RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[McClintic, Thomas]

We had disabled "Prohibit ARP Spoofing" at one point to appease the 14+ code. 
The issue was resolved in a later release and we enabled it again.

We are not currently seeing any issues 8.5.0.11, moving to 13 now.

Thanks

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Wednesday, September 1, 2021 4:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


 EXTERNAL EMAIL 
We feel your pain, Patrick!  Keep up the good fight.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Patrick McEvilly
Sent: Wednesday, September 1, 2021 5:25 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

I will hold off on providing details for now but when you have to push a code 
upgrade in the middle of the day on the first day class it's been a rough day.  
We hit some major issues related to STM and then other fall out after doing the 
required code upgrade.  We pushed the changes below at 2am this morning.  It 
did help a bit, but issues resurfaced again at 10am.  We are still on a call 
with Aruba TAC and don't have anything at this time to share that would help 
others.

Patrick



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Wednesday, September 1, 2021 at 5:13 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

To all chiming in regarding the Aruba issues - thank you! I love seeing the 
collaboration and detail sharing.

Chad - will be curious to hear if you push the band-aids to production and 
re-enable airwaves, if this helps your situation.

-Cody


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Street, Chad A
Sent: Wednesday, September 1, 2021 3:01 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)


Cody and all...

We are also seeing STM spikes that are impacting associations.

We have also disabled all our polling ( Airwave, Orion, etc ) and reduced the 
client load balancing thresholds so that we have around 4K clients per 
controller.  This seemed to help a great deal.  After working with Aruba today, 
my understanding of the primary cause of the STM spikes is due to the MM 
polling the MCs.  With large client loads on the MCs ( combined with all the 
other SNMP polling going on ), this seems to take longer and sometimes does not 
work.  When it does not work, it bootstraps which spikes the STM process.

The suggested band-aid is to block the GUI polling traffic between the MM and 
MC.  You will lose the GUI information from your MM, but all the MC information 
is still present.  We have applied this to our lab and we are going to push to 
production tonight to see if it helps.  If it does help, we plan on turning 
back up our monitoring tools ( Airwave ).

fingers crossed

here is how to block the traffic:
cd /md/yourrootlocation
firewall-cp
 ipv4 deny any proto 6 ports 15260 15261 position 1
!

Chad
chad.str...@emory.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Cody Ensanian mailto:censa...@uccs.edu>>
Sent: Wednesday, September 1, 2021 11:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the 
fall with large classrooms and delayed connection times (Aruba 8.5.0.13)


I'm hearing issues of high cpu utilization for STM on the controllers causing 
issues. Maybe check your controllers and see if you are seeing the high cpu use 
for STM. Heard earlier today from our SE that Aruba has "identified the issue 
and is working on a fix." I suggest opening the TAC case so they can track it 
better, and help them hone in on a fix better. We're seeing the high cpu use on 
one of our controllers (but this 

RE: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation

[McClintic, Thomas]

Trent,

Are you saying users need to manually select or the auto-detect is working 
properly now?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hurt,Trenton W.
Sent: Thursday, August 12, 2021 7:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation


 EXTERNAL EMAIL 
FYI

Looks like securew2 has fixed just need to republish your profile

Our team had fixed the issue we noticed and the users should now be able  to 
switch the OS in the section "Select your device" from "Mac OS Catalina and 
above" to "iPhone/iPad".



Sent from my mobile device.

Trent Hurt

5028521513

University of Louisville







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Hurt,Trenton W. 
mailto:trent.h...@louisville.edu>>
Sent: Wednesday, August 11, 2021 5:46:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.
I've seen it on 3 iPad Pro 12.9 gen5 iPadOS 14.6 and 14.7.1.  All show as 
Catalina but once disable desktop mode they detect as iPhone/iPad and onboard 
fine

Sent from my mobile device.

Trent Hurt

5028521513

University of Louisville







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Norton, Thomas (Network Operations) 
mailto:tnort...@liberty.edu>>
Sent: Wednesday, August 11, 2021 5:25:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Securew2 users with 
new iPad Pro 5th generation


CAUTION: This email originated from outside of our organization. Do not click 
links, open attachments, or respond unless you recognize the sender's email 
address and know the contents are safe.
Will double check our end as well, was testing the latest profile on my iPad 
pro today and did seem to detect properly using safari with profiles.

 Will test further tomorrow.


T.J. Norton
Wireless Network Architect
Network Operations

(434) 592-6552

[http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

Liberty University  |  Training Champions for Christ since



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Turner, Ryan H 
mailto:rhtur...@email.unc.edu>>
Sent: Wednesday, August 11, 2021 5:06 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [External] Re: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th 
generation



[ EXTERNAL EMAIL: Do not click any links or open attachments unless you know 
the sender and trust the content. ]



I had this anecdotally reported to me today but was waiting to report it until 
I got some more information.  I will forward this on.



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hurt,Trenton W.
Sent: Tuesday, August 10, 2021 2:44 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Securew2 users with new iPad Pro 5th generation



I'm seeing the latest iPad Pro gen 5 not getting detected correctly with 
securew2 in any browser I tried.  I've updated to latest 14.7.1 but saw this on 
14.6 as well.  The device is getting detected as OS X Catalina or above and 
even if I try manually selecting iPad from drop down on the webpage it goes 
back to Catalina device.I have the latest joinnow deployed from admin page 
as well for my onboard profile and still having this issue.  Has anyone seen 
this and or reported to securew2?



Sent from my mobile device.



Trent Hurt



5028521513



University of Louisville













**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

[McClintic, Thomas]

I didn’t say how long  399 days is long in today’s terms

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Monday, August 9, 2021 8:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 
“The validity period is very long.”

Now you did it, Thomas. You realize you’re about to get scolded…. ☺

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems<https://urldefense.proofpoint.com/v2/url?u=https-3A__answers.syr.edu_display_network_Wireless-2BNetwork-2Band-2BSystems=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=qftqxa8_XshNDFt7IhGPSCNJH2pu4kC8v_3dItjnQVI=UT9xnaZsfx9qhmHaKFPQm5_cTGvz1QMJyATI9wIgwFU=>
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: Monday, August 9, 2021 9:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

We use an internal CA signed server certificate without issue for EAP-TLS. We 
are currently using Clearpass onboard & moving to SecureW2.

We previously used Incommon for server CA and are much happier with using a 
private CA for the server certificate. The validity period is very long.

I would not use different server certificates, I imagine clients receive 
certificate warnings which you would not want them to be comfortable bypassing.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Julian Y Koh
Sent: Monday, August 9, 2021 8:29 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 


On Aug 9, 2021, at 07:56, Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>>
 wrote:

Lets not go down this rabbit hole again.


I thought there was a picture of a rabbit and a hole in the dictionary next to 
“mailing list” and “USENET”.   :)

Or is that just in reference to NANOG and IPv6?  :) :) :)

--
Julian Y. Koh
Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
<https://www.it.northwestern.edu/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.it.northwestern.edu_=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=o2Qoz18b7NZxD8_TltdEQU4Bm3kFNqed1GpbmPd61mI=>>
PGP Public Key: 
<https://bt.ittns.northwestern.edu/julian/pgppubkey.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__bt.ittns.northwestern.edu_julian_pgppubkey.html=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=SrMTHgnct1wtNJmvWkrNmfwSap6Bw6DBCXlbilpja0w=>>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=H0ob6ER9LpWFGl0_Fqoxfc26IcKIeVTLpSQWKmnC3RY=1b4utzeZvNDjJt6NyemCC2WGcBK4dpxomWmrdaBfQg4=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=qftqxa8_XshNDFt7IhGPSCNJH2pu4kC8v_3dItjnQVI=2aw0i_KLrKLzQ0J1mgmyFsBRUbf8SMW4DpXib6XZTZg=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information 

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

[McClintic, Thomas]

We use an internal CA signed server certificate without issue for EAP-TLS. We 
are currently using Clearpass onboard & moving to SecureW2.

We previously used Incommon for server CA and are much happier with using a 
private CA for the server certificate. The validity period is very long.

I would not use different server certificates, I imagine clients receive 
certificate warnings which you would not want them to be comfortable bypassing.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Julian Y Koh
Sent: Monday, August 9, 2021 8:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root


 EXTERNAL EMAIL 



On Aug 9, 2021, at 07:56, Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
 wrote:

Lets not go down this rabbit hole again.


I thought there was a picture of a rabbit and a hole in the dictionary next to 
“mailing list” and “USENET”.   :)

Or is that just in reference to NANOG and IPv6?  :) :) :)

--
Julian Y. Koh
Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
>
PGP Public Key: 
>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: Multi sim 4G routers

[McClintic, Thomas]

+1 for cradlepoint.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Travis Geske
Sent: Wednesday, July 21, 2021 9:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Multi sim 4G routers


 EXTERNAL EMAIL 
We use CradlePoint and have been very happy with their products.


Travis Geske
Director of Network Infrastructure
MCP,MDAA,NCP-MCI,ECSE
 
#2597,HYCU
 
Admin
Information Technology
John A. Logan College
700 Logan College Road
Carterville, IL  62918
O:618-985-2828 x.8670
www.jalc.edu
[JALC IT email signature jpg]




From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hales, David
Sent: Wednesday, July 21, 2021 9:12 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Multi sim 4G routers


[EXTERNAL SENDER]
This message did not originate from John A Logan College.  Please report any 
suspicious attachments, links, or requests for sensitive information.
While I didn't end up using the multi-sim support, I've used these cellular 
routers for remote locations in the past.  They're pretty good products, 
support dual SIM, battery backup or PoE, and external antennae.

https://www.digi.com/products/networking/cellular-routers/enterprise/digi-6310-dx

David Hales
Network Systems Administrator

Information Technology Services
Tennessee Tech University
1010 N. Peachtree Av., CLEM117
Cookeville, TN 38505
P: 931-372-3983
E: dha...@tntech.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Luke Whitworth
Sent: Wednesday, July 21, 2021 8:54 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Multi sim 4G routers


External Email Warning

This email originated from outside the university. Please use caution when 
opening attachments, clicking links, or responding to requests.


Hi all,

We've got a requirement to support some learning spaces in remote locations.  
We use Aruba wireless so if we can have some remote APs there, we just need to 
work out how to backhaul them.  In the past I've resorted to a Raspberry Pi and 
a 4G USB dongle (as although some Aruba access points have USB modem support it 
was a nightmare that I gave up on).  However, for this people are wanting more 
bandwidth and resiliency, and a plug in and go solution.  I've found 

RE: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[McClintic, Thomas]

Unfortunately $3000-$4000 per engineer per year is outside our annual budget 
for wireless survey software. We simply don’t use it often enough to justify 
that. We need the flexibility for each engineer to have an ability to survey 
when needed.

iBwave won’t make our list with that pricing as Ekahau would actually be less 
for us. However, they do look like a good competitor to Ekahau with their suite 
of training and such. Thank you for bringing it to the table.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Manon Lessard
Sent: Monday, July 19, 2021 8:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives


 EXTERNAL EMAIL 
IBwave is indeed not in your list and it should be, and their subscription 
model for the software is interesting.
They are up here in Montreal and have a knowledgeable team.


Manon Lessard
Chargée de programmation et d’analyse
CCNP, CWNE #275, AWA 10, ESCE Design
Direction des technologies de l'information
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada

418 656-2131, poste 412853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca<mailto:manon.less...@dti.ulaval.ca>
www.dti.ulaval.ca<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dti.ulaval.ca_=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=dOxktWYJQwCMOmqOVXf6iO8d0utCJtV64bVUAAF6_9U=ohr-_6gx0hkUVZNCJF9_GuV1lYI8G0ykZZdAUEtwSTw=>

Avis relatif à la confidentialité | Notice of 
Confidentiality<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.rec.ulaval.ca_lce_securite_confidentialite.htm=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=dOxktWYJQwCMOmqOVXf6iO8d0utCJtV64bVUAAF6_9U=6tDks_-AAqCIqqCVYgn1nF8duF15-29KEPe4zpSS5YY=>



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Paul Smith 
mailto:p.a.sm...@bristol.ac.uk>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, July 19, 2021 at 9:50 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

Depends on your needs, for me as annoying as their licencing hounds have become 
since the acquisition there is nothing that remotely matches the Ekahau 
offering at this point. I’m sure the community annoyance is being noticed by 
the likes of NetAlly AirMagnet and iBwave though. I’d add those to your list to 
evaluate.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: 19 July 2021 14:44
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

Thanks everyone for the feedback, it sounds like many of us are in the same 
boat.

We like Ekahau, but I’m always open to other options on any products we use. 
Here is a list of options I’m flirting with and would love to know if anyone 
has utilized them.

VisiWave - $849
TamoGraph  - $1399
Acrylic - $879 ($2199 perpetual)

I’ve used Acrylic products for personal use and the value was incredible.

We have had AirMagnet in the past and I feel the price they spend on R 
doesn’t justify the cost. If someone has recent experience and seen 
improvements with that software let me know. For around $4000 per seat I just 
don’t see the value.

On a side note, both the compliance manager and our account manager are in the 
in the Philippines. In the past we had local team contacts, not sure where in 
the last few years that changed, but I find it interesting. All of my previous 
contacts are no longer with the company.

TJ McClintic

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Rick Brown
Sent: Monday, July 19, 2021 8:06 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives


 EXTERNAL EMAIL 
In some ways having it tied to the Sidekick was better in that it did allow 
multiple users but not simultaneously.  The problem there was most IT policies 
on campuses these days don't allow multiple uses of a single device without it 
being tied to an individual login.   I certainly don't want to share my iPad.


 It would be good if they'd take a closer look at university users and 
determine a way to allow for multiple users but only the number of licenses 
purchased simultaneously.   This would mean that you couldn't work they files 
unless the Sidekick was present

RE: [WIRELESS-LAN] Ekahau Licensing & Alternatives

[McClintic, Thomas]

license.   It was frustrating for us since one engineer only designs part time, 
but it’s the cost of doing business.

Just my $0.02 worth.

Rick



On Jul 18, 2021, at 6:52 PM, Phill Solomon 
<0150915d379b-dmarc-requ...@listserv.educause.edu<mailto:0150915d379b-dmarc-requ...@listserv.educause.edu>>
 wrote:

Hi TJ,

I am glad this not just us – we don’t use the software / sidekick often and 
usually outsource new surveys. We are being asked to purchase / renew with 
Connect – I can see why we would need it if we only do rare survey.   I would 
however like the ability to read the survey files that we get commissioned  - I 
hear that there is soon to be a ‘read only version’ cany anyone confirm this?

Any alternate products?

Thanks..


Phill Solomon
Senior Technical Lead (Network Engineering)
Deakin University, IS - AV & Networks,  ICT Infrastructure Services, eSolutions

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: Friday, 16 July 2021 12:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Ekahau Licensing & Alternatives

We have 2 Ekahau licenses tied to Sidekicks. We use a team cloud account for 
uploading projects, with the understanding that using the software requires the 
Sidekick to be attached to the machine.

Ekahau has notified us that this is not compliant with their licensing terms 
and we need to purchase a license for each user or transfer the license each 
time a user needs the software. The first option is too costly for how much we 
survey. The second option is cumbersome and not what we want to deal with each 
time someone is out and another engineer needs to survey.

So, we are looking at alternative software for doing our surveying. We only 
survey a couple of buildings a year but have experience on our team to reduce 
costs of using outside services.

If you are doing in-house surveying, what software are you using? How does 
their licensing model work for your team? What are the strengths and weaknesses 
of the software you use?

Thank you ahead of time for any responses.

TJ McClintic


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMDaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=A621fhtTcS6kkFCaCCBHtXedf316XBFHuHv61x1PzSs=_dp9Dh04goo-OwU86aOSuaUPaF0_veZmdS7Z3WWVVtI=>

Important Notice: The contents of this email are intended solely for the named 
addressee and are confidential; any unauthorised use, reproduction or storage 
of the contents is expressly prohibited. If you have received this email in 
error, please delete it and any attachments immediately and advise the sender 
by return email or telephone.

Deakin University does not warrant that this email and any attachments are 
error or virus free.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMDaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=A621fhtTcS6kkFCaCCBHtXedf316XBFHuHv61x1PzSs=_dp9Dh04goo-OwU86aOSuaUPaF0_veZmdS7Z3WWVVtI=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMDaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=A621fhtTcS6kkFCaCCBHtXedf316XBFHuHv61x1PzSs=_dp9Dh04goo-OwU86aOSuaUPaF0_veZmdS7Z3WWVVtI=>


--
[http://www.mc.edu/signature/logo.gif]

dan b. lauing ii | CWNE #402
Wireless Network Engineer
Mississippi College






CONFIDENTIALITY STATEMENT:

This communication may contain confidential information.  If you are not the 
intended recipient or if you are not authorized to receive this communication, 
please notify and return the message to the sender, then delete this 
communication including any attachments.  Unauthorized reviewing, forwarding, 
copying, distributing or using this information 

Ekahau Licensing & Alternatives

[McClintic, Thomas]

We have 2 Ekahau licenses tied to Sidekicks. We use a team cloud account for 
uploading projects, with the understanding that using the software requires the 
Sidekick to be attached to the machine.

Ekahau has notified us that this is not compliant with their licensing terms 
and we need to purchase a license for each user or transfer the license each 
time a user needs the software. The first option is too costly for how much we 
survey. The second option is cumbersome and not what we want to deal with each 
time someone is out and another engineer needs to survey.

So, we are looking at alternative software for doing our surveying. We only 
survey a couple of buildings a year but have experience on our team to reduce 
costs of using outside services.

If you are doing in-house surveying, what software are you using? How does 
their licensing model work for your team? What are the strengths and weaknesses 
of the software you use?

Thank you ahead of time for any responses.

TJ McClintic



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Lead time for Wi-Fi gear?

[McClintic, Thomas]

We ordered about 400 535 APs and the lead time was about 6 weeks. We did accept 
partials which we were told would expedite the delivery. These were received 
about 2-3 weeks ago.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Thursday, May 20, 2021 9:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Lead time for Wi-Fi gear?


 EXTERNAL EMAIL 
Most of the time we receive APs in two weeks or less.  There is a supply chain 
problem right now for some AP models, but six months is much longer than any 
delays I've heard about.  You may want to contact your VAR or Aruba yet to see 
the best way to go.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Mike Atkins
Sent: Thursday, May 20, 2021 10:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Lead time for Wi-Fi gear?

What's the word on lead time for your Wi-Fi gear?  We are primarily Cisco but 
have some Aruba and see ship times six months out.  Is that what everyone else 
is seeing?  I know some Meraki gear can be shipped within a week or so.  I just 
wanted to get a feel from the group as to what they hear on the street.








--




Mike Atkins
Infrastructure Architect
Office of Information Technology
University of Notre Dame
Phone: 574-631-7210



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: 802.1X, onboarders, continued

[McClintic, Thomas]

We are still in the adoption stage of our EAP-TLS w/ onboarding. We use 
Clearpass Onboarding. I have not found an issue with the system, but users are 
often frustrated with the steps required.

This is not a fault of Clearpass, I believe; but has led us to seek other 
options to improve adoption by users.

None of this answers your first two questions, but I thought I'd chime in on 
our experience.

To your third question, I would LOVE to keep only managed devices on EAP-TLS 
and remove any requirements for onboarding/security for personal devices. Then, 
restrict access on personal devices to our normal internet facing services. 
However, this just doesn't seem like a model supported by staff. The viewpoint 
is often that they are limited in what they can do. The 2FA requirement is what 
people don't seem to enjoy. The stigma of open WiFi won't be forgotten for some 
time as well.

Thanks for bringing up this conversation Lee.

Please do not use this post as a request for vendor contact.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Tuesday, April 13, 2021 9:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1X, onboarders, continued


 EXTERNAL EMAIL 
AND ANOTHER THING!...

For those using Cloudpath ES or Secure W2, are you on-prem or cloud-based, why, 
and any regrets about the option you went with?

