected. We 
> have around 20k students and 3K staff with peaks to nearly 9K associations.
>  
> The problem is that it is difficult to get connected sometimes. I see the 
> user trying to connect in the WLC’s but don’t see them trying in the ISE’s 
> (it looks like the attempt gets lost somewher).
> I can see the following worrying log message in the wlc:
>  
> RADIUS auth-server X.X.X.X unavailable
>  
> Or
>  
> These logs in the ISE
>  
> 5441 Endpoint started new session while the packet of previous session is 
> being processed. Dropping new session.
> 12930 Supplicant stopped responding to ISE after sending it the first 
> PEAP message
>  
>  
> It looks like there is some sort of bottleneck between WLC and ISE.
>  
> Further information: the identity store is a bunch of Windows Domain 
> Controllers (6 in total).
>  
> Any ideas?  
>  
> Mathieu Sturm
> Hoofdmedewerker Netwerkbeheer
> 
> 
> 
> Directie Financiën, Infrastructuur en IT Afdeling Netwerkbeheer Campus 
> Schoonmeerssen - Gebouw B  Lokaal B0.75 Valentin Vaerwyckweg 1 - 9000 
> Gent
> +32 9 243 35 23
> https://eur03.safelinks.protection.outlook.com/?url=www.hogent.bedata=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C08b3e497408d4872b44a08d74cbb5da9%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062239935089762sdata=6%2BB0NUZS7MVoXPa29lKkNx1s0rVc4xXUpmeLAyKxg%2FY%3Dreserved=0
>  
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the 
> message, copy and paste their email address and forward the email 
> reply. Additional participation and subscription information can be 
> found at 
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7C08b3e497408d4872b44a08d74cbb5da9%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637062239935089762sdata=M7P%2FQmDPCm%2Bp07wwV2rqGqCGk%2F9oNxjyu2c10Ihjj34%3Dreserved=0
> 


**
Replies to EDUCAUSE Community Group emails are sen

RE: WLC & ISE combo issues

2019-10-09 Thread Mathieu Sturm

The WLC is on version 8.3.140.0 (we still have 2600 series AP's that we need to 
replace so we are pretty limited) and ISE is 2.2 (patch 5).

Van: The EDUCAUSE Wireless Issues Community Group Listserv 
 Namens Letts, Richard J
Verzonden: dinsdag 8 oktober 2019 22:41
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues

What version of core on the WLC / what model of AP?

We had an issue at the start of the year with  version of code on cisco 3500 
series AP  where clients would successful authenticate  with the AP, but the 
association would never get passed from the AP through to the controller and 
thence on to the ISE. Clients would get a 'bad password' (or similar type of 
error) displayed on their computer which would confuse them, and there would be 
nothing recorded in the WLC or ISE logs.

Authentication and Association isn't the way around people normally think of 
this.
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11_Association_process_explained<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocumentation.meraki.com%2FMR%2FWiFi_Basics_and_Best_Practices%2F802.11_Association_process_explained=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cb54dcfe8acf04723a16b08d74c2fce8e%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637061640532329954=2y71jFOt5V7KsoUCD%2B%2BlqqKouv4AVlMP0SgjCy638EI%3D=0>

anyway, I think you're going to need to include version numbers of the ISE and 
WLC code for more help.

Thank you

Richard Letts

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mathieu Sturm
Sent: Tuesday, October 8, 2019 2:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] WLC & ISE combo issues

Hello, since the start of the new academic year we've been having some troubles 
with our Cisco setup. We have 3 Cisco WLC 5520's (one of these is standby), 
around 850ap's and 5 Cisco ISE's (1 admin node, 1 monitor node and 3 
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing 
major. Now recently it's taking a long time for people to get connected. We 
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user 
trying to connect in the WLC's but don't see them trying in the ISE's (it looks 
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

Or

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being 
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP 
message


It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain 
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