Thanks,

Lee

From: Lee H Badman
Sent: Tuesday, April 13, 2021 9:42 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: 802.1X, onboarders, continued

Thanks for the responses to my last email on onboarders. FWIW, after various 
discussions with a number of people, I find myself with a few more questions:


  *   For your onboarder of choice (focusing on CAT Tool, Cloudpath ES, and 
Secure W2) how responsive is the provider to support issues and OS updates?
  *   Are you using, or have you recently used CAT Tool, Cloudpath ES or Secure 
W2 and found yourself dissatisfied with the tool or vender/provider- and why?
  *   Here's the fun one, asked in complete seriousness: has anyone gone down 
the road of robustly securing staff/"company" devices while turning the general 
wireless network into a wide-open WLAN, relying on other controls to provide 
security?


Any and all feedback welcomed, on list or off.


Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu w its.syr.edu
Campus Wireless Policy: 
https://answers.syr.edu/display/network/Wireless+Network+and+Systems
SYRACUSE UNIVERSITY
syr.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Aruba Wireless- MacBook WiFi slow on 5gHz channels 60-64

[McClintic, Thomas]

Any other Unii-2 or Extended channels enabled on your environment?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jon Marriott
Sent: Wednesday, February 24, 2021 1:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wireless- MacBook WiFi slow on 5gHz channels 60-64


 EXTERNAL EMAIL 
Has anyone using Aruba wireless experienced poor performance for MacBook users 
on channels 60-64 (40mHz channel width)?
We have been getting a lot of tickets for this issue lately with no recent 
changes.
What I know so far:
Wireless is mostly slow but speed fluctuates. Sometimes pages load slowly, 
other times not at all and the Mac reports "no internet". Sometimes it works 
fine for a short period of time.
Only occurs with MacBooks (but not all)
Only reported so far on 200 series APs (AP-205H and AP-225)
Both 60+ and 64- 40mHz channels seem to have the issue.
Happens all across campus, no specific area
AP is usually close to the client and the signal and SNR are great
When the client roams to another AP/channel the problem resolves immediately.

We are on AOS version 8.6.0.7
I do have an open case with Aruba TAC but wanted to see if anyone else has seen 
the issue while I wait.

Jon

--
Jon Marriott
Network Engineer
Library & IT
Bucknell University
570-577-1986





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

[McClintic, Thomas]

Am I understanding correctly that if the CN also exists as a SAN then it is 
accepted?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Tim Cappalli
Sent: Thursday, February 11, 2021 9:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile 
Configuration Variable


 EXTERNAL EMAIL 
Yes, the EAP server certificate subject should be the same eTLD as the 
credential realm.

Said differently, if EAP identity is 
`t...@capptoso.com`, the server certificate should be 
`.capptoso.com`.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jethro R Binks 
mailto:jethro.bi...@strath.ac.uk>>
Date: Thursday, February 11, 2021 at 10:15
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile 
Configuration Variable
Can I drill into this a bit please just be clear on my understanding?

On Thu, 11 Feb 2021, Sweetser, Frank E. wrote:

> "The STA is configured with EAP credentials that explicitly specify a CA
> root certificate that matches the root certificate in the received
> Server Certificate message and, if the EAP credentials also include a
> domain name (FQDN or suffix-only), it matches the domain name
> (SubjectAltName dNSName if present, otherwise SubjectName CN) of the
> certificate [2] in the received Server Certificate message."
>
> In particular, note the bit about SAN if present, otherwise CN.  A
> strict reading of this (which Android appears to follow) means that
> unlike the web browser behavior we're all used to, if there is a dNSName
> in the SAN list, then the CN will not be evaluated in matching the
> client configured domain.  This means that if you have:
>
>
>   *   A client configured domain of myorg.edu
>   *   A server CN of radius.myorg.edu
>   *   A server SAN of radius.myotherorg.edu

Particularly, "EAP credential domain name", as contrasted with the
"Domain" setting in the client discussed earlier.

My understanding is that the "Domain" setting in the client is telling the
client "the radius server must present a certificate with this
subjectAltName/CN".  Equivalent to the Validate server connection /
Connect to these servers settings seen elsewhere?

But "EAP credential domain name" to me means the credentials one provides
to authenticate as, so usern...@myorg.edu say.

Is this saying that the server cert subjectAltName/CN must be "myorg.edu"?
That's not what the common case is now I would say; most radius server
certs would likely carry a name "aaa.myorg.org", "radius.myorg.org" or
somesuch.

Do I misunderstand "EAP credentials also include a domain name (FQDN or
suffix-only)" ??

Reading the document a bit more, "EAP credentials" seems to be a broader
phrase equated to "network profile" (see 5.3.1), so perhaps means "the
bundle of settings including login credentials and Domain of radius server
for validation", so "EAP credential domain name" is referring to the
Domain (for cert validation) ie "radius.myorg.org", not any domain part of
the login credentials ie "myorg.org"?  Is that a correct reading?

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 

RE: [WIRELESS-LAN] Mac wireless issue

[McClintic, Thomas]

We are now investigating an issue with Mac Computers on our Visitor wireless. 
The problem exists on Cisco WLC running 8.5 code. The WLAN is configured Open 
w/ MAC Filtering and ISE NAC. We use Clearpass to push the ACL and Web Redirect.

A packet capture on the client shows nothing going out whatsoever. The client 
is in a DHCP_REQ state although even removing that and assigning a static IP 
does not resolve it. However, if we move the authentication to a development 
server the issue is not seen. At this time we are suspecting something within 
the timing of the association is causing the issue. The state of AAA pending on 
production is about 300ms and in development is about 30ms.

Sadly with limited students on campus I haven't identified if it is specific to 
certain versions of MacOS, although all Catalina seem to present with issue.

Our Aruba environment has no issues and the process on the CPPM side is similar 
with MAC Auth taking about 300ms.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Anthony Croome
Sent: Wednesday, October 14, 2020 7:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue


 EXTERNAL EMAIL 
Hi Tariq

Running WLC 8540 on 8.10.130.0 code with predominately 3702/3802 WAPs.  Still 
some 3502/3602 on WISM2s with 8.5.161.0 code.  Doesn't appear to be a specific 
to a model of AP.

Anthony

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Tariq Adnan
Sent: Thursday, 15 October 2020 10:09 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

Hi Anthony,

What code you are running on your WLC? Is the issue specific to particular 
model of APs.
We have not come across any such issue - perhaps there are not many people on 
the campus.

Thanks,

-
Cheers,

Kind regards,
Tariq Adnan

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Anthony Croome
Sent: Thursday, 15 October 2020 9:55 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

Sharing a summary of macbook suggestions seen on the internet for poor 
performance, stuck on 2.4GHz, zoom, etc:

- delete the wifi network on macbook, add a new location and assign it the wifi 
network
- disable "Use your Apple Watch to unlock apps and your Mac"
- delete the wifi service and re-add (ie "delete the selected service")
- check/fix country code on macbook wifi interface
- doing an SMC, PRAM, and NVRAM reset
- upgrading or downgrading the firmware on the wifi card
- uninstalling/reinstalling Zoom (for zoom specific issues)

I am still waiting on feedback from affected users whether any item in the list 
made things better.  Maybe the next Cisco WLC 8540 code upgrade will help.

Anthony
QUT


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Anthony Croome
Sent: Friday, 9 October 2020 11:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Mac wireless issue

We also have plenty of apple laptop users complaining about wifi performance.  
We have at least one macbook user who seems not to be able to connect to 
u-nii-1 channels and falls back to 2.4GHz.  One suggestion I read today was to 
'turn off unlock with Apple Watch and reboot'.

Anthony


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jeffrey D. Sessler 
mailto:j...@scrippscollege.edu>>
Sent: Thursday, 8 October 2020 9:45 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Mac wireless issue


What channels are the impacted AP's running on?



A few weeks ago I had a similar issue (Cisco wireless), My Mac laptop would 
attach to our WPA2 network no problem - auth was successful (5 GHz), but would 
never get an IP. If I walked the Mac laptop (running Catalina) into rage of 
another AP (also 5GHz), it worked perfectly. Same switch, same AP type, with 
the only difference being the channel the AP was on. I could replicate this in 
another area, where a user reported a similar issue.   I don't have my notes in 
front of me, but I believe the problematic AP's were on unni-3 channels, and 
the ones that were OK, were not.  With COVID, students remote, and work from 
home, I've not had time to go back in to the campus and really drill into it.



There had been no reported problems when our campus closed in March, and no 
changes to our wireless deployment since that date.



Jeff







From: The EDUCAUSE Wireless Issues Community Group Listserv 

RE: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba Controllers

[McClintic, Thomas]

We have an MM/MC dual 7220 Cluster running 8.5.0.9 / AP300,AP500 series 
Deployed.

Thanks,
Nick Rauer
Manager of Networking and Telecommunications
Wheaton College - Massachusetts


From: The EDUCAUSE Wireless Issues Community Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Hulko
Sent: Monday, September 21, 2020 1:10 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba 
Controllers

Yup.. we had to disable the "Arp Spoof" settings in the IDS profiles.  We have 
other irons in the fire so we are not able to do much to investigate this issue 
at this time.

M

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@listserv.educause.edu>> 
on behalf of "McClintic, Thomas" 
mailto:thomas.mcclin...@uth.tmc.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@listserv.educause.edu>>
Date: Friday, September 18, 2020 at 11:46 AM
To: 
"WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educause.edu>" 
mailto:WIRELESS-LAN@listserv.educause.edu>>
Subject: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba Controllers

We have begun seeing an impact with iOS 14 on our various SSIDs with ARP 
Spoofing events. We had not seen an event this year until July 9th (the date 
beta was released). There has been a large increase since the 16th of the 
events.

The events seem to occur randomly as we are starting to troubleshoot. They 
still occur even when clients disable the privacy setting for the network.

Since our blacklist interval is set to 30 minutes this is causing an 
interruption of service when it occurs.

Has anyone else seen similar events? I have opened a TAC case to assist.

Thanks

TJ McClintic
UTHealth | The University of Texas Health Science Center at Houston
Houston's Health University

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D02-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C38601f9a89df4dc31c3208d85e68c71c-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637363151406259049-26sdata-3D2p4QXPBnzpPDSMXNjtihSWT7n9Ia1hY8tvaS-252BGuvSHo-253D-26reserved-3D0=DwMF-g=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=UKqLChHroj5t4bf2b9v3NYYw7RPa8bx7dDp3kMs7BzY=KJChOjh1OH-_cLvmTqt6nO8jxMCsACmpKO7EPSTF36Y=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D02-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C38601f9a89df4dc31c3208d85e68c71c-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637363151406259049-26sdata-3D2p4QXPBnzpPDSMXNjtihSWT7n9Ia1hY8tvaS-252BGuvSHo-253D-26reserved-3D0=DwMF-g=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=UKqLChHroj5t4bf2b9v3NYYw7RPa8bx7dDp3kMs7BzY=KJChOjh1OH-_cLvmTqt6nO8jxMCsACmpKO7EPSTF36Y=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D02-257C01-257Ctim.cappalli-2540MICROSOFT.COM-257C38601f9a89df4dc31c3208d85e68c71c-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C0-257C637363151406269044-26sdata-3DDU3GYLA7XVM4OgHZXqmEvea5TNxQYP3pDl90GTjD1rY-253D-26reserved-3D0=DwMF-g=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=UKqLChHroj5t4bf2b9v3NYYw7RPa8bx7dDp3kMs7BzY=xDJGlwQOhtbAAL-SaJlZE8Hz1zghX0Elgpv4d-U-NMw=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to th

RE: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba Controllers

[McClintic, Thomas]

Yes, we have disabled it for now. No real easy way to troubleshoot since it is 
global. I tried to capture it occurring, but wasn’t able. Logs don’t tell you 
much at all. With more people upgrading; the impact increases and it’s not 
worth leaving on for now.

Hopefully Aruba identifies the reason and can provide resolution.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Michael Hulko
Sent: Monday, September 21, 2020 12:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba 
Controllers


 EXTERNAL EMAIL 
Yup.. we had to disable the “Arp Spoof” settings in the IDS profiles.  We have 
other irons in the fire so we are not able to do much to investigate this issue 
at this time.

M

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@listserv.educause.edu>> 
on behalf of "McClintic, Thomas" 
mailto:thomas.mcclin...@uth.tmc.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@listserv.educause.edu>>
Date: Friday, September 18, 2020 at 11:46 AM
To: 
"WIRELESS-LAN@listserv.educause.edu<mailto:WIRELESS-LAN@listserv.educause.edu>" 
mailto:WIRELESS-LAN@listserv.educause.edu>>
Subject: [WIRELESS-LAN] iOS 14 Causing ARP Spoofing Events on Aruba Controllers

We have begun seeing an impact with iOS 14 on our various SSIDs with ARP 
Spoofing events. We had not seen an event this year until July 9th (the date 
beta was released). There has been a large increase since the 16th of the 
events.

The events seem to occur randomly as we are starting to troubleshoot. They 
still occur even when clients disable the privacy setting for the network.

Since our blacklist interval is set to 30 minutes this is causing an 
interruption of service when it occurs.

Has anyone else seen similar events? I have opened a TAC case to assist.

Thanks

TJ McClintic

UTHealth | The University of Texas Health Science Center at Houston
Houston’s Health University

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=oZGyyvmT_P5eABCP2MCaFxzjq2q2Mahq_CnLoIIKT4E=tas7UPV-8iPM2CoKNhUPAm4xT1oGaqHZDNfrHQuyfhQ=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community=DwMGaQ=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=oZGyyvmT_P5eABCP2MCaFxzjq2q2Mahq_CnLoIIKT4E=tas7UPV-8iPM2CoKNhUPAm4xT1oGaqHZDNfrHQuyfhQ=>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

iOS 14 Causing ARP Spoofing Events on Aruba Controllers

[McClintic, Thomas]

We have begun seeing an impact with iOS 14 on our various SSIDs with ARP 
Spoofing events. We had not seen an event this year until July 9th (the date 
beta was released). There has been a large increase since the 16th of the 
events.

The events seem to occur randomly as we are starting to troubleshoot. They 
still occur even when clients disable the privacy setting for the network.

Since our blacklist interval is set to 30 minutes this is causing an 
interruption of service when it occurs.

Has anyone else seen similar events? I have opened a TAC case to assist.

Thanks

TJ McClintic

UTHealth | The University of Texas Health Science Center at Houston
Houston's Health University

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on CA certificates

[McClintic, Thomas]

I have upgraded to Android 11, removed all user certificates and onboarded with 
Aruba QuickConnect. I am able to connect, but can verify that the setting is 
now 'Do No Validate' for server certificate.

I downloaded and installed the certificate with the long instructions below. I 
was able to change to 'Use System Certificates' and update domain.

This is far from ideal in my opinion.

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Higgins, Benjamin J
Sent: Friday, September 11, 2020 8:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 
tightens restrictions on CA certificates

  EXTERNAL EMAIL 

Can confirm that this "feature" has prevented SecureW2 from onboarding Android 
11 devices to our network.  While the app appears to *deliver* the certificates 
- they are in the drop down when you edit the WiFi Profile - if you attempt to 
connect to the network is sits and spins.  If you edit the profile again, you 
will find that the SecureW2 delivered certificate is no longer in the drop down 
list.  Only "Use system certificates" or "Do not validate" is there...

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jonathan Waldrep
Sent: Friday, September 11, 2020 8:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on 
CA certificates

On 2020-09-10 22:19:21, Johnson, Christopher wrote:
> This popped up in my news feed, that's going to affect the user experience 
> even more for onboarding apps for those with private CAs I'd imagine.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__nam03.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fhttptoolkit.tech-252Fblog-252Fandroid-2D11-2Dtrust-2Dca-2Dcertificates-26amp-3Bdata-3D02-257C01-257Cbjhiggins-2540WPI.EDU-257C5ac7d0e54c9043231cc208d8564faaa5-257C589c76f5ca1541f9884b55ec15a0672a-257C0-257C0-257C637354247483916966-26amp-3Bsdata-3DOLv50t-252FT-252Fjj9eK1Dhj05DgE2YspIyuAKrdT5HIbpQs8-253D-26amp-3Breserved-3D0=DwIFAg=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=EIjL_Sz_V0_7qwiC9Vr9UGpKyxiqtzjgT-kVvBf99pE=BBAbHepRrWpyDU_wQzMFGJSYfok-E7D1A152G3FPtyU=
>
> "In Android 11, to install a CA certificate, users need to manually:
>
>   *   Open settings
>   *   Go to 'Security'
>   *   Go to 'Encryption & Credentials'
>   *   Go to 'Install from storage'
>   *   Select 'CA Certificate' from the list of types available
>   *   Accept a large scary warning
>   *   Browse to the certificate file on the device and open it
>   *   Confirm the certificate install
>
> Applications and automation tools can send you to the general 'Security' 
> settings page, but no further: from there the user must go alone (fiddly if 
> not impossible with test automation tools)

tldr: I don't think this impacts certificates installed for Wi-Fi networks. 
They are handled differently. I would like someone who has experience with 
actually writing an on-boarding app to chime in, though.

Longer dive:
It is worth noting that when you manually install a CA in Android, it asks if 
you want to install it for "VPN and apps" or "Wi-Fi" (at least on Android 9, 
which is what I'm on). This indicates there is something different on the back 
end.

>From the article, it seems to stem from Google locking down the 
>KeyChain.createInstallIntent() API method [1] in the 
>https://urldefense.proofpoint.com/v2/url?u=http-3A__android.security=DwIFAg=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw=wLdFd1ZL0ZcUbF2oBZW_IGbytKgpgr2PoVwEtmgISwA=EIjL_Sz_V0_7qwiC9Vr9UGpKyxiqtzjgT-kVvBf99pE=eIYCAIH_iPNptUM3bidJAy9Zv5C74atVJ8LINirNjgk=
>  package. Ultimately what we are after is setting up a wireless profile. How 
>does that work? Well, there is an android.net.wifi package [2]. Let's look 
>there.

There is a WifiConfiguration class, but there is a note that it was deprecated 
in API level 29 (Android 10), and to use WifiNetworkSpecifier.Builder instead 
[3]. The article is specifically about Android 11, so we don't care about older 
versions.

In the WifiNetworkSpecifier.Builder class, there is a public method 
setWpa2EnterpriseConfig(WifiEnterpriseConfig enterpriseConfig). So we need a 
WifiEnterpriseConfig class [4].

The WifiEnterpriseConfig class has a method setCaCertificate(X509Certificate 
cert) [5] which, as you may have guessed, is used to "Specify a X.509 
certificate that identifies the server." This takes an X509Certificate class, 
which is part of the java.security.cert package. We should be able to provide 
that irrespective of what Android does.

That is all good in theory, but what does an actual onboarding app do? The only 
open source one I'm aware of is eduroamCAT [6]. It seems to have issues with 
Android 10 [7], so it may not be the best example, but it's what I can find. A 
quick grep of the 

RE: Are You Ready for WiFi6E

[McClintic, Thomas]

The first step is tools. If we can't survey and troubleshoot then we will be 
blindly jumping into things.

I want to understand what impact AFC will have in our area as well. Plenty of 
time for planning that's for sure.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Rios, Hector J
Sent: Friday, April 24, 2020 9:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Are You Ready for WiFi6E


 EXTERNAL EMAIL 
Now that the FCC has approved the 6GHz band, I wonder what others are doing in 
terms of planning. There is a lot to think about and unlike prior 
announcements, this one really is a game changer. Here are some thoughts:

*Vendors should be rushing to make APs and make them available possibly this 
year.
*The assumption is that the new radios will be tri radios. I'm sure vendors 
will get creative.
*More radios chains and more features (BLE, USB, Zigbee) mean more power needs.
*Faster more efficient technology means faster speeds required: 2.5G/5G.
*Will your existing infrastructure be capable to handle the new technology? 
Today, most likely not.
*If in the middle of a lifecycle, do you continue or do you wait?

For those that are super excited, here are some last things to think about:

Higher modulations require higher levels of SNR. Higher frequencies have 
shorter wavelengths and more trouble getting through objects. Bonding channels 
raises your noise floor and also requires higher receiver sensitivity. There 
are a ton of other things to consider. What say you?

Regards,

Hector Rios
The University of Texas at Austin



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [EXT] [WIRELESS-LAN] NAC/authentication implementations

[McClintic, Thomas]

This is more for evolution. The ability to identify an unmanaged device and the 
user connected allows us to direct what they are able to do.

The power given to our security group for enabling them to ensure only 
authenticated clients are able to reach internal resources, as well as the 
ability to mitigate hosts more easily is why we have been pursuing NAC on the 
wire.

Sadly I can’t answer to questions 3-5 since we aren’t far enough down the road. 
I am curious to see responses.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Monday, April 13, 2020 2:51 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations


 EXTERNAL EMAIL 
Where wired 802.1X is a goal, have you seen real-world security issues happen 
in your environments that this will solve, or is the target one of evolution 
and prevention?

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of McClintic, Thomas
Sent: Monday, April 13, 2020 3:49 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations

We are currently in the beginning of implementing NAC on the wire. We are using 
a phased approach to ease clients into it.

Phase 1a) Introduce open MAC authentication to all ports, this helps verify 
connectivity and licensing.
Phase 1b) Rollout certificate enrollment via AD and JAMF for EAP-TLS usage
Phase 2a) Enable EAP-TLS authentication along with open MAC and registered 
MACs, enable AD and JAMF computers for wired authentication
Phase 2b) Captive portal for open MAC authentication that enables users to 
enroll for certificate (using CPPM Onboarding)
Phase 3) Begin enforcing EAP-TLS or restricted MAC authentication (to 
authenticate non-EAL-TLS devices), no authentication leaves you in a 
captive-portal, bypass this portal and you are restricted to an internet only 
segmented network

We are currently on phase 2a, but are still working on the design and 
implementation. We are going very slow to minimize impact to users while trying 
to increase our security of restricting open port access. The ultimate goal 
will be to know who or what is on each port and enable our security group to 
dictate the policies.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Johnston, Ryan
Sent: Monday, April 13, 2020 2:28 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations


 EXTERNAL EMAIL 

  1.  If you have a NAC solution do you do port based auth?
 *   Yes.  We use Clearpass to implement.
  2.  If you have a NAC solution do you do eap-tls? If so how are you handling 
the certification “push” to devices?
 *   Yes our primary preferred authentication protocol is EAP-TLS, however 
we do offer and support EAP-PEAP and PSK methods for devices that do not 
support tls certificates or have a bad user experience with them (looking at 
you chromebooks!).  We use a product called SecureW2 for self-service user 
onboarding to WiFi which inserts the certificate into the device.
  3.  What were the major pain points during implementation?
 *   Client onboarding via a local captive portal.  Client captive portal 
browsers are volatile and can their behavior can severely affect the client 
experience.
  4.  What were the major use cases you were resolving/resolved?
 *   We were looking to move away from EAP-PEAP largely for security and 
convenience reasons.  One particular pain point was the regularly scheduled 
expiration of user account passwords.  This in turn would knock a device with 
saved EAP-PEAP credentials off of the network.  Our client certificates are 
valid for a longer period of time and largely avoid this issue.  Network access 
is tied to a combination of valid certificate and valid account lifecycle check.
  5.  Anything you would do differently if you do it again?
 *   I would have liked to have spent more time polishing the onboarding 
experience.  Our deployment timeline however did not allow for it.  As other 
threads on this list have mentioned, if you go down this road you will be 
served well by testing your workflow extensively and often.  Each device type 
has different behaviors of captive portal behavior as well as the possibility 
of application changes with new device software updates.


Ryan

--
Ryan Johnston he/him/his
Associate Director of Infrast

RE: [EXT] [WIRELESS-LAN] NAC/authentication implementations

[McClintic, Thomas]

We are currently in the beginning of implementing NAC on the wire. We are using 
a phased approach to ease clients into it.

Phase 1a) Introduce open MAC authentication to all ports, this helps verify 
connectivity and licensing.
Phase 1b) Rollout certificate enrollment via AD and JAMF for EAP-TLS usage
Phase 2a) Enable EAP-TLS authentication along with open MAC and registered 
MACs, enable AD and JAMF computers for wired authentication
Phase 2b) Captive portal for open MAC authentication that enables users to 
enroll for certificate (using CPPM Onboarding)
Phase 3) Begin enforcing EAP-TLS or restricted MAC authentication (to 
authenticate non-EAL-TLS devices), no authentication leaves you in a 
captive-portal, bypass this portal and you are restricted to an internet only 
segmented network

We are currently on phase 2a, but are still working on the design and 
implementation. We are going very slow to minimize impact to users while trying 
to increase our security of restricting open port access. The ultimate goal 
will be to know who or what is on each port and enable our security group to 
dictate the policies.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Johnston, Ryan
Sent: Monday, April 13, 2020 2:28 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] NAC/authentication 
implementations


 EXTERNAL EMAIL 

  1.  If you have a NAC solution do you do port based auth?
 *   Yes.  We use Clearpass to implement.
  2.  If you have a NAC solution do you do eap-tls? If so how are you handling 
the certification “push” to devices?
 *   Yes our primary preferred authentication protocol is EAP-TLS, however 
we do offer and support EAP-PEAP and PSK methods for devices that do not 
support tls certificates or have a bad user experience with them (looking at 
you chromebooks!).  We use a product called SecureW2 for self-service user 
onboarding to WiFi which inserts the certificate into the device.
  3.  What were the major pain points during implementation?
 *   Client onboarding via a local captive portal.  Client captive portal 
browsers are volatile and can their behavior can severely affect the client 
experience.
  4.  What were the major use cases you were resolving/resolved?
 *   We were looking to move away from EAP-PEAP largely for security and 
convenience reasons.  One particular pain point was the regularly scheduled 
expiration of user account passwords.  This in turn would knock a device with 
saved EAP-PEAP credentials off of the network.  Our client certificates are 
valid for a longer period of time and largely avoid this issue.  Network access 
is tied to a combination of valid certificate and valid account lifecycle check.
  5.  Anything you would do differently if you do it again?
 *   I would have liked to have spent more time polishing the onboarding 
experience.  Our deployment timeline however did not allow for it.  As other 
threads on this list have mentioned, if you go down this road you will be 
served well by testing your workflow extensively and often.  Each device type 
has different behaviors of captive portal behavior as well as the possibility 
of application changes with new device software updates.


Ryan

--
Ryan Johnston he/him/his
Associate Director of Infrastructure
DePaul University
55 E Jackson Blvd | Chicago, Illinois 60604
https://www.depaul.edu
 |  
https://helpdesk.depaul.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Brady J. Ballstadt
Sent: Monday, April 13, 2020 9:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] [WIRELESS-LAN] NAC/authentication implementations

Hello everyone,

Have a few questions as we do some research to add on to our NAC implementation 
and trying to avoid issues or at least minimize them.


  1.  If you have a NAC solution do you do port based auth?
  2.  If you have a NAC solution do you do eap-tls? If so how are you handling 
the certification “push” to devices?
  3.  What were the major pain points during implementation?
  4.  What were the major use cases you were resolving/resolved?
  5.  Anything you would do differently if you do it again?

Any extra information would be great as well.

Thank you,

Brady Ballstadt
University of Arkansas

**
Replies to EDUCAUSE Community Group emails are sent to the 

RE: [WIRELESS-LAN] ArubaOS 8.5.0.7

[McClintic, Thomas]

We moved to 8.5.0.6 for about 30 days. Okay so far. We moved for some features 
to 8.5 and 6 was required for a RAP issue we were having for LMS preemption.


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Enfield, Chuck
Sent: Monday, March 30, 2020 2:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ArubaOS 8.5.0.7


 EXTERNAL EMAIL 
We’re considering 8.5.0.7 for some minor bug fixes, but we’ve been on 8.5.0.6 
for about 6 weeks and have no major problems.

Chuck

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Cesar Fernandez
Sent: Monday, March 30, 2020 3:15 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] ArubaOS 8.5.0.7


Hi Everyone,

We are an Aruba wireless shop currently running ArubaOS 8.5.0.1 on an 
Active/Standby MM pair with 4 MD controllers.  Ever since we upgraded to the 
8.5 code we've encountered several critical issues requiring upgrades, and 
subsequent downgrades, between various 8.5.0.X versions. We have been on 
8.5.0.1 for the better part of the school year as it has been the most stable 
for our environment.  A couple weeks before the COVID-19 crisis, 3 of our 4 MD 
controllers randomly crashed.  TAC is now recommending that we upgrade to 
8.5.0.7, which was released last week.

Are there any universities on this list that have recently upgraded to 8.5.0.7? 
If so, what has been your experience?

I understand most campuses are only seeing a fraction of the normal wireless 
traffic load as most students are currently not on campus - so any feedback 
would be greatly appreciated.


Cesar Fernandez
Sr. Network Engineer
University of San Diego


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Rogue Containment (Was Re: Handling Wifi Deauth Attacks)

[McClintic, Thomas]

Perhaps we are near the point that registering SSIDs similar to a call sign is 
required, which then warrants the use of security options. If you have a SSID 
named HARVARD and someone is using that same SSID within your 'territory' then 
it is obviously them being malicious. How that could be against regulation is 
beyond me. Likely, if you have policies in place that prohibit non-administered 
WLANs on your wired network then you should be able to use security measures to 
stop them as well. 

Both of these scenarios increase security risks for users and protecting them 
should be paramount in my opinion. They are also much different than the 
Marriott situation. 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Healy
Sent: Tuesday, April 10, 2018 3:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Rogue Containment (Was Re: Handling Wifi Deauth Attacks)

On Apr 3, 2018, at 10:42 AM, Kenny, Eric  wrote:
> 
> §333. Willful or malicious interference No person shall willfully or 
> maliciously interfere with or cause interference to any radio communications 
> of any station licensed or authorized by or under this chapter or operated by 
> the United States Government.
> (June 19, 1934, ch. 652, title III, §333, as added Pub. L. 101–396, 
> §9, Sept. 28, 1990, 104 Stat. 850.)

This quote reminded me of an issue we've discussed on this list previously: 
containing or deauthenticating rogue devices.  I've changed the thread subject 
because this is a case where the WLAN operator is "interfering with" others 
(rather than being the victim).

I've spoken informally with several people about this, and most feel that 
deauth for security reasons is OK.  However, the letter of the law does not 
appear to have any sort of exemption.  With the FCC consent decree against 
Marriott, I'm uncertain when (or if) it is OK to fight back against security 
threats.

I reached out to the FCC to ask if they could clarify their stance and let me 
know if there were any circumstances where deauths were appropriate and not 
illegal.  The FCC's response (and my initial questions) are below.  
Unfortunately, they had no firm guidance on this issue and suggested I contact 
other groups.

Before I do that, does anyone on this list have any more conclusive guidance 
that they've already found?

Thanks,

Jason


=== FCC Response ===

Hi Jason,

The majority of FCC decisions concerning “jamming” involve signal jammers that 
emit random RF noise, rather than Wi-Fi equipment that transmits 
deauthentication frames, so jammerinfo may not be the best source.  The only 
official FCC guidance comes in the form of rules, orders, or other Commission 
pronouncements, and I’m not aware of any that speak directly to your questions. 
 

Unlike signal jammers, which never receive an FCC equipment authorization, 
Wi-Fi equipment is designed to enable, not interfere with, communications.  The 
deauthentication feature is inherent to Wi-Fi operation and does not prevent 
FCC certification.  However, even an authorized device, whether transmitting on 
licensed or unlicensed spectrum, can be operated in a manner that violates FCC 
rules.  Thus, some enterprise equipment manufacturers have warned network 
administrators that improper use of deauthentication could land them in hot 
water.

One takeaway from the Marriott case was that a business may not block hotspots 
indiscriminately or for commercial gain.  Unfortunately, that case does not 
speak to whether private schools may do so under the circumstances you’ve 
presented below.  With respect to security matters, shortly after Marriott was 
fined, the American Hotel & Lodging Assoc. filed an FCC petition asking for 
clarification on the network management measures that a hotel network 
administrator may lawfully take to secure the network from spoofers, honeypot 
attacks, etc.  Though some parties assert that the group sought a rule that 
would allow extensive blocking, the petitioners asserted that it would be 
unreasonable to block hotspots that were not posing a security threat.  (The 
petition and comments from interested parties in proceeding RM-11737 can be 
accessed on the Commission’s website, 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fcc.gov_ecfs_=DwIFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=ysI8MZpJSL9i59P3muTYWa4ce5JraPCgWYm-_aSjxL0=jmzzGunm7Ib9dt2vhA8PMiCd0UnXGC-9UzbVIycxW3Y=
 .)  Under that interpretation, blocking all hotspots would only be permitted 
if each hotspot was individually deemed to pose a threat to network security.  
In any event, this petition was later withdrawn, so no declaratory ruling was 
issued and no limits were set in that proceeding.

With respect to adjacent or cochannel interference, Wi-Fi operates on shared 
unlicensed 

RE: Unlicensed wireless Gig Link for 1000' PtP

[McClintic, Thomas]

We use Siklu 2x00 series for a link that is over 1mile.

I have nothing but positive things to say about them. I have also used Trango 
and Lightpointe in the past. The amount of features in the Siklu radio really 
impressed me. It has been very stable and installation was a breeze.

TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 20, 2018 10:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Unlicensed wireless Gig Link for 1000' PtP

Apologies to those of you who will get this twice.

I need to replace a licensed Gig bridge on a short link with smaller/cheaper 
but still Gig. I know there are many options, but I'm looking for feedback 
specifically on two 60 GHz options:

1.   IgniteNet MetroLinq 
https://www.ignitenet.com/products/metrolinq/
2.   Siklu EtherHaul -600 
https://www.siklu.com/portfolio-posts/etherhaul-600-series-v-band/

Are any of you using either, and at what length? Anything good or bad to report 
from reliability, quirkiness, support, etc?

Thanks very much,

Lee Badman

Lee Badman | Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Aruba 8.0

[McClintic, Thomas]

Jason,

You are brave, I would love to know when you feel confident in AOS 8. Thank you 
for taking the time to early adopt to help Aruba figure it out. 

We are waiting patiently to move to AOS8 but are getting anxious as we want to 
implement some of the new features. 

TJ McClintic


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trinklein, Jason R
Sent: Tuesday, March 20, 2018 10:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 8.0

We are upgrading our AOS to the latest patch tonight. We have faced a lot of 
bugs with AOS up until now. We were one of the first universities to deploy AOS 
8.0.0.0, being that we wanted to build our new Aruba infrastructure from the 
ground up with the benefits of 8, which was brand new when we started. We are 
excited about the bug fixes reported in the PDF.



-- 

Jason Trinklein



Wireless Engineering Manager



College of Charleston



81 St. Philip Street | Office 311D | Charleston, SC 29403



trinkle...@cofc.edu | (843) 300–8009

On 3/20/18, 5:25 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Kees Pronk"  wrote:



FYI : AOS 8.2.1.0 has just been released and contains 35 pages of fixes :-) 
Seems like a miracle my test with 8.2.0.2 in the Study Center has been nearly 
flawless up until now :-O



-Kees



-Oorspronkelijk bericht-

Van: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Namens Lionel Shigemura

Verzonden: woensdag 14 maart 2018 17:15

Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Onderwerp: Re: [WIRELESS-LAN] Aruba 8.0



Hi Chad,



Helpful observations.  We’re looking at an upgrade without MM for our small 
Campus.  280 WAPs that will grow to ~400 using a high density design using 7220 
& 7210.  Still investigating the cost/benefit for MM or non-MM upgrade.



We’ll need more Q & A with HPE and our local vendor.  Can’t make Atmosphere 
due to scheduling conflicts.



Lionel Shigemura

Univ of HI - Leeward CC



Sent from my iPhone



> On Mar 14, 2018, at 9:08 AM, Kenny, Eric  wrote:

>

> Hi Chad,

>

> We’ve been running 8.x for almost a year and have certainly hit a fair 
share of issues.  We are currently on 8.2.0.2 which has been running since it 
was released.  Myf advice is that you might have better luck using the CLI 
rather than the web GUI to make configuration changes.

>

> Some things we’ve noticed in our deployment:

>

> - The “DHCP Required” option to ensure only client devices that have 
obtained an address via DHCP are allowed access to the network ended up causing 
major issues.  This resulted in web pages loading very slowly or halfway, or 
not at all.

> - Lots of AP crashes in 8.2.0.2.

> - Configuration push from MM to MD had some issues initially with 
consistency checking.

> - Configuration missing after upgrades possibly due to MDs reverting to 
previous config version as a result of being unable to contact the MM

> - Inconsistencies for client count and AP count on the MM, but looking at 
the MDs directly shows correct information

> - Inconsistencies with bandwidth contracts being applied to dual stack 
clients, usually it is applied to the link local IPv6 address instead of the 
IPv4 address.

>

> Hope that helps,

> ---

> Eric Kenny

> Network Architect

> Harvard University IT

> ---

>

>> On Mar 12, 2018, at 1:37 PM, Chad Patterson  wrote:

>>

>> We are planning to move to the Aruba 8.0 controller architecture/code at 
some point in the future and We’d like to know how it was for those of you who 
have made the move. Was it painful? Any unexpected issues?  Any information or 
experience you can provide would be greatly appreciated. Thanks all!

>>

>> Chad Patterson

>> Network Administrator

>> ITS-Wireless

>> Florida State University

>> (850) 645-3402

>> cpatter...@fsu.edu

>>

>> ** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] Aruba 8.0

[McClintic, Thomas]

Thanks Eric for the information!

Your first two comments look like show stoppers for us. Will be interested in 
hearing how things progress.



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kenny, Eric
Sent: Wednesday, March 14, 2018 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 8.0

Hi Chad,



We’ve been running 8.x for almost a year and have certainly hit a fair share of 
issues.  We are currently on 8.2.0.2 which has been running since it was 
released.  Myf advice is that you might have better luck using the CLI rather 
than the web GUI to make configuration changes.



Some things we’ve noticed in our deployment:



- The “DHCP Required” option to ensure only client devices that have obtained 
an address via DHCP are allowed access to the network ended up causing major 
issues.  This resulted in web pages loading very slowly or halfway, or not at 
all.  

- Lots of AP crashes in 8.2.0.2.

- Configuration push from MM to MD had some issues initially with consistency 
checking.

- Configuration missing after upgrades possibly due to MDs reverting to 
previous config version as a result of being unable to contact the MM

- Inconsistencies for client count and AP count on the MM, but looking at the 
MDs directly shows correct information

- Inconsistencies with bandwidth contracts being applied to dual stack clients, 
usually it is applied to the link local IPv6 address instead of the IPv4 
address.



Hope that helps,

--- 

Eric Kenny

Network Architect

Harvard University IT

---



> On Mar 12, 2018, at 1:37 PM, Chad Patterson  wrote:

> 

> We are planning to move to the Aruba 8.0 controller architecture/code at some 
> point in the future and We’d like to know how it was for those of you who 
> have made the move. Was it painful? Any unexpected issues?  Any information 
> or experience you can provide would be greatly appreciated. Thanks all!

>  

> Chad Patterson

> Network Administrator

> ITS-Wireless

> Florida State University

> (850) 645-3402

> cpatter...@fsu.edu

>  

> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=_yG8PumouZ2tnyTQNl5VzHmZQ8lJ4lSb87TUnh55YGg=BO-fpLgMz6y3ImsOJkew_WUrzWtxda8dWXdlPWD8JoE=
>  .





**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=_yG8PumouZ2tnyTQNl5VzHmZQ8lJ4lSb87TUnh55YGg=BO-fpLgMz6y3ImsOJkew_WUrzWtxda8dWXdlPWD8JoE=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Wi-Fi Temperature Sensor Inquiry

[McClintic, Thomas]

I would also like to know, especially around SensorPush.

TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Christopher
Sent: Monday, December 4, 2017 11:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi Temperature Sensor Inquiry

Good Morning,

Was curious if anyone had any experience with any particular types of Wi-Fi 
Temperature Sensors for labs/green houses, etc - such as headaches and/or 
lessons learned? From what I've gathered - all of the ones on the market are 
2.4GHz only with a majority capable of 802.11g only - a couple exceptions I've 
found are 802.11n capable with WPA2 Enterprise security as well.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook
 and Twitter
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Managing static power/channel assignments?

[McClintic, Thomas]

RF Group and RF Profile are different. 

Group is a controller thing and Profile is an AP thing. 

TJ McClintic


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joachim Tingvold
Sent: Friday, December 1, 2017 9:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Managing static power/channel assignments?

On 1 Dec 2017, at 15:31, McClintic, Thomas wrote:
> It won't see them as rogues so you need not be concerned there. It is 
> common practice to create a RF Profile variant for multiple AP Groups 
> and those groups be within RF range of each other on the same 
> controller.