Directie Financiën, Infrastructuur en IT
Afdeling Netwerkbeheer
Campus Schoonmeerssen - Gebouw B  Lokaal B0.75
Valentin Vaerwyckweg 1 - 9000 Gent
+32 9 243 35 23
www.hogent.be<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.hogent.be%2F=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cb54dcfe8acf04723a16b08d74c2fce8e%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637061640532339947=0i%2Fc3KL%2BMxnFW2ZLTErgMxG4sAy3fHavy%2B82Ycr%2FSm0%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cb54dcfe8acf04723a16b08d74c2fce8e%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637061640532339947=oxS7jZgm55pQt6eUpNmyEUXlKGZVkPu2Nxl1gowFeYo%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cmathieu.sturm%40HOGENT.BE%7Cb54dcfe8acf04723a16b08d74c2fce8e%7C5cf7310e091a4bc5acd726c721d4cccd%7C1%7C0%7C637061640532349941=5%2F%2Bwdk2eckMEJSE1Q%2FnCEktLmiG%2FvA%2FRJa4Aowba2kk%3D=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, cop

WLC & ISE combo issues

2019-10-08 Thread Mathieu Sturm

Hello, since the start of the new academic year we've been having some troubles
with our Cisco setup. We have 3 Cisco WLC 5520's (one of these is standby),
around 850ap's and 5 Cisco ISE's (1 admin node, 1 monitor node and 3
radius-only nodes).

We have this setup since 2018. There were some problems sometimes but nothing
major. Now recently it's taking a long time for people to get connected. We
have around 20k students and 3K staff with peaks to nearly 9K associations.

The problem is that it is difficult to get connected sometimes. I see the user
trying to connect in the WLC's but don't see them trying in the ISE's (it looks
like the attempt gets lost somewher).
I can see the following worrying log message in the wlc:

RADIUS auth-server X.X.X.X unavailable

These logs in the ISE

5441 Endpoint started new session while the packet of previous session is being
processed. Dropping new session.
12930 Supplicant stopped responding to ISE after sending it the first PEAP
message

It looks like there is some sort of bottleneck between WLC and ISE.

Further information: the identity store is a bunch of Windows Domain
Controllers (6 in total).

Any ideas?

Mathieu Sturm
Hoofdmedewerker Netwerkbeheer

[https://www.hogent.be/www/assets/Image/logo2018.png]

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

2016-07-06 Thread Mathieu Sturm

We’ve replaced our 1130’s last year and are going for 8.2MR next week.
Has anyone done the upgrade? We want to try out the 1810w’s.


Mathieu Sturm
Hoofdmedewerker Netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
mathieu.st...@hogent.be<mailto:mathieu.st...@hogent.be>
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Tristan Gulyas
Verzonden: woensdag 6 juli 2016 2:46
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu<mailto:tristan.gul...@monash.edu>
monash.edu<http://monash.edu/>

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
<lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu<http://its.syr.edu/>
SYRACUSE UNIVERSITY
syr.edu<http://syr.edu/>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@listserv.educause.edu>
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu<mailto:jcosgr...@hmc.psu.edu>
Web: http://pennstatehershey.org<http://pennstatehershey.org/>


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Paul Sedy
Sent: Monday, August 31, 2015 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Is the bug only showing up on 8.0.120?  We are running 8.0.110.0.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu<mailto:rps...@masters.edu>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Monday, August 31, 2015 5:46 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Any update on the bug fix for the flapping 5ghz radios in 8.0.120?  I'm seeing 
a fair amount of them on my 3702i's.

Thanks!
-dan



Dan Brisson

Network Engineer

University of Vermont






On 7/28/15 4:45 AM, Scharloo, Gertjan wrote:
Hi Lee,

The 5 GHz radio message is a DFS problem and part of bug (CSCut98006)-and 
(CSCuq86269)

CSCut98006 DFS detections due to high energy profile signature – AP2600/3600 
specific fix

Fixed in Image  8.0.110.22 for 3600/2600 platforms

For 1700/2700/3700 will be coming soon, as there were some minor issues found 
during fix porting for this HW that are being resolved.