Yeah, that was my assumption on the matter as well, but this [1] document might 
disagree with that, as it states the following;

“[…] the access points will then select the beacon/probe-response frames in 
neighboring access point messages to see if they contain an authentication 
information element (IE) that matches that of the RF group. If the select is 
successful, the frames are authenticated. 
Otherwise, the authorized access point reports the neighboring access point as 
a rogue, records its BSSID in a rogue table, and sends the table to the Cisco 
WLC […]”.

[1] 
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cisco.com_c_en_us_td_docs_wireless_controller_8-2D3_config-2Dguide_b-5Fcg83_b-5Fcg83-5Fchapter-5F011000.html=DwIFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=L_8PZZQ_qdS8kDvMR3EYVv3wUD7hocNJ-WqqJDA_k7U=Dq-rWq0PzUBr0rmN_ZxwTVl6rCKreIupVd9-nlZA2R8=
 >


> I'm confused on the DCA being one channel, you may want to reevaluate 
> that. It would cause you to have separate RF Profiles per channel 
> which sounds daunting. May want to just set the channel statically or 
> change the DCA interval/time.

The point was to avoid having to fiddle with manually configuring 
several static parameters per AP, that essentially would be identical 
for each deployment. Hence the idea to “simulate” static assignments 
via the RF Profiles, solely so that we can assign such static 
configurations through just AP Groups assignment. This is easier than 
manual configuration of each parameter (less things to configure), and 
also less prone to human errors (compared to manual assignments).

I’m not entirely convinced yet; it was more of a shower thought (-:

-- 
Joachim

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=L_8PZZQ_qdS8kDvMR3EYVv3wUD7hocNJ-WqqJDA_k7U=hoa7pEzHsQEOngtEvd_cqOhShAvW_7L45uAVTx45y7c=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Managing static power/channel assignments?

[McClintic, Thomas]

It won't see them as rogues so you need not be concerned there. It is common 
practice to create a RF Profile variant for multiple AP Groups and those groups 
be within RF range of each other on the same controller.

On the TPC we use a 3db shift up from the power used in surveying. This allows 
APs to expand their cells, we also have manipulated some RF neighbor settings 
to help with this. 

I'm confused on the DCA being one channel, you may want to reevaluate that. It 
would cause you to have separate RF Profiles per channel which sounds daunting. 
May want to just set the channel statically or change the DCA interval/time.

TJ McClintic

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joachim Tingvold
Sent: Friday, December 1, 2017 8:14 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Managing static power/channel assignments?

Hi,

How are people managing their static assignments of channel and power?

We’ve used DCA/TPC on all our deployments, and any tweaking/fine tuning has 
been done in either of those. However, we probably need to have some static 
assignments now that we’re deploying APs in our elevators (to limit cascading). 
I know the current DCA/TPC algorithms somewhat mitigates cascading, but there 
will still be some that we hope to avoid by having static assignments on the 
APs in the elevators (and maybe the closest AP outside the elevators on each 
floor). There should be no scenarios where the APs in the elevators ever needs 
to change their power level, nor their channels, so it makes no sense to have 
TPC or DCA on them.

I haven’t had time to test this yet, but I’m thinking of using RF Profiles;

  * Specify TPC max/min power levels in such a way that it essentially is a 
static power level assignment
  * Specify DCA with only one channel available, essentially making it a static 
channel assignment

We have two APs in each elevator, so we’d create two RF Profiles; the TPC would 
be configured equally, but the DCA would have two different channels between 
the two profiles.

The plan is then to assign these RF Profiles to AP Groups, and then we can just 
assign APs to those AP Groups. This would make it easy to change APs in the 
future, without having to manually configure each AP.

My only concern thus far, is that it seems as if the WLCs will consider APs 
with different RF Profiles as “rogues”. Is that the case, even if the APs are 
on the same WLC? I cannot find anything in the documentation that confirms nor 
denies this.

--
Joachim

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIDaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=u-EBB7IKmD1Pw3UZWk8yk3VdPY_PSWsAtly21i38LpY=663IIq5k4x9Zr8-i-whxY2RgTE-bcL96DZ-4Tjxeeuw=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Question regarding the support of WiFi Calling and texting

[McClintic, Thomas]

Tim,

Do you have anything with a link to this information from Palo Alto’s 
perspective? Ie. which protocols and such.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Tuesday, October 24, 2017 11:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Question regarding the support of WiFi Calling and 
texting

Vikki,
  What are you using for a firewall?  We had to open up a couple ingress 
protocols after we upgraded our PA firewall.  These protocols need to talk to 
servers on the Internet. PA’s latest models will block the handshaking unless 
ingress is open.  We found this to be predominately true for Apple phones, but 
seldom for Androids.   It also depending on the service.  We have no complaints 
now.

Tim

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Vikki Cutrone
Sent: Tuesday, October 24, 2017 10:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Question regarding the support of WiFi Calling and 
texting

We are running Eduroam as our SSID,  my Android phone can use eduroam to make 
WiFi calls or Texts, some users on campus, primary Apple devices cannot.  I was 
wondering if campuses are maintaining a best effort posture/policy  regarding 
BYOD's ?

Thanks

On Tue, Oct 24, 2017 at 11:33 AM, Yahya M. Jaber 
> wrote:
Can you give us an example on the issues reported?, so I can understand your 
issue more.


Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android

On Oct 24, 2017 17:25, Vikki Cutrone 
> wrote:
I am the Network Administrator at Vassar College and I was wondering what 
position  institutions were taking regarding support and troubleshooting of 
clients trying to use the wireless for wifi calling and wifi texting?  I am 
getting a large amount of requests for this service but with the multitude of  
cell phones, operating systems and cell providers it is impossible to keep up.  
Any input about your institution's policy or thoughts on a potential policy 
would be greatly appreciated.

Thank you in advance!

--
Vikki Cutrone
Network Administrator
Vassar College, Box 13
124 Raymond 
Ave
Poughkeepsie, NY 
12604-0013

845-437-7231
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



This message and its contents including attachments are intended solely for the 
original recipient. If you are not the intended recipient or have received this 
message in error, please notify me immediately and delete this message from 
your computer system. Any unauthorized use or distribution is prohibited. 
Please consider the environment before printing this email.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--
Vikki Cutrone
Network Administrator
Vassar College, Box 13
124 Raymond Ave
Poughkeepsie, NY 12604-0013

845-437-7231
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: Big flaw in WPA2

[McClintic, Thomas]

This seems contradicting…


Workarounds
===
All vulnerabilities described in this advisory may be mitigated by
disabling certain features:
- For ArubaOS, ensure that 802.11r is disabled by verifying that any
   configured SSID profile does not contain a "dot11r-profile".  From the
   command line, "show wlan dot11r-profile" will list any 802.11r profiles
   that have been configured.  If the reference count is 0, 802.11r is not
   enabled.
- For InstantOS, ensure that 802.11r is not enabled in any configured WLAN.
- Disabling 802.11r on the AP infrastructure will effectively mitigate
   client-side 802.11r vulnerabilities.  It will not, however, mitigate
   client-side 4-way handshake vulnerabilities.
- Clarity Engine is a beta feature enabled only in special builds of
   software.  Customers who are participating in this beta should not use
   Clarity Engine until a software update has been completed.
- Mesh mode for both ArubaOS and InstantOS is vulnerable.  Until this
   vulnerability is patched, mesh networks should be disabled.
- Wi-Fi uplink mode for InstantOS is vulnerable.  Until this vulnerability
   is patched, the Wi-Fi uplink feature should not be used.


TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, October 16, 2017 7:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Big flaw in WPA2

Let the panic begin.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Monday, October 16, 2017 7:51 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Big flaw in WPA2


https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner
Manager of Network Operations, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

[McClintic, Thomas]

Sorry, this was mentioned previously. I should have read bottom up instead of 
top down ☺

TJ McClintic


From: McClintic, Thomas
Sent: Tuesday, May 2, 2017 8:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

The 330 also has a multi-gig port for speeds >1gbps. Goes back to the channel 
bonding though…..

TJ McClintic

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Tuesday, May 2, 2017 7:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Bruce,
The 310 series is 4x4 with 4 MU streams.  But it is only 2SS on 2.4GHz.

325 has 2nd Ethernet port, full spatial streams in 2.4GHz, 3MU streams, and 
does 80MHz only.

315 is single Ethernet, 2SS in 2.4GHz, 4MU streams and does 160, but drops to 
2SS in 5GHz @160.

The 330 and 310 are the 2nd gen W2 chips from QCA which is why they get the 4th 
MU stream.

I can't comment on CPU.



Sent from my iPhone

On May 2, 2017, at 5:49 AM, Osborne, Bruce W (Network Operations) 
<bosbo...@liberty.edu<mailto:bosbo...@liberty.edu>> wrote:

http://www.arubanetworks.com/products/networking/access-points/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arubanetworks.com_products_networking_access-2Dpoints_=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4zW58YOe1qDnctCvZNNRQK1W__bFlZI4X7pA5e0ZTZU=fPqdlqU53bc74W1FRn4FddBSNh_SQE2exu1_9EHUvCg=>

Checking quickly, the 330 series is 4x4 MU-MIMO and has HP SmartRate, their 
multi-gigabit solution. You can get 5Gps on Cat 5e or 10Gps on Cat6A, according 
to their data sheet.

http://www.arubanetworks.com/assets/so/SO_SmartRate.pdf<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.arubanetworks.com_assets_so_SO-5FSmartRate.pdf=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4zW58YOe1qDnctCvZNNRQK1W__bFlZI4X7pA5e0ZTZU=HH8vGrGVBuzAKEI4jDRIWWvGTG1QvqHOnimmwjvBZj0=>

320 Series is 4x4 MU-MIMO

310 Series is 2x2 MU-MIMO

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Chuck Enfield [mailto:chu...@psu.edu]
Sent: Monday, May 1, 2017 12:46 PM
Subject: Re: Aruba AP Models - 315 vs 325

The differences that I know of are:

-330 series supports VHT160.  I can’t see using it, but if you can than this is 
the AP for you.
-330 has switchable antenna polarization, which should allow better H-plane 
coverage when wall-mounting the AP. I haven’t tested this to see how well it 
works, but a bracket to wall-mount an AP while maintaining its horizontal 
orientation is pretty inexpensive.

Traditionally, each higher Aruba AP series also has more memory, and often a 
better processor, to ensure adequate performance in the densest users 
environment.  I recently asked my VAR about how the 320’s and 330’s compare in 
this way, but haven’t heard back from them yet.  Anybody know?

Chuck Enfield
Manager, Wireless Engineering
Enterprise Networking & Communication Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Hess
Sent: Monday, May 01, 2017 12:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Aruba folks,
Looking for opinions on whether the price premium of the 325 
over the 315 is worth it.


Thanks,

Steve


[https://wheatoncollege.edu/tools/email-signature/img/email_r1_c1.gif]

[https://wheatoncollege.edu/tools/email-signature/img/email_r2_c1.gif]

Steve Hess

Manager of Networking and Telecommunications

26 E. Main St Norton, MA 02766

t. 508-286-3413

f. 508-286-8270

[https://wheatoncollege.edu/tools/email-signature/img/wheaton-college.gif]<https://urldefense.proofpoint.com/v2/url?u=http-3A__wheatoncollege.edu_=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4zW58YOe1qDnctCvZNNRQK1W__bFlZI4X7pA5e0ZTZU=khJJtjJYlD8CWiipf1aizrSIDtf8HKPrrB0e2em2bxs=>[Wheaton
 College on 
Facebook]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.facebook.com_WheatonCollege=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4zW58YOe1qDnctCvZNNRQK1W__bFlZI4X7pA5e0ZTZU=DUAe-SwvMyRyP5osnAOvhWQkDieFPVH1nEsbrzTEL78=>[Wheaton
 College on 
Twitter]<https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_wheaton=DQMFaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4zW58YOe1qDnctCvZNNRQK1W__bFlZI4X7pA5e0ZTZU=WuFDbY9kUI0fZYwqC5wJ0JMp

RE: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

[McClintic, Thomas]

The 330 also has a multi-gig port for speeds >1gbps. Goes back to the channel 
bonding though…..

TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Tuesday, May 2, 2017 7:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Bruce,
The 310 series is 4x4 with 4 MU streams.  But it is only 2SS on 2.4GHz.

325 has 2nd Ethernet port, full spatial streams in 2.4GHz, 3MU streams, and 
does 80MHz only.

315 is single Ethernet, 2SS in 2.4GHz, 4MU streams and does 160, but drops to 
2SS in 5GHz @160.

The 330 and 310 are the 2nd gen W2 chips from QCA which is why they get the 4th 
MU stream.

I can't comment on CPU.



Sent from my iPhone

On May 2, 2017, at 5:49 AM, Osborne, Bruce W (Network Operations) 
> wrote:

http://www.arubanetworks.com/products/networking/access-points/

Checking quickly, the 330 series is 4x4 MU-MIMO and has HP SmartRate, their 
multi-gigabit solution. You can get 5Gps on Cat 5e or 10Gps on Cat6A, according 
to their data sheet.

http://www.arubanetworks.com/assets/so/SO_SmartRate.pdf

320 Series is 4x4 MU-MIMO

310 Series is 2x2 MU-MIMO

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Chuck Enfield [mailto:chu...@psu.edu]
Sent: Monday, May 1, 2017 12:46 PM
Subject: Re: Aruba AP Models - 315 vs 325

The differences that I know of are:

-330 series supports VHT160.  I can’t see using it, but if you can than this is 
the AP for you.
-330 has switchable antenna polarization, which should allow better H-plane 
coverage when wall-mounting the AP. I haven’t tested this to see how well it 
works, but a bracket to wall-mount an AP while maintaining its horizontal 
orientation is pretty inexpensive.

Traditionally, each higher Aruba AP series also has more memory, and often a 
better processor, to ensure adequate performance in the densest users 
environment.  I recently asked my VAR about how the 320’s and 330’s compare in 
this way, but haven’t heard back from them yet.  Anybody know?

Chuck Enfield
Manager, Wireless Engineering
Enterprise Networking & Communication Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Hess
Sent: Monday, May 01, 2017 12:07 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Aruba folks,
Looking for opinions on whether the price premium of the 325 
over the 315 is worth it.


Thanks,

Steve


[https://wheatoncollege.edu/tools/email-signature/img/email_r1_c1.gif]

[https://wheatoncollege.edu/tools/email-signature/img/email_r2_c1.gif]

Steve Hess

Manager of Networking and Telecommunications

26 E. Main St Norton, MA 02766

t. 508-286-3413

f. 508-286-8270

[https://wheatoncollege.edu/tools/email-signature/img/wheaton-college.gif][Wheaton
 College on 
Facebook][Wheaton
 College on 
Twitter][Wheaton
 College on 
LinkedIn]



** Participation and subscription 

RE: [WIRELESS-LAN] EDUROAM Service Fees Thoughts

[McClintic, Thomas]

That's great information and thanks Philippe for clarifying as well.

The email we received does not have the same statement you have, Amel. I can 
now see it better explained from the link provided by Philippe.

Thanks all.

TJ McClintic

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Amel Caldwell
Sent: Wednesday, April 5, 2017 4:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EDUROAM Service Fees Thoughts

This is what the letter said regarding fees:



“eduroam Invoices and Fees

Internet2 will continue its current practice of covering the eduroam fees as a 
benefit for its higher education members. Just for your information, the fee 
structure for non-Internet2 members (and Internet2 members that are not higher 
education members) is $0.10 per user (based on IPEDS "total enrollment" data) 
with a minimum charge of $400. “



Internet2 higher ed institutions will have to pay a one-time fee of $700 and 
the fees will be continued to be covered as part of the I2 membership.



Other institutions do have the per-user fee.



Amel





On 4/5/17, 2:42 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on 
behalf of McClintic, Thomas" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of 
thomas.mcclin...@uth.tmc.edu> wrote:



The recurring service fee is $.10 per enrollment according to IPEDS with a 
minimum fee of $400 paid annually. 



Agreements must be signed by 7/31/2017 in order to ensure no 
discontinuation of services.



Unless I'm reading the communication incorrectly, that is the summary I 
concluded from it.



TJ McClintic





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson

Sent: Wednesday, April 5, 2017 4:28 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] EDUROAM Service Fees Thoughts



My understanding is that there are no recurring fees for Internet2 members, 
just a one-time registration fee.



On Wed, Apr 05, 2017 at 09:21:08PM +, McClintic, Thomas wrote:

> Good Afternoon,

> 

> We have not yet implemented EDUROAM, but began looking into it as it was 
part of our Internet2 subscription. It now appears that they have changed the 
service to have an annual fee, plus price per enrolled student.

> 

> Our feelings are that implementing now with an added fee does not seem 
likely. We have done without the service this long and our faculty/students are 
not using it, so no disconnect of services for them.

> 

> I wanted to know others feeling on the subject. Do you plan to continue 
with the service given the prorate charged back of 2016? Are you segmenting 
campus visitors from other institutions away from your users, and could this 
not be accomplished with a guest network? Do you feel the cost of the service 
is reasonable given the use your institution has?

> 

> Thank you for any responses!

> 

> TJ McClintic



**

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DQIBAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=CmqrHULm-qiYVoIz5NXywEWY0HA6aGl6jzTYRmPD530=FzTDcxlRyNMZypS8zUAF6UxDcS0eUnS8QUp3VcWjnx4=
 .



**

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=U_gd6561HHxdIRGxo5pi9lWQraPSNfSGy_kNVhB8rDk=qhGha7cPyoMuu6wjBlPb3yLl5wlertfTnPCde-StPpo=
 .







**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=U_gd6561HHxdIRGxo5pi9lWQraPSNfSGy_kNVhB8rDk=qhGha7cPyoMuu6wjBlPb3yLl5wlertfTnPCde-StPpo=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] EDUROAM Service Fees Thoughts

[McClintic, Thomas]

The recurring service fee is $.10 per enrollment according to IPEDS with a 
minimum fee of $400 paid annually. 

Agreements must be signed by 7/31/2017 in order to ensure no discontinuation of 
services.

Unless I'm reading the communication incorrectly, that is the summary I 
concluded from it.

TJ McClintic


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Anderson
Sent: Wednesday, April 5, 2017 4:28 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EDUROAM Service Fees Thoughts

My understanding is that there are no recurring fees for Internet2 members, 
just a one-time registration fee.

On Wed, Apr 05, 2017 at 09:21:08PM +, McClintic, Thomas wrote:
> Good Afternoon,
> 
> We have not yet implemented EDUROAM, but began looking into it as it was part 
> of our Internet2 subscription. It now appears that they have changed the 
> service to have an annual fee, plus price per enrolled student.
> 
> Our feelings are that implementing now with an added fee does not seem 
> likely. We have done without the service this long and our faculty/students 
> are not using it, so no disconnect of services for them.
> 
> I wanted to know others feeling on the subject. Do you plan to continue with 
> the service given the prorate charged back of 2016? Are you segmenting campus 
> visitors from other institutions away from your users, and could this not be 
> accomplished with a guest network? Do you feel the cost of the service is 
> reasonable given the use your institution has?
> 
> Thank you for any responses!
> 
> TJ McClintic

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DQIBAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=CmqrHULm-qiYVoIz5NXywEWY0HA6aGl6jzTYRmPD530=FzTDcxlRyNMZypS8zUAF6UxDcS0eUnS8QUp3VcWjnx4=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

EDUROAM Service Fees Thoughts

[McClintic, Thomas]

Good Afternoon,

We have not yet implemented EDUROAM, but began looking into it as it was part 
of our Internet2 subscription. It now appears that they have changed the 
service to have an annual fee, plus price per enrolled student.

Our feelings are that implementing now with an added fee does not seem likely. 
We have done without the service this long and our faculty/students are not 
using it, so no disconnect of services for them.

I wanted to know others feeling on the subject. Do you plan to continue with 
the service given the prorate charged back of 2016? Are you segmenting campus 
visitors from other institutions away from your users, and could this not be 
accomplished with a guest network? Do you feel the cost of the service is 
reasonable given the use your institution has?

Thank you for any responses!

TJ McClintic



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?

[McClintic, Thomas]

Danny,

Try adding the domain in the profile for which the cert was issued

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 13, 2017 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?