This week Cisco should be able to confir

RE: [WIRELESS-LAN] student residential routers?

2016-06-29 Thread Mathieu Sturm

We use smseagle. Had some trouble with it in the beginning but they solved 
everything. It’s working like a charm right now. Before that we had a siemens 
mc35i connected through serial port with our server.

I’ve tested the sms gateway with our cisco ise and that works perfect.

Integration can be found here: https://www.smseagle.eu/integration-plugins/
Although it’s just an api so you can integrate it with everything.


Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Hector J Rios
Verzonden: maandag 27 juni 2016 20:29
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] student residential routers?

Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I’m interested in that option.

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Access Point Failure Rate

2016-04-28 Thread Mathieu Sturm

Around 550 Cisco AP’s. Had 1 dead autonomous 1131 and 2 damaged 2602’s from 
waterleaks in the last 5 years.
Pretty happy with that.


Sturm Mathieu
Networkengineer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Directie Financiën en ICT
Valentin Vaerwyckweg 1
9000 Gent
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Jason Cook
Verzonden: donderdag 28 april 2016 1:42
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Access Point Failure Rate

Cisco AP’s Almost 1900 now ranging from 1131-37002 series

Never had enough issues to record anything. So anecdotal
Perhaps 1 DOA every 400 AP’s
Sitting at about 10 failures for installed AP’s the last 2 years. But about 7 
of that would be the +10 year old 1131 models

So gone pretty well for us

Ignoring of course damaged AP’s. mostly water leaks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Gibbs
Sent: Thursday, 28 April 2016 6:49 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Access Point Failure Rate

5 years, 315 APs, 0 failures. Extreme Networks / Enterasys


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Wed, Apr 27, 2016 at 5:10 PM, Thomas Carter 
> wrote:
275 Trapeze/Juniper wireless APs. 0 failures in the last 2 years. 3 years ago 
we had about 5-7 failures due to a known flaw in the AP. Their older a/b/g 
model (MP-422 for those in the Trapeze/Juniper boat) had a problem of burning 
out the signal amplifier if the power was turned up too much. Before I arrived 
all the APs were cranked to the max; after setting more reasonable power 
levels, we’ve had no other problems.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Trinklein, Jason R
Sent: Wednesday, April 27, 2016 2:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Access Point Failure Rate

I’m curious to know other institutions’ equipment failure rate for access 
points.

School: College of Charleston
Brand: Xirrus
Access Point Count: 692
RMA Replacements in the last year: 36
Failure rate: 5%

What do you observe?
--
Jason Trinklein
Wireless Engineering Manager
College of Charleston
81 St. Philip Street | Office 311D | Charleston, SC 29403
trinkle...@cofc.edu | (843) 
300–8009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC5508

2016-03-25 Thread Mathieu Sturm

Thank you for all the information guys. I know the question has been asked 
before. Just wanted to know because of the release of the new wave 2 ap’s which 
we’d like to test and still have a good working environment. Right now we’re on 
7.6.130  which is pretty stable but is a couple of years old already.

Best regards,

Mathieu

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Jeffrey D. Sessler
Verzonden: donderdag 24 maart 2016 15:35
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Cisco WLC5508

For the new wave-2 AP’s e.g. 2800/3800, you’ll need 8.2 MR1 which is do toward 
the end of April. The 2800/3800 first customer ship (FCS) being mid-May.

Future:
Mobility express support is in 8.3, due FCS + 3 months
FIPS/CC, Enhanced Location/Fast Locate, and Bridge Mode (Mesh) is 8.3 MR1, due 
FCS + 6 months.

Jeff

From: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Mathieu Sturm 
<mathieu.st...@hogent.be<mailto:mathieu.st...@hogent.be>>
Reply-To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, March 24, 2016 at 5:19 AM
To: 
"wireless-lan@listserv.educause.edu<mailto:wireless-lan@listserv.educause.edu>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] Cisco WLC5508

What is the preferred/stable release for a Cisco WLC 5508?
I’m planning on updating this summer.