So, I've got one client (1!) who is running Android 7.1.1 and no matter which 
network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user 
tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), 
but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but 
will just not get an IP.  Thoughts?  (other devices work just fine).
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Nyansa

[McClintic, Thomas]

I too am running a trial here. Would also like to hear the experience Lee is 
requesting if possible.

Thanks!

 Original Message 

Subject: Re: [WIRELESS-LAN] Nyansa

From: "Sullivan, Don" 

Date: Feb 10, 2017, 2:03 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Lee,

I would be happy to have a chat with you about it. Probably better off list for 
me.

Don Sullivan
Network Administrator
205-726-2111
dsulli...@samford.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, February 10, 2017 1:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Nyansa

Looking to talk with other schools that have objectively evaluated Nyansa with 
an installed appliance. Curious how what criteria you used to decide whether it 
was bringing you value, and if you bit on it, did it continue to bring value 
after the purchase.

I have it in test and am aware of the feature set and what it promises to do, 
but am looking for testimonials on what it has really exposed that you could 
take action on, how it fits with other tools that you have, and whether you 
have found it to be worth the cost.

On or off list is fine.

Thanks!

Lee Badman

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Cisco AP 'flash' bug

[McClintic, Thomas]

Next time you have this issue, try connecting a console to the AP and run the 
following:

ap: fsck flash:
Are you sure you want to fsck "flash:" (could take some time) (y/n)?y
flashfs[0]: …
ap: boot

This works for us on the failed to reload properly APs.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce
Sent: Thursday, January 19, 2017 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco AP 'flash' bug

Ian, thanks for the response.
To commiserate it does feel that wireless ecosystem has been affected by a 
larger bloom of bugs over the last year or so.
Some of that may be due to enhanced vigilance and our tracking them down to 
root causes, but whatever the case, in aggregate it's a concern here as well.

Another related statistic about this issue.
With ~7000 total APs potentially affected we're seeing an incidence rate below 
1% which although low, it's felt more when you're making fire-fighting trips to 
visit/replace affected APs.


On Thu, Jan 19, 2017 at 10:28 AM, Ian Lyons 
> wrote:
Yes, we own that bug too.  Pretty much we have every bug ..and have been 
patching like madmen since July.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Garret Peirce
Sent: Thursday, January 19, 2017 10:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco AP 'flash' bug

Over the last few months we've run into/discovered a Cisco bug and I was 
curious if any in this community have been seeing it as well.

In a nutshell, it appears the flash is being corrupted and the AP then enters a 
boot loop or fails to boot at all.We are apparently seeing a failure rate 
of roughly 10 APs per month.  My engineer's summary is below.

=

CSCvc74528 description is below, but it fails to take into account that 
occasionally the boot loop doesn't happen and the AP will just crash on boot, 
or fail to boot at all. Working with them to add some things to the description.

"APs go into boot cycle due to corrupt image, do not download new image from WLC
CSCvc74528
Description
Symptom:
APs reboot and when booting back up the image gets corrupted. The AP checks the 
WLC and sees it has the same image in flash and does not download the WLC 
image. The image on the AP is corrupt and therefor continuously reboots into 
the corrupted image.

Conditions:
2702I, 3602I and 3702I APs on a 8540 WLC running 8.2.141.0 or 8.3.102.0 code do 
not download WLC code due to same image on flash.

Bad flash in APs

Workaround:
Format APs via console with new image, holds for a few reboots.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Prime Infrastructure Validated Alternatives

[McClintic, Thomas]

We have Airwave and PI.

I started using PI when it was WCS and was very pleased with it. I like PI and 
where it has come, but it lacks in doing what Cisco states or I feel it should 
do. Constantly finding new bugs is always painful.

The Airwave deployment is much smaller, but I find it to be smoother 
operationally and once I understood the flow it works quite well. The reporting 
is great.

Finally, a newer engineer we have is asking if/when we can move to Airwave 
completely as he is happier working in that platform. Since his history is the 
newest with both products it leads me to believe users may find Airwave as a 
smoother ramp up than PI.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 10, 2017 2:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Prime Infrastructure Validated Alternatives

Thanks, John. Interesting information. We have a long history with PI, and it’s 
various incarnations. It’s been a ride.

-Lee

Lee Badman | CWNE #200 | Network Architect

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Tuesday, January 10, 2017 2:43 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Prime Infrastructure Validated Alternatives

It's hard to tell how often they work on the Cisco parts of the product. I do 
know that they accepted a bug that I found recently -- radio levels and the 
corresponding dBm levels were incorrect, even varying between multiple devices 
of the same mode. For instance, the power level of a 2700i AP could be reported 
as 1(20 dBm) and an identical AP could report 1(22 dBm). And, this is not just 
for newer models. As new features are added to the WLCs, these generally get 
left behind (at least until a bunch of folks complain). I typically use the AMP 
for the majority of my work. However, if I am dealing with a newer feature, I 
usually put the AMP into monitor-only mode, make the changes directly to the 
WLC (GUI and/or CLI), then wait to see if the AMP even detects the change -- 
usually not. Since I only have five 8510s right now (one for each of our MPLS 
areas plus one for testing plus one for Athletics) I don’t have to touch too 
many WLCs. My three AMPs are currently physical Dell servers. The lightest 
loaded one supports just under 2K APs  with two 8510s and the highest loaded 
one supports just over 3K APs and one 8510. The middle one has about 2,500 APs 
and two 8510s. This is about as many APs as I feel comfortable with on the 
8510s anyway (I think their rated max is 6K). The Dell servers are relatively 
new with SSD drives and a lot of memory. I am starting to look at upgrading 
them though to try to get quicker response times. The AMP is supposed to be 
able to be run on a VM. However, I have opted out of that for now.

Another thing that currently irritates me about the AMP is the use of screen 
space. Slightly older versions have user-dragable column widths while the 
newest versions seem to scale a column somewhat larger that the max value 
presented in the column on the screen. The screen will scroll left and right 
but you lose visibility to the name of the device as it scrolls off the left 
side of the screen. With the older user-dragable column widths you could often 
get away with a column only a couple of characters wide if it had something in 
it like device status (up, down, ignored, planned down, pending). I don’t need 
to see the full word to see what the status is. The screen I am looking at now 
has a column width in excess of 20 spaces with the AP client count in it. I 
can’t possibly get that many clients on a single AP (can you?). Most/all column 
widths are greatly oversized.

Another boy in our group has been paying with the current PI product to help 
with switch & wireless management. He has no bias against it based on past 
experience (since he had never seen it before). I don’t think he is very 
impressed since he never mentions it and I have never seen him playing with it.

I expect that at some time we will have to abandon the AMPs simply because the 
incorporation of new Cisco features seems to be getting further and further 
behind. However, historical reporting is excellent. Reporting can easily be 
scheduled on a periodic basis with data being kept (per a config option) for 
over a year. Ad hoc reporting is also extremely easy.

If HP would invest more in this product it could become really great for a 
Cisco shop. As it is now, it probably depends on the number of WLCs you use (it 
does also support the old standalone APs that are 

RE: Wi-Fi Configuration Management

[McClintic, Thomas]

Who is your hardware manufacturer? Airwave and Cisco Prime are the top tier 
platforms for such management, however come at a premium. 

What is your current network management software?

TJ McClintic
Network Architect

UTHealth | The University of Texas Health Science Center at Houston
Houston's Health University 

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Smith, Todd
Sent: Tuesday, October 25, 2016 3:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wi-Fi Configuration Management

As our AP count grows, it seems that I need a configuration management database 
to hold static channel plans and MAC addresses for different radios and other 
information that is useful in provisioning and maintaining AP.  In case I have 
to replace one then it would be nice to be able to add back the configuration 
for that location.  My controller configs have much of that but not all of the 
information I would like to have.  My network management platform can do some 
of this but it is lacking in some areas.

Is someone using something other than spreadsheets and Visio drawings?

Todd Smith
Charleston Area Medical Center

==

CONFIDENTIALITY NOTICE: The information contained in this message may be 
privileged and confidential. If this e-mail contains protected health 
information, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited, except as permitted by 
law. If you have received this communication in error, please notify the sender 
immediately by replying to this message and deleting it from your computer. 
Thank you.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=DQIFAg=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=VYDLJroFd8UxEgBrNclCnFIwcNZhz1UVxYmge3wgPg8=mjSyyptMffbDeEoSz62y9TiViULqW-W_fwXVBCl-oMI=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Internal bandwidth testing applications

[McClintic, Thomas]

Ruckus has a speedflex app that runs against a zapd process. I put it on a 
local server and a laptop so I can run speed tests to our server environment 
and wireless client to wireless client. I use the app on my android phone to 
run the actual tests.

https://code.google.com/archive/p/zapwireless/

https://www.ruckuswireless.com/products/mobile-apps

Great tool that removes LAN/WAN from the wireless equation on speeds. Makes you 
wonder why Ruckus has thought ahead to have a speedtest local to their system, 
maybe Aruba and Cisco could add something similar?


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Giovanni Trapasso
Sent: Friday, August 26, 2016 3:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Internal bandwidth testing applications

I stumbled on this application while looking to setup our own internal 
speedtest server for wireless clients.  Can be installed on an internal web 
server, 
https://github.com/enryIT/html5_speedtest.
  They have a working demo on the site.

The website is adaptive so when using it on laptops you get dials like 
OpenSpeedTest and on smaller screens you will get progress bars.  While 
evaluating I turned of the adaptive web feature to keep the website using the 
dials.

We use iperf as well for wired connections.  Have not found a HTML5 product 
that accurately measures 1 Gbps wired connections.

On Fri, Aug 26, 2016 at 1:45 PM, Chris Adams (IT) 
> wrote:
I’ve had great success using a linux host running iperf, and using an 
appropriate client app. There is jperf which has a graphical interface for 
windows, as well as clients available for android and apple IOS.

I prefer using jperf internally as it helps to separate a WAP or RF issue from 
internet congestion.

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 
867-2891

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Britton Anderson
Sent: Friday, August 26, 2016 3:41 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Internal bandwidth testing applications

My personal speed test server of choice is 
dslreports.com/speedtest.
 It's HTML5, supports mobile, and IPv6, and multiple streams.

We have an Ookla NetGauge server hosted here for the very purpose of internal 
performance testing. We've reached out to the guys at DSLreports.com and we may 
stand up one of their servers to replace NetGauge somewhere down the line. 
Obviously, both want them to be publicly available, though we've not had as 
much traffic to our Ookla server as we anticipated but that may be a bigger 
issue for folks in a more densely populated area.

--Britton


Britton Anderson |

 Senior Network Communications Specialist |

 University of 
Alaska
 |

 907.450.8250



On Fri, Aug 26, 2016 at 11:27 AM, Jim Florwick (jiflorwi) 
> wrote:
There’s this too…

http://www.tecmint.com/speedtest-mini-server-to-test-bandwidth-speed

Jim Florwick
Platform TME


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of Kevin Grover >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Friday, August 26, 2016 at 1:21 PM

To: 

RE: Wireless Mobility

[McClintic, Thomas]

I think Aruba pushed new technologies and features, Cisco has a way to improve 
them. In many ways I saw Cisco behind Aruba until the HPE change. Now, it seems 
as though Aruba is much slower to releasing things. Hopefully this changes in 
the coming year as the HPE merger should be completed. 

Don't take this as a mark against Aruba, I just notice less innovative 
leadership now. Aruba is a fine product, one which keeps Cisco in check and 
without them I think Cisco wouldn't have so much pressure to improve their 
wireless portfolio. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Monday, August 15, 2016 8:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Mobility



DBS & CleanAir sounds like Aruba's  AppRF, which is a newer version of their 
band-steering & ARM (Adaptive Radio Management). 

In 2008 when Aruba had this technology, Cisco was telling us that it was 
impossible to steer clients toward 5GHz because the client makes the decision.



Aruba depends on wireless for their existence. Wireless is just a small part of 
Cisco's networking portfolio. 





For years, we have been successfully using Aruba's DMO (Dynamic Multicast 
Optimization) to deliver multicast IPTV on wireless.



 IMHO Aruba has many leading-class technologies at a lower cost. I just thought 
I would mention another, ultimately less expensive option.

​

 

Bruce Osborne

Wireless Engineer

IT Network Oprations - Wireless

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971





-Original Message-

From: Jeffrey D. Sessler [mailto:j...@scrippscollege.edu] 

Sent: Thursday, August 11, 2016 11:01 AM

Subject: Re: Wireless Mobility



Really Bruce? LOL



Thank you for the advice, but I for one will stick with class-leading/unique 
technology innovations in the Cisco stuff, like DBS (dynamic bandwidth 
selection), CleanAir, and FRA  (Flexible Radio Assignment) just to name a few. 



Jeff





On 8/11/16, 4:39 AM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Osborne, Bruce W (Network Services)" 
 wrote:



Perhaps you should consider Aruba Networks / HP Enterprise.



They eliminated "burned-in" licenses on controllers but if you replace one 
of them, they will generate licenses for your replacement, at least in our 
experience.



We do not purchase support on most of our APs since they have a lifetime 
warranty anyway. For some unusual or mission-critical applications 
(point-to-point for instance) we purchase the hardware support to get quicker 
replacements. We *do* pay support the licenses (AP & other) on our controllers 
but central licensing helps us maximize the value of our licenses.

​

 

Bruce Osborne

Wireless Engineer

IT Network Oprations - Wireless

 

(434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971



-Original Message-

From: Matthew Newton [mailto:m...@leicester.ac.uk] 

Sent: Wednesday, August 10, 2016 5:28 AM

Subject: Re: Wireless Mobility



On Tue, Aug 09, 2016 at 08:46:28PM +, Jeffrey D. Sessler wrote:

> On limiting the 8510 to 3000 WAPs, and then adding another 8510 pair. 

> Since the 8500 series are subject to Cisco’s new and improved RTU 

> licensing, instead of adding another pair of 8510’s, purchase a pair 

> of 8540’s and move the 8510’s 3000 AP licenses to the new 8540 along 

> with the additional licenses.



Except that Cisco don't treat the 8510 and the 8540 as the same "family", 
so they won't let you move AP licences between them.

We've just been through this, and I raised the same question...

"they're 85xx, so we can just move our 8510 AP licences to the new

8540 hardware". Which Cisco confirmed that we couldn't. :(



Why they couldn't call it the 9540 (or even the 8640) to make that clear I 
have no idea, but then there are 7500/5520 controllers in the same families, so 
it's a right mess. I *think* I worked out that the Flex7500 and 8510 are in one 
family, and the 5520/8540/vWLC are in another, but I'm not entirely sure. It 
was certainly implied that we could move the licences to some different 
controllers, just not the 8540.




https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cisco.com_c_en_us_products_collateral_wireless_flex-2D7500-2Dseries-2Dwireless-2Dcontrollers_qa-5Fc67-2D713536.html=CwIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=lQcy19Y1J4fOC1ktHRzkIVUfryTpUVK1yebs_vkwKSY=oQ83Ckx-7uVptAofOTqioEEOoYGno4ZSSL3WzCUR3Bs=
 

seems to also imply you can't even move from e.g. a 5520 to a 8540, only 
between exactly the 

RE: [WIRELESS-LAN] Wireless Mobility

[McClintic, Thomas]

Here is my suggestion:

Create a separate mobility group for your satellite controller.
If you can separate the mobility groups for the 2 8540 pairs I would do that. 
However, if people can roam from one building to another and they are not in 
the same mobility group you will see client issues. You will also get rogue 
notices.

Really it comes down to the ability to separate geographically, if you can do 
that you are set. If not, then use the same group for the 2 8540s.

We use a lot of AP Groups and AP templates in Prime to help separate networks 
and provision. Deploying the templates can be done by building which really 
eases that process.

Hope this helps….

TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chris Wandell
Sent: Tuesday, August 9, 2016 12:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Mobility

We are in the process of setting up new wireless controllers at Binghamton 
University. We will be setting up 2 sets of 8540 ha paired controllers on our 
main campus and 1 set of 5520 ha paired controllers on a satellite campus. This 
will be the first time we have housed controllers at the satellite campus. 
Currently we have 3 sets of Wism2 controllers on campus and let access points 
associate to any of our controllers. All current controllers are in the same 
mobility group. What we would like to do to is break up ap's by building, with 
each ap in a building having a defined primary and secondary controller. My 
question is would we still need the mobility group for our controllers?

Any problems concerns you see by doing this?

Thanks in advance for any input

Chris
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna

[McClintic, Thomas]

Those sled mounts are great and the antenna you are looking at has very little 
wind resistance. I would suggest using fiber if able and take Sam’s points to 
heart as well. Proper sealing and grounding will keep your install working for 
years instead of months.

TJ McClintic


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Tuesday, August 9, 2016 8:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna

And of course you'll want to make sure you can support the weight of the AP 
along with it. Those outdoor units can be hefty. That is unless you're using 
extension cables to hang the AP inside with the antenna outside. In which case, 
proper sealing of all of your connectors, lightning arresting, power 
protection, etc are all good 'non mount' gotchas you're going to want to 
consider.
  -Sam

On Mon, Aug 8, 2016 at 7:06 PM, DAVID BEYERLE 
> wrote:
Ken,

First calculate the wind pressure from the antenna using something like  
http://www.wikihow.com/Calculate-Wind-Load.
  A wind load of ~25 lb for that antenna should be very conservative.  Then sum 
the reactions (torques) at the base of the roof mount...the antenna imparts an 
overturning moment of ~250 ft-lb at the mast base, and so you ballast the mount 
to compensate for this.  The base of the frame is ~3' square, so the center of 
mass of cinder blocks which you'll use for ballast will be ~1.3' from the base 
of the mast, suggesting 180 lb of ballast should be enough.  Many installations 
use considerably less ballast and get away with it.  I happen to not like my 
masts to move (much).

The "gotcha" you should be aware of this that your roof must be able to support 
a ~200 lb load over an area of ~6 sq ft.  Of course, if it supports you, it 
likely will support the loading of this assemblage as well.

Best,
Dave

David Beyerle, P.E.
Communications Engineer, IEEE WCP
Penn State University
117 University Support Bldg 2
University Park PA  16802
da...@psu.edu
814 863-9432


From: "Mattson, III, Ken V" 
>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Monday, August 8, 2016 6:30:21 PM
Subject: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna

Has anyone roof mounted an AIR-ANT2588P3M-N antenna? Do you have pictures of 
the installation that you could share?  How high did you mount it? How much 
weight did you put on the base? We plan on putting it as high at 8-10 ft. on 
something like this:
http://www.cableandwireshop.com/non-penetrating-roof-mount-with-166-x-120-mast.html

Any gotchas we should be aware of?

Thanks for any assistance,

Kenneth V. Mattson III
Director - Network and Data
DoIT
Creighton University
402-280-2743
402-981-1140

A password is like a toothbrush:
Choose a good one, change it regularly and don't share it.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**

RE: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

[McClintic, Thomas]

We are using WiSM2’s but here are our issues so far with 8.0.120

-HA SSO Failovers caused by unknown process crash (no crash file)
-Engineering release installed which caused HA failures (both controllers) due 
to mDNS process watchdog crash
-DHCP issues for idle timed out clients performing l3 roam (session timeout not 
expired)

We have workarounds plus engineer release in place for the above items and are 
stable at the moment. We continue to work with TAC to remove the workarounds.

8.0 has not been friendly to us, however I hear praises from others about it.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, July 06, 2016 7:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

This far after the fact, I’d have to comb through a few thousand emails…

Lee Badman | Network Architect (CWDP, CWNA, CWSP, Mobility+)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Tuesday, July 05, 2016 8:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

Hi Lee,

Do you happen to have a bug ID?

We're targeting 8.2+ for our 8.0 migration after the 1130 series APs are 
replaced.  We're currently testing on 8.2 MR for hyperlocation.
--
TRISTAN GULYAS
Senior Network Engineer

Infrastructure Services, eSolutions
Monash University
738 Blackburn Road
Clayton 3168
Australia

E: tristan.gul...@monash.edu
monash.edu

On 1 Sep 2015, at 1:33 AM, Lee H Badman 
> wrote:

I am hearing an ugly not-public issue with .120.