AP’s 2800,1810 and 3800 series support is required.

Sturm Mathieu
Hoofdmedewerker Netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Directie Financiën en ICT
Valentin Vaerwyckweg 1
9000 Gent
HoGent.be

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

2015-11-24 Thread Mathieu Sturm

We were looking at upgrading our 5508 as well.

We experienced bug CSCur33085 so we wanted to upgrade to a version that doesn’t 
contain that bug. Unfortunately this bug is still in version 8.0.121.0 and will 
be resolved in the not yet released 8.0.122. We want to go straight to 8.1.x 
but there isn’t a recommended release. If I were you I’d wait until a stable 8.1

Just my 2 cents though


Mathieu Sturm
Hoofdmedewerker Server – en netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
T + 32 92433523
mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Pete Hoffswell
Verzonden: dinsdag 24 november 2015 16:19
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

:)

So, I think we might try to upgrade our code on our 5508, currently at ancient  
7.6.130.26

What's everyone running these days?

Cisco suggests 8.0.121.0, and I see that 8.1.131.0 was released Nov 6.

We run a modest 263 APs on a 5508, with a HA unit waiting to be deployed.

Thoughts?


-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu<mailto:pete.hoffsw...@davenport.edu>
http://www.davenport.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Mac Pop UP Error

2015-10-23 Thread Mathieu Sturm

https://discussions.apple.com/thread/1941869?start=0=0

Have you tried disabling TKIP?

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Charlie Weaver
Verzonden: vrijdag 23 oktober 2015 14:56
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: [WIRELESS-LAN] Mac Pop UP Error

Has anyone else seen the pop up message on Mac computers connected to their 
wireless that says “The wireless network appears to have been compromised and 
will be disabled for about a minute.”?  We recently rolled out ISE and now 
every wireless issue is related to the rollout.  We are using WPA2-Enterprise 
on the authenticated SSID, but from what I have seen, this is not wireless 
vendor specific and can happen on pretty much any type of wireless network from 
home to enterprise.

Thanks for any help,

Charlie Weaver
Director or network Services and Telecommunications
Georgia College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Measuring User Experience

2015-10-22 Thread Mathieu Sturm

This may sound stupid but I have a bash script running on a linux server that 
every 5 minutes does a show client summary. It then counts the clients that are 
associated and authenticated. I then try to get a percentage by dividing the 
two. This is displayed on our monitoring wall. It's fairly correct and displays 
the overall connection success. 

I also have a linux pc with 2 wifi cards and try to connect to our 2 most 
important SSID's. If this doesn't work we get an SMS.

-Oorspronkelijk bericht-
Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Julian Y Koh
Verzonden: donderdag 22 oktober 2015 15:56
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Measuring User Experience

On Thu Oct 22 2015 08:11:46 CDT, "Williams, Matthew"  wrote:
> 
> Thank you for the ideas, everyone.  The problem that we have with measuring 
> tickets is that our user base is more apt to complain on social media and we 
> simply don’t have the man-hours to scour the various sites. 

There was some survey we got last year (can't remember the source, either 
EDUCAUSE or an internal one) that said that students just don't open tickets - 
the vast majority of the time they are going to friends for assistance, which 
of course leads to all sorts of wacky or outright wrong solutions for things.  

If we even do get tickets, the challenge then becomes getting the student to 
respond to us to set up a time to troubleshoot.  

Moving forward, we're going to be looking at some targeted surveys this year to 
see if we can get more actionable data.  

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site:  PGP Public 
Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco ISE 1.4 Domain trust is one-way

2015-10-08 Thread Mathieu Sturm

Hello Colleagues

I'm currently testing CISCO ISE 1.4 because we have 2 x CISCO ISE 1.2 that I 
want to upgrade. Since we have a one-way trust with another university I tested 
this as well.
Unfortunately I found out that version 1.4 explicitly doesn't support one-way 
trusts. Is there a workaround? Or a patch (no patches installed yet).

Best regards

Mathieu Sturm
Hoofdmedewerker Server - en netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
T + 32 92433523
mathieu.st...@hogent.be
HoGent.be


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

2015-08-12 Thread Mathieu Sturm

I agree with Frans, the users in general don’t have the knowledge to decide. 
They will see 5Ghz, google it and see: oh it’s faster. They don’t realize other 
factors could make 2.4Ghz the better choice. We have one SSID and let the 
devices make the right choice.

Mathieu Sturm
Hoofdmedewerker Server – en netwerkbeheer
--
[http://www.hogent.be/www/assets/Image/maillogo.png]

Hogeschool Gent
Dienst Financiën en ICT
Valentin Vaerwyckweg 1
BE-9000 Gent
T + 32 92433523
mathieu.st...@hogent.be
HoGent.be



Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Frans Panken
Verzonden: woensdag 12 augustus 2015 8:31
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

Paul,
I am not a supporter of this. Mainly because I think Wi-Fi knowledge for the 
end-user should be minimised. Users should just see the SSID and connect; 
options to choose from should be minimized. The most important thing users must 
learn is checking the correctness of the  Radius server to whom they give their 
credentials. For the rest, the device and the Wi-Fi infrastructure should do 
their very best in serving Wi-Fi users optimaly.

Devices in general do a rather good job in selecting the best band. Besides, 
users have insufficient knowledge in making the right choice between the 2,4Ghz 
and 5Ghz bands. Note that choosing 5Ghz is simply not always the best choice.  
If you're too far away from the AP (or because of whether channels or 
interference on the 5Gh band), the 2,4Ghz band may be the better choice. Good 
devices switch between the frequencies, to serve users best. You disable that 
function by introducing separate SSIDs for both bands.
-Frans
Paul Sedy schreef op 11/08/15 om 22:22:
Hello everyone,

We are a Cisco shop and have, up until now, employed a single SSID for 
students, supporting both 2.4 Ghz and 5Ghz connections.  During this summer, we 
have been working to develop sufficient AP density to ensure good 5Ghz cells 
throughout our dorms.  In the past, we have seen numerous instances of poorer 
performance on the 2.4 Ghz spectrum, but up to this point, have relied on the 
client to make the decision between these two options.

We are thinking of deploying two separate SSIDs, a 5Ghz network and a 2.4 Ghz 
network, that are exclusive in order to promote a better experience for the 
students with devices capable of 5Ghz connectivity.  We would probably use the 
original SSID name with an appended (5 Ghz) or (2.4 Ghz).

Are any of you currently employing this type of configuration and how well has 
it worked for you?

We would appreciate any insights that anyone might have.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edumailto:rps...@masters.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree Portfast Out-of-Box

2015-08-11 Thread Mathieu Sturm

I’ve seen 2702’s doing this as well. Was amazed when I looked in the log of my 
switch when I couldn’t figure out why the ports got disabled. Wrong MAC address 
is also one of the problems we’re having with the 2702’s. Don’t know what they 
have been doing with these pre-loaded images on them. These images should have 
been tested better at Cisco…

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Lee H Badman
Verzonden: dinsdag 11 augustus 2015 14:36
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree 
Portfast Out-of-Box

Thanks, Oliver- so this is known… good to know. So far I’m not finding a 
specific bug ID doing searches. Would you have any link, by chance?

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver Elliott
Sent: Tuesday, August 11, 2015 8:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree 
Portfast Out-of-Box

We had this behaviour on a batch of 2702s, the firmware that was preloaded had 
this bug that went away once the associated and upgraded. It's a right pita 
changing the port config to get them to connect, then reverting it later, but 
not as bad as the other firmware bug causing APs to use the wrong MAC address 
until they upgraded.