From a colleague:

1.  Running 8.1.111.0
2.  I’ve noticed that when the APs reboot, sometimes APs won’t join the 
controller.
3.   The command “sh cdp n detail” shows all normal and the APs are getting 
the correct IP address;
4.   However, the output of “sh interface ” only shows 
one-way-traffic:  From the switch to the AP and nothing coming back from the AP;
5.   AP refuses to join the controller;
6.   If I console into the AP I will see a lot of newly-generated crash 
logs pointing to the corruption of the radio drivers.  I do NOT understand how 
the corruption of radio drivers preventing the AP from joining the controller.
7.   The AP did NOT boot into ROMmon;
8.   If I delete the IOS and force the AP to boot the recovery image, the 
AP will join properly.

TAC told him this is a known bug that WAS NOT fixed on .120, but would be on 
the next MR release around November. You may want to hold out for that one.

-Lee



Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cosgrove, John
Sent: Monday, August 31, 2015 11:22 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 8.0.120.0 (MR2) on 8510- good, bad?

I am about to cut over to 8.0.120.0 on WiSM2 modules.  Abt 1500 AP’s so if 
anyone has any concerns or issues.  Not date planned and just doing pre-testing 
at this point but want to do this in the next 2 months.

Thx

John Cosgrove
Wireless Network Staff Specialist

Penn State Hershey Medical Center and Health System
Penn State College of Medicine
140 Sipe Ave
Hershey, PA 17033
Phone:   717-531-6131
EMail:jcosgr...@hmc.psu.edu
Web: 

RE: [WIRELESS-LAN] 802.11b data rates disabled?

[McClintic, Thomas]

Your mention of QAM peaks my interest. Have you disabled lower MCS index rates? 
I’ve often wondered if we disabled 18 and below but leave MCS 0-2 enabled, can 
clients use that lower rate on HT and VHT? This is included in both beacons and 
probe responses.

To the original topic, we have b disabled for at least 2 years. No issues or 
concerns. In fact, we only see about 5% of users on a/g. n is very prevalent 
now.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Mooney
Sent: Monday, June 20, 2016 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?

We've had b disabled for several years, and when we did a complete wireless 
replacement last year dropped rates below 24Mbps to get everything up to QAM. 
The only definite complaints I know about are the Wii users everyone else has 
mentioned. Eliminating the rates would have effectively shrunk cell size 
(indirectly the point - force a roam), but given the entire system was replaced 
as well we've just been addressing them as coverage issues (which we also knew 
existed before the swap) so can't quantify that impact.

On Mon, Jun 20, 2016 at 10:49 AM, Todd M. Hall 
> wrote:
Do you have all of the 802.11b data rates disabled?  If so, how long have they 
been disabled?  Did you have many complaints when you disabled them?  Were 
there any particular devices that could not connect as a result?

I'm hoping this information will help us move towards disabling these old 
rates. Thank you for your feedback.

--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
http://www.educause.edu/groups/.



--
Jeremy Mooney
ITS - Bethel University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba Controller code recommendations

[McClintic, Thomas]

Bruce,

I was hoping others would reply to get some feedback. Currently running 
6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the same 
version unless we run into an issue that needs addressing?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
Sent: Monday, June 13, 2016 12:52 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Controller code recommendations

We are looking to upgrade our Aruba 7210 controllers which are currently 
running software version 6.4.2.4.  Looking at the versions currently available 
on the web site I see the latest GA version is 6.4.3.9 and the latest ED 
version is 6.4.4.8.  I was looking to see what others are running and what 
their recommendation would be.  We are currently running AP models, 134, 135 
and 93H.

Thank you
Bruce Entwistle
Network Manager
University of Redlands

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Beacon Intervals

[McClintic, Thomas]

This is a great article and contains very good information.

However, I follow the same belief as Jeff. This is mostly from a growth and 
future perspective of 802.11ac, etc. In order to take as much advantage as 
possible of ac (256 QAM an MU-MIMO); an AP per classroom looks more like a 
requirement.

Turning off 2.4 every other room and ensuring your power levels/data rates help 
promote a healthy environment and needs to be considered.

From a cost perspective, if I can provide a consistent high throughput to each 
classroom; I can remove port and cabling requirements which actually help lower 
my overall cost to provide connectivity to them.

Good discussion and no simple answer or cookie cutter solution seems to be 
available.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements
Sent: Friday, May 27, 2016 9:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Sure, but there is a great writeup on that exact topic that does a good job in 
my stead:
http://www.wlanpros.com/wp-content/uploads/2014/04/Why-One-AP-Per-Classroom-Approach-is-Wrong-.v3.pdf

In short, that may be a design you end up with, but assuming it's correct to 
begin with is a premise that should not be used. Proper WiFi design (including 
disabling radios or converting them to 5GHz radios if you have hardware that 
can do that) is of paramount importance in any environment that believes their 
network is of any measurable importance. Remember that disabling lower data 
rates & changing beacon intervals can *mitigate* poor design - but there is 
always a trade off (client compatibility being chiefest). I don't necessarily 
disagree that in some environments, one AP per classroom is what you would net, 
but I've seen far too many environments where they over bought and a 1.5 
classroom per AP (or some other measure) would have supported the load just 
fine. I hate to see people waste money when it could have gone to some other 
area of technology to further the end goal - education.
  -Sam

On Fri, May 27, 2016 at 9:18 AM, Jeffrey D. Sessler 
> wrote:
Sam, would you please explain your position on one AP per classroom being a 
mis-design? Do you have data on this you could share?

In my environment, I’ve found that in order to properly deploy 5 Ghz and .11ac, 
it’s pretty much inevitable that we’ll get to one AP per room, especially if 
one desires consistent and universal coverage. Data from existing spaces 
clearly show gaps in 5GHz coverage when using an every-other room scheme.

Now if you are talking about 2.4 GHz I may agree with you, but even there, with 
removal of lower data rates, and a low-power microcell design, the data 
suggests it’s working very well.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
> 
on behalf of Samuel Clements >
Reply-To: 
"wireless-lan@listserv.educause.edu" 
>
Date: Thursday, May 26, 2016 at 6:38 PM
To: 
"wireless-lan@listserv.educause.edu" 
>
Subject: Re: [WIRELESS-LAN] Beacon Intervals

Remember folks, there is such a thing as too much RF and in the edu space, this 
occurs quite commonly due to the One AP per Classroom mis-design advice that 
was making the rounds some time ago...
  -Sam
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this 

RE: [WIRELESS-LAN] Nyansa Voyance - thoughts?

[McClintic, Thomas]

Ryan,

Thank you for bringing this into the discussion. The cost turned us away from 
it quickly. Adding a yearly line item in the budget, knowing that it will grow 
is not easy to justify.

I hope they review the pricing model. I too am interested in any information 
early adopters will share about actual pricing.

TJ McClintic
Network Architect

UTHealth | The University of Texas Health Science Center at Houston
Houston's Health University

Communications Technology | Network Operations
7000 Fannin | Suite M60 | Houston, TX  77030
713.486.9269 netops | 713.486.2271 office



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, May 25, 2016 8:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?

I'm curious for those early adopters, how they were on cost.  Right now, 
according to what they have told me, their pricing for education for 2,500 
access points is 75,000 PER YEAR.  Now, we are going to be at 10,000 access 
points.   You can do the math.  They have indicated a willingness to talk about 
price, but I'm finding it hard to believe most shops are going to be 
accommodating to that pricing level.  Please feel free to contact me off list 
if you wish to share anything about your pricing.


Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at Chapel Hill

r...@unc.edu
+1 919 445 0113 Office
+1 919 274 7926 Mobile





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Rogers
Sent: Wednesday, May 25, 2016 9:17 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Nyansa Voyance - thoughts?


We also have an 'early adoption' installation at USF.  We've found the client 
performance data the system provides and the alerts it generates to be helpful 
and accurate.  For example, we had a fairly large dDoS attack hit our network a 
couple months ago and the Nyansa system clearly spotted the impact this had on 
client experience.  The baseline comparisons are useful in identifying areas 
needing the most attention and the product's ability to monitor and report on 
critical services like DHCP, DNS and RADIUS helps identify issues which may be 
affecting large numbers of clients.  The Nyansa team has been very responsive 
and receptive to suggestions for product improvements.

Joe Rogers
Associate Director, Network Engineering

University of South Florida - Information Technology
4202 E. Fowler Avenue, SVC4010, Tampa, FL, 33620
j...@usf.edu | Tel: (813) 974-7369
http://secure-web.cisco.com/1OyTLdMH4D3_xwJnDfbPk1lQM8oX_QD92Do220QltH1CemyE-9m9moVq3qyqH1d7d0rkbx3pY4BTrpPFnre5DTmzQN0LsJXcFlY6ae3H8T0zYG8bLtw8gsvinNJAsDP1blsAMdQ4xPPXJOylWNIH8dB3D-slzowbZZSdO3OUhB0f-DxJWxXyyUPPyIM2P3bx_MXANbWRicD-jj_m-zzKYk34rhr0d7eYUgt1Fxx_VkPZsdbhVRVTtBiX45cLxbhvU/http%3A%2F%2Fwww.usf.edu%2Fit
 | Facebook: /USF Information Technology | Twitter: @ USF_IT
On 05/24/2016 01:01 PM, Turner, Ryan H wrote:
All:

I was recently approached by a vendor offering a wireless analysis software 
that combines the processing of AMON in conjunction with deep packet inspection 
(through collectors that are looking at all the traffic coming off of your 
controllers via SPAN or Taps).  I was impressed with what I saw.  The company 
has apparently been in stealth mode until about 5 weeks ago, so most on this 
list would not have heard of them.

They offer up Brandeis University as one of their early adopters.  Has anyone 
else had a chance to look into this yet?  The website isn't going to give you a 
lot.  If you go to Youtube, you'll find some round table demos that should give 
you an idea of the capabilities.

We have a few concerns...  High cost and the cloud based nature of the service 
(no way to house on prem at the time).  If you've looked at this and had time 
to formulate some thoughts, I would appreciate it.

Ryan Turner
Manager of Network Operations
ITS Communication Technologies
The University of North Carolina at Chapel Hill

r...@unc.edu
+1 919 445 0113 Office
+1 919 274 7926 Mobile

** Participation and subscription information for this EDUCAUSE 
Constituent Group 

RE: [WIRELESS-LAN] Network laptop apps/"tool"

[McClintic, Thomas]

The AirCheck is a great tool. Lots of information quick and easy. Yes, you can 
get the same info through applications, but the ease is nice.

Stay away from apple products for utilizing wireless tools. You will end up 
starting a windows VM to run most of the apps, I’m sure more Apple supporters 
can chime in. I just feel more comfortable using the native OS that my 
applications support.

As others have mentioned there are several applications you can use. Usually as 
you get more features and ‘automated’ troubleshooting the price starts to 
climb. Airmagnet sells higher end solutions, MetaGeek is more affordable. I am 
lucky enough to have used both product lines. Each has its own advantages, but 
in the end I prefer chanalyzer over spectrum XT. However, I like Airmagnet’s 
WiFi Analyzer Pro over inSSIDer.

For captures I like Savvius Omnipeek (formerly wildpackets), it uses capture 
cards to aggregate multiple channels into a single capture. This is VERY 
helpful when troubleshooting roaming issues, you won’t miss a packet due to 
channel scan intervals. There may be others, but this has been my staple.

In regards to design tools, you have Cisco Prime (for predictive), AirMagnet 
Survey Pro, and Ekahau. Both of these tools have a hefty price tag, but having 
a map of your coverage is a very nice piece of information to have. This is 
especially true when environments change and you have a reference point to 
utilize.

This coming year we will be using a surface pro to run our tools. Some people 
have complaints about battery life, so we expect to carry recharge packs with 
us. This is a huge leap in portability for us coming off hefty Toughbooks that 
have made me a great left arm-wrestler.

Hope this helps, have a nice weekend.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Alan D Wang
Sent: Friday, April 15, 2016 2:02 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Network laptop apps/"tool"

I would recommend you look at metageek's product line for this.  Depending on 
how in depth you want to go, you can either get inSSIDer pretty cheap or spend 
a about 1000 and get a Wi-Spy dbx and Chanalyzer 5 to actually look at RF 
utilization.

On Fri, Apr 15, 2016 at 2:56 PM, Allen Matthews 
> wrote:
I am looking for a laptop and software that would help me to troubleshooting 
wireless.  I am curious about what you use to troubleshoot wireless.
iMACWindows  Linux or Vendor tools.
I am interest in both basic software and/or vendor tools.   The basic software 
would be for student tech.
--
Allen Matthews
Network Engineer
Gallaudet Technology Services
Merrill Learning Center 2112
800 Florida Ave NE
Washington, DC 20002
allen.matth...@gallaudet.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--

Alan Wang
Network Analyst | TH105
Binghamton University
aw...@binghamton.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[McClintic, Thomas]

What happens when users choose the 2.4 enabled SSID even though they support 
5ghz? They may select it based off signal strength indicators on their client, 
even though they will get a lower data rate.

I agree to turning off 2.4 on a network that you control all devices for; like 
enterprise solutions, but for 'public' solutions I don't find it advantageous. 

Tune your RF to coax clients to 5ghz and test some of the features vendors 
have. They developed them for a reason and usually work fine. I just don't like 
major decisions on my infrastructure being made based on a very small number of 
'legacy' clients.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Friday, April 15, 2016 7:04 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

Well, you can convince me otherwise, but I don't think that is true.  As stated 
previously, we already see plenty of devices that are 5 gig capable connecting 
to 2.4.  Regardless of how long they spend there, they are still on the 2.4 for 
some period.  Running a 5 gig only SSID eliminates that.  So you eliminate some 
of the guess work of troubleshooting a client, and then you know when they 
connected, they were always at 5.  Seems like a win to me.  



And obviously there is no sharing of the radio.   



And also, let's face it.  The other SSID isn't a junk SSID in the nature that 
it would resemble the exact same SSID that you run now.  There is no additional 
overhead here, as we already run eduroam and a PSK network.  





Ryan Turner

Senior Network Engineer, ITS

The University of North Carolina at Chapel Hill

+1 919 274 7926 Mobile

+1 919 445 0113 Office



> On Apr 15, 2016, at 7:48 AM, Osborne, Bruce W (Network Services) 
>  wrote:

> 

> That is not really a solution if the "junk" SSID uses the same radios as the 
> "premiere" SSID. The radio needs to beacon at the lower rates.

> 

> Running separate "junk" APs really adds to the cost.

> 

> ​

>  

> Bruce Osborne

> Wireless Engineer

> IT Network Services - Wireless

>  

> (434) 592-4229

>  

> LIBERTY UNIVERSITY

> Training Champions for Christ since 1971

> 

> -Original Message-

> From: Turner, Ryan H [mailto:rhtur...@email.unc.edu] 

> Sent: Thursday, April 14, 2016 7:44 AM

> Subject: Re: Turning off 2.4 on a select SSID?

> 

> Well, as I pointed out from the very beginning, running a premiere SSID that 
> guarantees junk devices can't connect to better ensure some performance while 
> having a backup SSID for all the rest is a solution.   It is no different 
> than running a 802.1x SSID.  A lot of devices won't support that.  But in our 
> case, they fall back to a PSK SSID.   You still preserve connectivity, but 
> aren't connecting by the smallest common denominator.  

> 

> Ryan Turner

> Senior Network Engineer, ITS

> The University of North Carolina at Chapel Hill

> +1 919 274 7926 Mobile

> +1 919 445 0113 Office

> 

>> On Apr 14, 2016, at 7:39 AM, Osborne, Bruce W (Network Services) 
>>  wrote:

>> 

>> What about 11g or 11n devices that require the lower data rates in order to 
>> connect?

>> 

>> ​

>> 

>> Bruce Osborne

>> Wireless Engineer

>> IT Network Services - Wireless

>> 

>> (434) 592-4229

>> 

>> LIBERTY UNIVERSITY

>> Training Champions for Christ since 1971

>> 

>> 

>> -Original Message-

>> From: Trinklein, Jason R [mailto:trinkle...@cofc.edu]

>> Sent: Wednesday, April 13, 2016 9:32 AM

>> Subject: Re: Turning off 2.4 on a select SSID?

>> 

>> We presently do not permit 802.11a/b devices on our wireless network, but we 
>> do allow 802.11g. Luckily, there are only a few dozen 802.11g devices 
>> connected at any given time, the rest are 802.11n/ac. The performance hit 
>> for supporting g appears to be minimal in our environment.

>> 

>> We’ve been facing issues with special requests on our campus for supporting 
>> bizarre end devices. The most recent request was to support a wifi doorbell, 
>> which uses PSK and 2.4GHz only. Worse, it was easily stolen and cracked, 
>> giving up in cleartext the key.

>> 

>> Refusing to support these devices causes new problems, however. Some of 
>> these locations instead set up their own access points to serve these 
>> special devices, which causes channel interference with our official access 
>> points. To set up such devices is against policy, but it causes some angst 
>> against IT when we enforce it in these circumstances. How many exceptions do 
>> you make for special scenarios? How often do you prop up custom 
>> location-specific SSIDs to support unique requests?

>> --

>> Jason Trinklein

>> 

>> Wireless Engineering Manager

>> College of Charleston

>> 81 St. Philip Street | Office 311D | Charleston, SC 29403 

>> trinkle...@cofc.edu | (843) 300–8009

>> 

>> 

>> 

RE: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new flexible radio assignment?

[McClintic, Thomas]

My understanding is that the two 5ghz radios will have required channel 
separation to prevent NCI. Time will tell of course…

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Atkins
Sent: Tuesday, March 22, 2016 2:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new 
flexible radio assignment?

I’m looking forward to the 2800/3800 AP features as we deploy new 
infrastructure and high density WiFi.  I hopeful the external antenna model can 
help reduce the # of APs/licenses needed in very high density locations.  The 
auto channel width could be nice if it works okay in our environment.  Only 
time and testing will tell…..   Not sure if multi-gig will be a factor in the 
coming year but we are certainly looking at it for the new Cisco and new Aruba 
APs.  Our Aruba folks indicate two 5.2 GHz radios in the same antenna location 
will not work efficiently…. So we’re hoping there is some software magic to 
overcome physics.  Needless to say I’m trying to keep my expectations low in 
order to be pleasantly surprised.

There are a couple “No Strings Attached Show” podcasts discussing 2800/3800 and 
flexible radio assignment.  (sponsored podcast)  There is also a “Cisco 
Champion Radio” podcast discussing 2800/3800 features.

PS.  We are looking at 1810w for dorm deployment.  It’s wave2 AC but still does 
not do clean air if you need that.



Mike Atkins
Network Engineer
Office of Information Technology
University of Notre Dame

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Daniel Brisson
Sent: Tuesday, March 22, 2016 2:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new 
flexible radio assignment?

Yes, the flexible radio design is definitely interesting.  I’m interested to 
see how it plays out in terms of shuffling clients between APs based on what 
radio is available.

I wanted to ask…have you considered the 702W for your res halls?  It really 
seems to be the way to go in terms of creating small cells for the myriad 
devices that existing in that setting.  We have a new dorm going up as well and 
with our experience with the 3502i’s, which grants has not been bad, but I 
really see the benefit of going with the 702w style.

-dan



Dan Brisson
Network Engineer
University of Vermont

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, March 22, 2016 2:27 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] New Cisco 2800/3800 Wave 2 WAPs - thoughts on new 
flexible radio assignment?

For the Cisco shops:

I recently had a briefing on the new Cisco 2800/3800 Wave 2 WAPs coming in May, 
and I’m pretty excited for the new flexible radio design. For those that have 
not read up on it, in the new models one of the two radios can dynamically move 
(self optimize) between 2.4 and 5 GHz depending on need (coverage/performance) 
or function (Serve clients, security monitoring, service assurance aka be a 
client, or enhanced location).

Seems like Cisco is addressing one of my long standing concerns/wishes, that 
when designing dense deployments, that the number of 2.4 GHz radios become 
overkill and wasted. The new model provides for much better 5 GHz coverage 
(lots of WAPs running 5GHz x 2) with just enough running 2.4 GHz to handle 
legacy needs. It’s going to make my life much easier when designing for our 
residential halls.

Any of the other Cisco shops excited for the new flexible radio feature? 
Thoughts? I have a new residence hall coming online in August so the timing is 
great.