On 11 August 2015 at 13:21, Lee H Badman 
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
Wondering if anyone has seen similar with Cisco APs: On switchports that have 
been fine for other Cisco APs, a run of new 3702s are going into error disable. 
If you turn on the ability to see why in the switch, the APs – only when new 
out of box—are sending BPDUs to ports that have Spanning-Tree Portfast on as a 
rule.

If you remove portfast, the new 3702s go off to the WLC just fine, get updated 
for code, and then work as expected. You can restore spanning-tree portfast, 
reboot the APs (that are no longer “out of box”) and they behave fine on the 
portfast-enabled ports.

I’ve not seen this behavior with any other Cisco AP, and I don’t think it 
happened with our earliest 3700s, either.

Does this oddity ring familiar with anyone?

Thanks-

Lee

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.eduhttp://its.syr.edu
SYRACUSE UNIVERSITY
syr.eduhttp://syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
Oliver Elliott
Senior Network Specialist
IT Services
University of Bristol
e: oliver.elli...@bristol.ac.ukmailto:oliver.elli...@bristol.ac.uk
t: 0117 39 (41131)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Config Archive / Diff / Change Management

2015-07-30 Thread Mathieu Sturm

We use the solarwinds cattools. Works well and good support.
We have Cisco/HP/Fortinet environment

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Wesley Troy Scott
Verzonden: woensdag 29 juli 2015 23:56
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Config Archive / Diff / Change Management


We use Solarwinds NCM in a mixed environment that includes Juniper. Works well 
and integrates with other products they sell.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
on behalf of Leja, Maciej mle...@depaul.edumailto:mle...@depaul.edu
Sent: Wednesday, July 29, 2015 3:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Config Archive / Diff / Change Management

We use RANCID with a mixed Juniper/ Cisco/ Ciena environment and have no issues 
at all.  Can't beat free when it works.

Maciej Leja
DePaul University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of 
Curtis K. Larsen
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Date: Monday, July 27, 2015 at 3:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Config Archive / Diff / Change Management

Hello,

I'm looking for a tool that emails when WLC or Switch configs are changed for a 
growing Network team mostly to keep everyone abreast of changes.  Years ago 
(like 8 years ago) we used RANCID, an open source product that was quite nice, 
but I have a feeling there are maybe a few better options these days.  What we 
like about RANCID was that it was free, that it sent emails with line by line 
configuration diff on the changed device, and that it worked with other 
non-Cisco products as well.  We have some Foundy switches, a lot of Juniper 
firewalls, etc.  Please let me know if you know of anything that fits the bill.


Thanks,

Curtis Larsen
University of Utah
Sr. Network Engineer

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] Cisco 8540 Code Recommendation, Based on Stability?

RE: [WIRELESS-LAN] android 11 upcoming changes Feb 15th 2021

RE: android 11 upcoming changes Feb 15th 2021

Cisco licensing - alternative vendors

RE: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Transitioning from older controller to new controller

RE: [EXTERNAL] Re: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

RE: [WIRELESS-LAN] Cisco 8.10.130.0 eduroam issues

Cisco 8.10.130.0 eduroam issues

RE: WLC 8.10.122 Bug

RE: WLC 8.10.130

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: [WIRELESS-LAN] WLC & ISE combo issues

RE: WLC & ISE combo issues

WLC & ISE combo issues

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

RE: [WIRELESS-LAN] student residential routers?

RE: [WIRELESS-LAN] Access Point Failure Rate

RE: [WIRELESS-LAN] Cisco WLC5508

RE: [WIRELESS-LAN] Cisco WLC Software Version of the Month Club Chat.

RE: Mac Pop UP Error

RE: [WIRELESS-LAN] Measuring User Experience

Cisco ISE 1.4 Domain trust is one-way

RE: [WIRELESS-LAN] Exclusive 2.4 Ghz and 5 Ghz SSIDs

RE: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree Portfast Out-of-Box

RE: [WIRELESS-LAN] Config Archive / Diff / Change Management

30 matches

Site Navigation

Mail list logo

Footer information