Jeff


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] tablet for site survey work

[McClintic, Thomas]

To elaborate on my surface with a mouse... I use the stylus to click for 
surveying and the mouse to operate the menus when saving and verifying.

Does anyone with a Surface have recommendations for battery life? The yoga 
gives me much more time surveying before having to charge.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Wednesday, February 17, 2016 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] tablet for site survey work

I just received a Surface Pro 4 that seems to be very good.









-jcw



John WattersThe University of Alabama

Office of Information Technology

205-348-3992

 





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty

Sent: Wednesday, February 17, 2016 10:44 AM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: [WIRELESS-LAN] tablet for site survey work



Anyone have an recommendations for a tablet for site survey work?



-- 

Steve Fletty

Network Design Engineer

Office of Information Technology

University of Minnesota

2218 University Ave SE

Minneapolis, MN 55414-3029

Phone: 612-625-1048



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4PZNStcpGLYWyhMwLhxwJ8mUXRGpnEbfAqrJIkUP5WE=1K6rNtmHOhXunuJXgj4PSTUJkvTtqRq_xsBOFGNjUpk=
 .



**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIGaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=4PZNStcpGLYWyhMwLhxwJ8mUXRGpnEbfAqrJIkUP5WE=1K6rNtmHOhXunuJXgj4PSTUJkvTtqRq_xsBOFGNjUpk=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] tablet for site survey work

[McClintic, Thomas]

I have used tough books, yoga and surface pro 3.

Of all of these, the surface pro 3 was my favorite. Be sure to have a mouse 
because Survey Pro just feels better in my opinion with it. 

I'm interested to hear other opinions.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Fletty
Sent: Wednesday, February 17, 2016 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] tablet for site survey work

Anyone have an recommendations for a tablet for site survey work?

-- 
Steve Fletty
Network Design Engineer
Office of Information Technology
University of Minnesota
2218 University Ave SE
Minneapolis, MN 55414-3029
Phone: 612-625-1048

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQICaQ=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=1hrvf_xWNG-pl8lrSWJq_nMkerr3qxcWt0vhwCI_YSk=w-7FJCHLpbTQTl8IrHRu9Z5pCiFL3cEiszCMIZBTvc0=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco WLC CPU ACL

[McClintic, Thomas]

My understanding is that the CAPWAP traffic is not controlled by the CPU ACL.


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Felix Windt
Sent: Tuesday, December 15, 2015 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC CPU ACL

We are running CPU ACLs both on IPv4 and IPv6. The obvious thing is that you 
want to make sure to account for all your CAPWAP sources and all your 
management stations. If you use Prime Infrastructure to manage your WLCs, 
definitely don't forget accounting for that.

Also for Prime: its ACL builder is horrible, so we kept it intentionally simple 
with the least number of ACEs (often permitting all IP traffic instead of 
branching out to protocols, for example on the dedicated networks for APs 
sourcing CAPWAP tunnels). The worst gotcha is that ACLs are submitted line by 
line, which at one point locked out Prime itself since it created something 
that didn't account for itself. The work around is to always first disable CPU 
ACLs entirely, then to submit the new ACL, double check that it's applied 
correctly, and to only then re-enable it for enforcement.

Otherwise we've had no issues whatsoever.

Hope that helps,

felix

Dartmouth


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Dennis Xu 
Sent: Tuesday, December 15, 2015 12:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco WLC CPU ACL

Has anyone implemented CPU ACL on Cisco WLCs and any lessons learned?

I would like to apply CPU ACLs to protect WLC dynamic interfaces and hope it 
will not break anything. :)

Thanks!

---
Dennis Xu, MASc, CCIE #13056
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIFAw=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=lLzJN8EUNYD1OEPjeKEOjfK88oz2vOYVI9qjZXbcvZs=WtInRNasNnDuX0hR7DYMPvIt1bWxEuvD0IZexsfsg38=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=BQIFAw=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4=lLzJN8EUNYD1OEPjeKEOjfK88oz2vOYVI9qjZXbcvZs=WtInRNasNnDuX0hR7DYMPvIt1bWxEuvD0IZexsfsg38=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco LWAP Advice

[McClintic, Thomas]

To future proof your deployment it may be best to upgrade your WLC to a 5520. I 
suggest deploying the x700 series LWAP to support 802.11ac as we have seen a 
large increase in clients supporting it. Here is a comparison chart for the 
various ac enabled LWAPs.
http://www.cisco.com/c/en/us/products/wireless/buyers-guide.html#~indoorac

Cisco has nice bundling options so we have opted to use the 3702 after taking 
advantage of the bundling discounts. We use the 2702 in smaller office bundles 
as well, but large buildings with higher density we choose the latter.

Hope this helps!

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jake Snyder
Sent: Wednesday, December 09, 2015 9:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco LWAP Advice

So the only AP still sold new that is supported on a 4404 is the 3502i.

Not much in the way for options on that old platform, but that is what you can 
still buy.  Might be time to look at upgrading that old girl.
Thanks
Jake Snyder
jsny...@compunet.biz
208-286-3015

Sent from my iPhone

On Dec 9, 2015, at 4:56 PM, Andrew Conley 
> wrote:

Hi all,



I'm new to the EduCause community (even though I'm a HS District IT Director 
and Educause is for Higher-Ed..). We're a 135,000 student and 6,000 staff 
district (very large). I am doing a AP deploy for a new high school building (I 
have a Cisco WLC4402-100-K9 installed in the building already) with 
approximately 500 clients connected and wanted to know what Cisco LWAPs 
everyone was using or would recommend for this deploy.



Thanks in advance for your assistance!



Andrew Conley

Director of Information Technology

San Diego Unified High School District

E: andrew.con...@sduhsd.org

W: 760.363.5008 x 1009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] [Ext] Re: [WIRELESS-LAN] Sticky Clients and Probe Suppression

[McClintic, Thomas]

I believe in allowing the client to make the decision. Even with limiting the 
suppressed probe responses or deauthing; there can be times when a client could 
experience issues.

We allow 12, mandatory 18. Limit the transmit power on both radios. The issue I 
see with many sticky clients are that they look at RSSI and not retry, by 
lowering the power of your radio you are coaxing them with their natural 
mechanism.

I would be interested in how your testing is going and the procedures you are 
using. Since I see behaviors change so often between devices and drivers I have 
a hard time trusting the testing I do with what gear I have.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Glassford
Sent: Friday, November 20, 2015 1:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [Ext] Re: [WIRELESS-LAN] Sticky Clients and Probe 
Suppression

Hi,

Jeremy, we have not used probe suppression but Chris thanks for the opening on, 
disabling lower data rates.

This Cisco best practice, last updated Jan 2015, page 18 shows 2.5GHz disabled 
up to 12Mbps and 5GHz disabled up to 24Mbps


Curious if any have taken this many lower speeds off line?

We have disabled 1, 2, 5.5, and 11 on 2.5GHz.
Just started toying a little disabling 6 and 9 on 2.5 and 5GHz.

thanks!
jim

On 11/20/2015 2:07 PM, Chris Adams (IT) wrote:
We have typically achieved this by disabling lower data rates available per 
SSID.


Thanks,

Chris Adams

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeremy Gibbs
Sent: Friday, November 20, 2015 2:05 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Sticky Clients and Probe Suppression

Has anyone ever used probe suppression and force dissociation of clients at a 
particular RSS value?  This feature was just introduced and we have a lot of 
"sticky" clients that don't like to roam even though there are more desirable 
AP's in the area.

I have enabled it on a handful of AP's for testing, but would like to hear what 
others have experienced.

Thanks

--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Desktop projection to classroom display

[McClintic, Thomas]

We have been piloting Mersive Solstice, it seems to be accomplishing what is 
needed so far.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matt O'Brien
Sent: Tuesday, October 27, 2015 8:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Desktop projection to classroom display

We have worked with multiple groups on campus to try and meet their needs with 
various screen sharing solutions over the years. Over time our Learning 
Technology group shifted focus and start looking for  a solution that could 
meet the majority of users requirements/wants without reinventing 
infrastructure. Last time we met them they were working on vetting a screen 
sharing solution from Zoom 
https://zoom.us/
 . So far they seem happy and have asked for no Infrastructure changes. They 
are still using it in select test case classrooms for now.
Matt,

On Tue, Oct 27, 2015 at 6:49 AM, Ashfield, Matt (NBCC) 
> wrote:
Good Morning

Like I’m sure most of you have experienced, we are dealing with technology like 
AppleTVs and Chromecasts showing up in our classrooms and being asked to “make 
it work”. Obviously we run into the roadblocks of those devices not fitting 
into our network well, or working with certain OS’s, not to mention security 
implications.

We’d like to try and standardize on a technology so we can manage it (ha!). I’m 
just wondering if anyone has solved this one yet?  We’ve looked briefly at 
AirParrot but wondering if anyone else has had any luck in this area.

Any info/advice is appreciated.

Thanks,

Matt
NBCC

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
Matt O'Brien
Associate Director, Network and Security
Boise State University
1910 University Drive, Boise, ID, 83725-1249
Phone: (208) 426 4068
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

[McClintic, Thomas]

Like Dan, we've seen this from DFS events.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, September 10, 2015 11:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Wireless AP's Radio Down

Is it only 11a radios?  Are you getting DFS events?  If so, I'm dealing with 
this right now with TAC.  Check your AP log for a DFS message.

-dan




Dan Brisson

Network Engineer

University of Vermont
On 9/10/15 12:32 PM, Gregg Heimer wrote:
Anyone with Cisco APs and Cisco Prime get these odd alerts from PI that state 
the radio is administratively up but operationally down with a reason of 
unknown?  I have been getting a slew of these lately.  We have introduced quite 
a few 1702's into our environment and I am wondering if there is some issue 
with recalculation, or something that triggers a radio reset to resolve a 
different issue?  Below is the alert notification.  Cisco forums haven't been 
much help, so I figured I'd take a shot at the group.  Thanks!



Virtual Domain: ROOT-DOMAIN



PI has detected a change in one or more alarms of category AP and severity 
Critical in Virtual Domain ROOT-DOMAIN.

The new severity of the following items is Clear:



1. Alarm Condition:Radio administratively up and operationally down

Message: '802.11a/n/ac' interface of AP 'AP01-' associated to controller 
'XX (172.X.X.X)' is down. Reason: Unknown - Device Name: 'X Failure 
Source: AP AP01-, Interface 802.11a/n/ac





___
Gregg Heimer
Sr. Network Engineer
Montgomery County Community College
340 Dekalb Pike
Blue Bell, PA 19422
ghei...@mc3.edu
215.641.6442




Montgomery County Community College is proud to be designated as an Achieving 
the Dream Leader College for its commitment to student access and success.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco AVC reporting in PI 2.2

[McClintic, Thomas]

I don't recall any extra steps when adding it to our 2.2 server. The document 
you have linked for the 5500 configuration is what I did. I had changed IPs 
though, so I had to tear it down to build it back up.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 01, 2015 3:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco AVC reporting in PI 2.2

As I just shared with our SE...

After going to PI 2.2, we lost the ability to see AVC information in PI. It was 
easy to setup in 1.4 after getting the assurance licenses we needed using this: 
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115756-avc-guide-00.html

And then there is this for PI 3 
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/solution_overview_c22-728972.html#_Toc428598044

But I can find nothing on 2.2 and the PI interface maps to neither the old or 
new. Any idea where I can find guidance on application reporting setup in 2.2 
PI? I had no idea this was gone until I needed it, and I'm finding nothing 
after hours of searching.



Anyone else been down this road? I have it set fine on the WLCs, just PI is 
typically confounding.

(yes I know 3.0 is out)

Thanks-

Lee

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree Portfast Out-of-Box

[McClintic, Thomas]

Lee,

I had this happen back in February with 2702’s like Oliver.

Here is the bug I was sent from the case I opened. CSCur86600

Looks like it’s something in the 8.0 recovery code.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, August 11, 2015 7:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree 
Portfast Out-of-Box

Thanks, Oliver- so this is known… good to know. So far I’m not finding a 
specific bug ID doing searches. Would you have any link, by chance?

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver Elliott
Sent: Tuesday, August 11, 2015 8:27 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree 
Portfast Out-of-Box

We had this behaviour on a batch of 2702s, the firmware that was preloaded had 
this bug that went away once the associated and upgraded. It's a right pita 
changing the port config to get them to connect, then reverting it later, but 
not as bad as the other firmware bug causing APs to use the wrong MAC address 
until they upgraded.

On 11 August 2015 at 13:21, Lee H Badman 
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
Wondering if anyone has seen similar with Cisco APs: On switchports that have 
been fine for other Cisco APs, a run of new 3702s are going into error disable. 
If you turn on the ability to see why in the switch, the APs – only when new 
out of box—are sending BPDUs to ports that have Spanning-Tree Portfast on as a 
rule.

If you remove portfast, the new 3702s go off to the WLC just fine, get updated 
for code, and then work as expected. You can restore spanning-tree portfast, 
reboot the APs (that are no longer “out of box”) and they behave fine on the 
portfast-enabled ports.

I’ve not seen this behavior with any other Cisco AP, and I don’t think it 
happened with our earliest 3700s, either.

Does this oddity ring familiar with anyone?

Thanks-

Lee

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edumailto:lhbad...@syr.edu w 
its.syr.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__its.syr.edud=BQMGaQc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=5FfOkhz4Ci3Yds7zBO-vHJr1IMgdwlaZEkbYXk-woHMs=psMUPIJCsxraMT0QN2WnhMyMSOJspzbrukVhyCVaVWQe=
SYRACUSE UNIVERSITY
syr.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__syr.edud=BQMGaQc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=5FfOkhz4Ci3Yds7zBO-vHJr1IMgdwlaZEkbYXk-woHMs=0z4cYpXm2pow9TjQE6kmF1X3tvdIzx4ng3v4N4dnooke=



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=BQMGaQc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=5FfOkhz4Ci3Yds7zBO-vHJr1IMgdwlaZEkbYXk-woHMs=jcu7NQBtIqDXvlv3WhyCF4OcW0IfkPZSPDIQ4qJtRbMe=.



--
Oliver Elliott
Senior Network Specialist
IT Services
University of Bristol
e: oliver.elli...@bristol.ac.ukmailto:oliver.elli...@bristol.ac.uk
t: 0117 39 (41131)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=BQMGaQc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=5FfOkhz4Ci3Yds7zBO-vHJr1IMgdwlaZEkbYXk-woHMs=jcu7NQBtIqDXvlv3WhyCF4OcW0IfkPZSPDIQ4qJtRbMe=.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=BQMGaQc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=5FfOkhz4Ci3Yds7zBO-vHJr1IMgdwlaZEkbYXk-woHMs=jcu7NQBtIqDXvlv3WhyCF4OcW0IfkPZSPDIQ4qJtRbMe=.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Rogue Devices

[McClintic, Thomas]

Which wireless system are you using?
What type of rogue devices are you most interested in? (rogue on a wire, 
neighboring device, etc.)
Do you need to also locate these rogue devices?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bibin George
Sent: Thursday, May 14, 2015 8:27 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Rogue Devices

Can anyone suggest a good tool that I can detect/ prevent Rogue devices out in 
the network.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] To provide (wireless) service, or not to provide (wireless) service...

[McClintic, Thomas]

We use the 'byod' model in our housing. Students sign up for Comcast and we do 
not interfere with their use of wireless. The housing area only has university 
wifi in the administration areas. However, our housing is much more like 
apartments than normal college housing.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Friday, May 01, 2015 3:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] To provide (wireless) service, or not to provide 
(wireless) service...

I was deliberately ambiguous in the initial post, because I wanted to see how 
the conversation would go.  Granted, simply by posting here I have a somewhat 
biased sampling.  The problem is, there's something like 21,000 
colleges/universities in the world .. so I'm getting the I've heard some 
schools are 'doing this' and it saves a lot of money (maybe Phillipe's kids 
need to go to one of those schools ;)  ).  We're in the process of building a 
new res hall (opening over the summer) and another was just announced.  I 
mentioned this post to the design committee for the current res hall project 
and the faces were priceless.  Whether we/I agree with moving away from 
institutionally-owned WiFi or not, I'm going to have to research and write up 
alternatives.

Just a couple answers -- yes, I meant just our Res Halls.  --I wonder if I 
could get a WiFi enabled Prius and drop it in the res halls?  My Prius has been 
rock-solid!  --as a service was the term that was presented to me.  I'm not 
clear on it at this point either.

Lee (et al), what has a higher suck factor -- byoWiFi without support from IT 
or with?

The problem with people having the ability to create their own home networks 
is, everyone thinks they know how to properly implement a wireless network.  
It's kind of like education .. we all went to school, so we all think we're 
experts on the subject.  I'll let this conversation continue without my 
thoughts for a few days and then I'll give more specific information.  But I 
will say, without researching this further, my gut reaction is .. this is the 
worst idea I've ever heard.  And, as the father of a 16 y.o who is finishing 
her Jr year in HS and looking at colleges, I would never consider a school that 
avoided technology investment.

-Brian


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jeremy Gibbs 
[jlgi...@utica.edu]
Sent: Friday, May 01, 2015 3:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] To provide (wireless) service, or not to provide 
(wireless) service...
Not sure if this will make a difference, but if you haven't read this, take a 
look.  It has some very useful data about ResNet/Wireless/Bandwidth etc...

https://www.acuta.org/acuta/pdf/041715b.pdfhttps://urldefense.proofpoint.com/v2/url?u=https-3A__www.acuta.org_acuta_pdf_041715b.pdfd=AwMF-gc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=0l7RXPeTmWXfRkbgERAQJ3B83lL_rWLsnccCAUqC7iMs=0doSdVGu9MEJeYUaKJEHvbfrospU54JZp1Cm562tVH0e=



On Fri, May 1, 2015 at 3:32 PM, Lee H Badman 
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:
If wiring costs are the main issue, I'd go with wallplate APs  on existing 
cabling (even if not 11ac- just n). To not provide Wi-Fi is pretty backwards at 
this point and to say bring your own with the expectation that your group 
will somehow support that is the stuff of nightmares for all parties.

Not sure how 4G helps in this case- bad assumption that all devices can use it.

Also not understanding what as a service amounts to.


The more gimmicky it gets, the worse the suck factor will be.

-Lee


Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003tel:315.443.3003
(Blog: 
http://wirednot.wordpress.comhttps://urldefense.proofpoint.com/v2/url?u=http-3A__wirednot.wordpress.comd=AwMF-gc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=0l7RXPeTmWXfRkbgERAQJ3B83lL_rWLsnccCAUqC7iMs=8g5pPLOFSLYB_Mj9_JNrS-aVg7ORuBh_f6AlnY42cnIe=)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Brian Helman
Sent: Friday, May 01, 2015 11:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] To provide (wireless) service, or not to provide 
(wireless) service...

A few weeks ago we made a pitch for funding to upgrade our res halls to 
802.11ac.  This request for funding has had an unforeseen effect.  I'm not 
being asked to investigate NOT providing wireless networking in our res halls.  
Here are the options, as it has been described to me:

-No institutional wireless.  Let the students bring in their own AP's

RE: [WIRELESS-LAN] Above Ceiling AP installations vs. Prediction - Hospital Environment

[McClintic, Thomas]

Above ceiling installation with auto RF mechanisms like TPC can cause lower 
power settings when the walls do not go above the ceiling. We have many 
additions throughout our campus where the walls do not extend above the grid. 
An AP placed above that will behave much differently than expected.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Wednesday, April 29, 2015 8:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Above Ceiling AP installations vs. Prediction - 
Hospital Environment

The question for me isn’t really whether to or not above the ceiling work or 
not, it’s how predictable is it.  Coverage from AP’s, be they above or below 
the ceiling, is highly influenced by obstacle near the AP.  For the most part, 
there are more potential obstacle above the ceiling than below.  If you survey 
with the AP above the ceiling, and install the AP exactly where it was during 
the survey it should work fine.  If, on the other hand, the AP gets installed 1 
foot away from where it was during the survey, you could get weak or no signal 
somewhere you didn’t expect.  AP’s installed below the ceiling are less likely 
to have this problem.  In most cases, as long as they’re installed within a few 
feet of the surveyed location they’ll have the same coverage.  Exception occur 
if the AP get installed next to a large column, or bookcase, but these obstacle 
tend to be much more obvious to the installed, than light fixtures, air 
handlers, and ductwork.

That said, the more we design for density and the smaller our cells the less 
important this becomes.  If we assume the extreme case of one or more APs 
located in every room (and also assume we’re not doing something as dumb as 
setting the AP on top of florescent light fixtures or an HVAC duct), small 
differences in position above the ceiling are unlikely to have any appreciable 
effect on network performance.

FWIW, except for a tiny number of special cases we keep our APs (or at least 
the antennas) below the ceiling.  It provides more consistent results and 
reduces the coordination required between the designer and installers.

Chuck Enfield
Manager, Wireless Systems  Engineering
Telecommunications  Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald
Sent: Wednesday, April 29, 2015 8:34 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Above Ceiling AP installations vs. Prediction - 
Hospital Environment

As long as you don't put the AP right over a ceiling frame joint, we seem to do 
OK, again dependent on what else is up there.

Best regards

Sent from my phone, please excuse brevity and/or misspelling.

From: Harry Rauchmailto:rauc...@eckerd.edu
Sent: ‎29/‎04/‎2015 13:31
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Above Ceiling AP installations vs. Prediction - 
Hospital Environment
We have done both above ceiling and below ceiling and found that it depends 
what's above the ceiling. Ductwork, pipes, etc. affect about 10% of our 
coverage. We have also tested the newer in-the wall devices that could be 
applicable to your design. We chose Ruckus since a number of their devices, 
including in-the-wall are immediately meshable if necessary without any work on 
the controller's part.

Meshing has proven handy for us when we have had network feed issues at our 
dorms. As long as the antenna gets power it will automatically link to an 
active downlink antenna.
Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. 
Petersburg, FL 33711
On 4/29/15 8:15 AM, Cosgrove, John wrote:
Looking to hear about anyone doing above ceiling AP installations and see how 
the coverage compares to below the ceiling.  I also don’t have much time or 
resources to “play” around with the design since it will be in a hospital 
environment.

I am pushing to keep the AP’s below the ceiling but the renovation area is 
looking to have a “Luxury” feel.  Facilities tells me to think “Luxury Hotel”.  
Hotel wireless is not the same goal as Hospital wireless.

I suggested the paintable covers or the 2x2 drop ceiling enclosures.  I think 
they want a “No See AP” look.

Thank you for any comments on this issue.

John Cosgrove
Wireless Staff Specialist
Penn State Hershey Medical Center
Penn State College of Medicine
jcosgr...@hmc.psu.edumailto:jcosgr...@hmc.psu.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: 1GBE as a bottleneck to APs?

[McClintic, Thomas]

For now mgig doesn't seem necessary from a wireless perspective. I think new 
installations may justify multiple drops if you know funding for some areas 
comes and goes. Like a slow refresh on switch gear, but the ability to upgrade 
to full AC Aps. Mgig will most likely be driven from our research departments 
as they upgrade machines with newer NICs and expect to take advantage of it. We 
try to anticipate the needs and so far we see very little need for mgig on the 
wireless front. 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, March 24, 2015 10:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

I'd add to Frank's list:

- Wave 2 won't increase spectral efficiency as much as initially projected.  
Expect 2x once most of the client radios are wave-2 11ac rather than the 4x 
that was being tossed around a year ago.

- Most, if not all, ac client devices will be 2-stream.

- There's insufficient spectrum available to leverage 80MHz channels.
Even if more spectrum becomes available in the next couple years, it will be 
years after that before a large enough percentage of client devices support 
those new channels for them to be useful.

Add all this up and it is likely to be at least 5 years before you achieve Gbit 
on the wire to 802.11ac APs, and it may never happen.  If you agree with this 
assessment, then there's no reason to rush into proprietary multi-gig edge 
switching.  It seems wise to wait for an IEEE standard.

Chuck Enfield
Manager, Wireless Systems  Engineering
Telecommunications  Networking Services The Pennsylvania State University 
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
Sent: Tuesday, March 24, 2015 11:06 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

Personally, I'm not too worried about it.

While naively adding up the wireless marketing sheets gets you to  1Gb 
numbers, especially when treated with Wave 2 pixie dust, I think there are a 
few factors which make this a low concern.

  - The wireless numbers are half duplex, while that 1Gb wired connection is 
full duplex.  This means that while your client bandwidth is probably going to 
be biased download more than upload, the upload and download packets that are 
bottlenecked through the common air time each have their own contention-free 
1Gb channel once they hit the wired network.

  - Wireless throughput is *very* picky at top speeds.  I've seen estimates 
that those magic wave 2 numbers won't be reachable more than a few meters away 
from the AP.

  - It only takes a few legacy clients hopping onto your nice new 11ac AP to 
drag you back down to a fraction of your peak throughput.  Given how many 
budget laptops are being sold today with 2 stream, 2.4GHz only 11n adapters, 
this problem will be with us for a long time.

Even if you do end up in a situation that legitimately needs over 1Gb, I'd be 
careful before relying on the LACP based solutions.  Unless you're terminating 
your user sessions locally, all of the traffic will be going through an 
encapsulated tunnel between the AP and controller, which can easily end up 
hashing all of the traffic down one link.  There are tricks to work around this 
(I believe Aruba opens up multiple tunnels with different endpoint IP 
addresses, for example), but this it's still an imperfect solution where 1 + 1 
!= 2.

So my guess is that we have a few years before it's a major concern, and I'm 
waiting on a decent answer for 2.5Gb switching before I do any real investment 
in a solution.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution
that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 3/24/2015 10:37 AM, Hinson, Matthew P wrote:
 I've seen a few articles here and there regarding possible solutions 
 for the gigabit bottleneck as it pertains to .11ac access points.
 Said solutions include Cisco's forthcoming protocols for 2.5G and 5G 
 over CAT5 cabling as well as LACP'ing two gigabit ports per switch and
AP as some vendors suggest...

 My question for the group is: Has anyone actually seen a throughput 
 issue using gigabit to the edge? Certainly your distribution layer 
 gear could be a limitation if it's not specced correctly, but I've 
 just never seen a situation where I've wished for more than 1000BASE-T 
 to an AP. Our fastest 802.11ac access points can only hit 
 600-700mbit/s real TCP throughput, and that's in ideal, almost
laboratory conditions.

 Thoughts?

 Thank you!

 Matthew Hinson

 Network Operations

 ** Participation and subscription information for 

RE: [WIRELESS-LAN] ResHall Wireless - FlexConnect

[McClintic, Thomas]

Here is the info Jeffry:

The number of FlexConnect groups and access point support depends on the 
platform that you are using. You can configure the following:

Up to 100 FlexConnect groups and 25 access points per group for a Cisco 5500 
Series Controller.

Up to 1000 FlexConnect groups and 50 access points per group for a Cisco Flex 
7500 Series Controller in the 7.2 release.

Up to 2000 FlexConnect groups and 100 access points per group for Cisco Flex 
7500 and Cisco 8500 Series Controllers in the 7.3 release.

Up to 20 FlexConnect groups and up to 25 access points per group for the 
remaining platforms.


http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_010001010.html#d34284e204a1635


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Wednesday, March 18, 2015 9:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

Hector I am just starting to think about using FlexConnect. I have two Wism2's 
and about 750 Aps. Can you tell me where I can read up on the 25 AP restriction?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Wednesday, March 18, 2015 10:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

We use WiSM2s, and based strictly on the numbers supported by this platform 
(which are pretty horrible: 25 APs per FlexConnect group) I don't think we will 
be using FlexConnect any time soon. 

-Hector

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Wednesday, March 18, 2015 1:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect

Please post any results you have if/when try expand FlexConnect to your entire 
campus. It looks like you are close to our size (we now have about 125 
buildings  about 38K students plus about 4K faculty/staff). 

Thanks. 

Sent from my iPhone

 On Mar 17, 2015, at 4:12 PM, Hector J Rios hr...@lsu.edu wrote:
 
 I've not performed tests to that scale yet. Plus we are only considering this 
 for our ResHalls, of which we have 21 buildings only. 
 
 -Hector
 
 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
 Sent: Tuesday, March 17, 2015 11:55 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless - FlexConnect
 
 We played with FlexConnect for a number of months but still could not get 
 what we needed it to do on a consistent basis. Essentially we wanted 
 FlexConnect to drop users into their building VLAN so they would be able to 
 easily interact with the same devices that the wired connections in the 
 buildings could see. As I'm sure you know, this also resolves many of the 
 Apple, Chromecast, etc., problems.
 
 We did have one caveat though that we just couldn't get past -- we wanted to 
 drop faculty/staff into one VLAN and students into another (we can easily 
 return the proper VLAN for a particular client in a particular building from 
 Radius server - FreeRadius with a call to our LDAP server for info) but  we 
 also need to send everything else back to the controller for central 
 switching (e.g., police connections, special bar-code scanners that roam and 
 serve to identify a user, but not being used for client traffic, for example, 
 to give out free flu shots to eligible folks or let folks into a sporting 
 event). We just couldn't get past having 95+% locally switched and the 
 remainder centrally switched for over 200 buildings many with now over 100 
 APs each without using FlecConnect groups which are limited to numbers way 
 too small for our campus.
 
 We can even live comfortably without roaming between buildings. MOst folks 
 are not used to being able to roam between buildings downtown or many cannot 
 roam between apartments off campus.
 
 How did you get around the FlexConnect group problem?
 
 
 
 
 ==
 -jcw
 
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Hector J Rios 
 [hr...@lsu.edu]
 Sent: Tuesday, March 17, 2015 9:27 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] ResHall Wireless
 
 I tested FlexConnect on 8.0.110.0. Here are my observations:
 
 *Great alternative to switch data locally (obviously) *No AVC Support *When 
 controller is down, AP goes into standalone more. Must make sure that AP is 
 not able to reach any other controller you don't want. This was fixed with an 
 ACL.
 *Client 

RE: Looking for interest among Wi-Fi professionals

[McClintic, Thomas]

Bruce,

Not to side track this conversation too far, but is this because the ArubaOS is 
that stable or that it is not as prevalent?

This is almost an exact reason for something like this to exist. In a perfect 
world this collaborative site would have sub-forums for the different vendors. 
Activity in each, mixed with membership polling would help indicate the number 
of people whom use a vendor and the amount of times people are posting. 
Typically people don't post if there are no problems.

It's easy for us to pick on the largest vendor, but if we can show that other 
vendors have proportionally less issues; then we have some more ammo behind our 
complaints.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Wednesday, March 18, 2015 2:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

I could be useful IF it is not dominated with Cisco Wi-Fi issues. Although 
Cisco is the largest vendor, they must have the most issues.
When was the last time people were asking whether to upgrade to a GA version of 
ArubaOS?, for instance?


Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, March 18, 2015 1:49 PM
Subject: Looking for interest among Wi-Fi professionals

This is not meant to self-promote, apologies if it seems that way. Looking for 
interest on whether those on the list would get value out of a potential new 
wireless-oriented discussion board, as described here:

https://wirednot.wordpress.com/2015/03/18/hey-wireless-professionals-would-you-use/https://urldefense.proofpoint.com/v2/url?u=https-3A__wirednot.wordpress.com_2015_03_18_hey-2Dwireless-2Dprofessionals-2Dwould-2Dyou-2Duse_d=AwMFAgc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=dCxfcQfLO44eX42aDwfJu-n38EPsE5nIqFPWtDbKo58s=cwHtgV0PkYT1jSxP9dI5ZDck5-z2dfd2UkFuR60CWVEe=

Won't hurt my feelings either way, but could be kind of valuable if you picture 
it widely used.

Regards-

Lee Badman



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQr=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4m=dCxfcQfLO44eX42aDwfJu-n38EPsE5nIqFPWtDbKo58s=yGPfTNzfY5_Puu8ZfYzuQOr1OmbvtIo7ukTz7o45_u0e=.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WLAN design presentation tips?

[McClintic, Thomas]

I suggest doing an ac site survey on a sample building with the radios in their 
existing locations. Then, do a survey in the same building with your proposed 
locations. 

Make sure your data shows how far the ac data rates propagate. Doing the survey 
on a UNI-1 channel is best imo.

I did something similar. I surveyed the existing APs for a floor of a building, 
then did a survey by following the RF. The difference is huge when you look at 
channel overlap and dead/dregraded areas. The consistency of data rates is what 
we focused on.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Tuesday, October 21, 2014 1:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

On Tue Oct 21 2014 12:47:02 CDT, Williams, Matthew mwill...@kent.edu wrote:

 

 I’ve just started here at Kent State and I’m facing an uphill battle 
 regarding updating our WLAN design.  All APs are deployed in the hallways and 
 we’re rolling out 802.11ac.  We’d like to move the APs into the rooms, but 
 the mere suggestion has been met with resistance.  I was just wondering if 
 any of you had any tips or suggestions for trying presenting the new model to 
 upper management.  Thanks for any suggestions that you might share!



We did a demo building to show how it improved coverage and capacity.  Then the 
powers that be were sold on the design.





-- 

Julian Y. Koh

Acting Associate Director, Telecommunications and Network Services

Northwestern University Information Technology (NUIT)



2001 Sheridan Road #G-166

Evanston, IL 60208

847-467-5780

NUIT Web Site: 
https://urldefense.proofpoint.com/v1/url?u=http://www.it.northwestern.edu/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=TUiP3oi%2FzNLAPbQ5GleswRPDTvVM8WlPi%2FhWzeMk7l0%3D%0As=86f955df884489dd80093c5fa5563484772bd25d825ab1a5d92a39c24e5ab9e6

PGP Public 
Key:https://urldefense.proofpoint.com/v1/url?u=http://bt.ittns.northwestern.edu/julian/pgppubkey.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=TUiP3oi%2FzNLAPbQ5GleswRPDTvVM8WlPi%2FhWzeMk7l0%3D%0As=69729a5cdf3e2e7f8ba725caf538cefeb9982d16ea19b8de70aaafe4094ad9f0

RE: [WIRELESS-LAN] windows client intermittent drops of connection wlc 7.6

[McClintic, Thomas]

Dan,

Do you have DHCP Addr. Assignment Required on? I’m seeing a similar issue since 
going to 7.6 and also see it on 8.0.

I can’t access your case, so if you could update me offline that would be 
wonderful.

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 7:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

Very interesting b/c we are getting complaints from students with both Mac and 
Windows clients.  I disabled band select  load balancing and that seems to 
have helped, but I still have students who complain that they get dropped 
randomly.  We're on 7.6.120.  I've pressed multiple TAC engineers about going 
to 7.6.130, but none of them will commit to that as being the fix.

We also have only WPA2-AES enabled for our main ssid.  Our TAC case is 63665837 
for reference.

One thing that I have noticed is that when the students complain of dropping, 
it seems be due to the fact that they have roamed from one AP to another and 
the roam is taking so long that some clients end up needing to go through the 
DHCP process again.  The odd thing is that when I look at the RSSI for the 
client, it's in the high -60s/low -70s, so I don't know why the are roaming.

-dan




Dan Brisson

Network Engineer

University of Vermont

(Ph) 802.656.8111

dbris...@uvm.edumailto:dbris...@uvm.edu
On 10/1/2014 7:18 PM, Britton Anderson wrote:
We've had the same issues regardless of Mac or Windows clients. We tracked it 
down with TAC on our controllers (running either 7.6.122.9 or 7.6.130.0) as an 
issue with both WPAWPA2 enabled along side client band select/load balancing. 
Band select and load balancing are obviously big ones, but disabling WPA and 
leaving only WPA2-AES layer 2 security has remediated the problem for us.

-Britton


Britton Andersonmailto:blanders...@alaska.edu |

 Senior Network Communications Specialist |

 University of 
Alaskahttps://urldefense.proofpoint.com/v1/url?u=http://www.alaska.edu/oitk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=catvvxD%2FLWUPrt7teEftVW%2BVyZ7q4Mdxyz136gey7Lk%3D%0As=49b7a6706beeaa53ae26409a343bfd57f3838be4a0965c03816c0032ea4247e2
 |

 907.450.8250



On Wed, Oct 1, 2014 at 3:10 PM, Ashfield, Matt (NBCC) 
matt.ashfi...@nbcc.camailto:matt.ashfi...@nbcc.ca wrote:
Hello

We are seeing some intermittent issues with some of our student computers (a 
lot of HPs, but some others) whereby they will be working away, well connected, 
and suddenly get the yellow exclamation mark in on their wifi connection in the 
taskbar and lose connectivity. Sometimes they can get back on, sometimes they 
have to reboot. We have tried updating drivers and that has not fixed the 
problem, although in one case we forced the client to 2.4ghz range thru 
settings in the adapter and that seemed to fix the probem in some cases.

The issue is very odd. It appears almost to be location or AP specific although 
reports are hard to nail down. Anecdotal reports suggest more difficulty with 
non-3702i APs (we have some 3500's and 3600's APs as well) The network is an 
EAP-TLS network with client side certs.

As with most student wifi issues, it’s nearly impossible to get real debugging 
results, but one thing we have noticed is when the student is having issues, 
we’ve seen where the controller is showing them as  associated and 
authenticated, but the client machine seems to show that it has an IP gateway 
and mask but for some reason there’s no gateway entry in the ARP table of the 
client. Release/Renew does nothing. Ping from the gateway does nothing. Very 
odd issue. DHCP is provisioned by a central Microsoft DHCP server (ie, not the 
cisco device) and we’re using 1 hour lease times. Some students we've seen it 
happen to are a result of their laptop going asleep.

I personally tend to lean towards this being a client driver issue. Problem is, 
it's nearly impossible to have every student with up to date drivers in this 
BYOD type world we operate in. At the end of the day, we have students who need 
wifi access and cannot get on and blaming IT. This is a small subset of users, 
but an issue nonetheless.

I have heard rumblings of various wlc  options/settings that may be causing 
issues and we do have the following list below. Turning one off at a time is an 
option I suppose, but hoping that someone may have some better recommendations 
here.
- Client Band Select enabled
- Client Load Balancing enabled
- User Idle Timeout set to 5400 Seconds (this is under Controller/General)
- CCKM enabled
- Session Timeout 36000 (this is under WLAN/Advanced)
- DHCP Address Assignment Required is checked

Any advice/info is appreciated.

Thanks

Matt

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 

RE: [WIRELESS-LAN] Wireless lighting controls, etc

[McClintic, Thomas]

I have used an AMX panel and didn't lose the battle about the vendor installing 
their access point. The password for the advanced configuration was 1988 (good 
year) in case you ever need it. I was told that was the default. We used PEAP 
and it performed well.

Great video Joel, very humorous!

TJ McClintic
Senior Network Engineer, Network Operations

Communication Services | Network Operations
7000 Fannin | Suite M60 | Houston, TX 77030
(713) 486-2271 tel | (832) 269-9986 mob
www.uth.edu



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Daniel, Colin
Sent: Tuesday, September 30, 2014 1:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless lighting controls, etc

We have an AMX system in place and faced the same initial demand of a separate 
wireless network.
I too was overruled, until the contractor couldn't make the system work as 
advertised. As a condition for helping resolve the crisis I was given the 
opportunity to re-configure the system to use our enterprise wireless.
The wireless component was not the issue, of course, but I'll take any 
opportunity to avoid the one off solutions. I did MAC-Authenticate the AMX.

Colin Daniel
Network Systems Manager
Montana State University

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Roger Wiechman
Sent: Tuesday, September 30, 2014 12:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless lighting controls, etc

One department here used to have and use an AMX A/V system wireless remote that 
required it to have its own 2.4G access point installed.  I yelled and 
screamed, but was overridden. Fortunately, it is no longer used and was 
scrapped.
I have no idea if AMX still uses or supplies that solution.

Roger
Harvey Mudd College

On 9/30/2014 10:57 AM, Lee H Badman wrote:
 Good stuff. Thanks, Jason.

 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Watts
 Sent: Tuesday, September 30, 2014 1:29 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] Wireless lighting controls, etc

 Lee,

 Aside from Lutron and Crestron, which I believe both have equipment 
 which operates in the low Mhz range (200-400), I've heard of Enocean 
 which has offerings in both 300 and 900Mhz range and uses energy 
 harvesting with some of its switches and components so that they are 
 non-wiring dependent.

 Here is a link to what they are terming their wireless ISO/IEC standard:

 https://urldefense.proofpoint.com/v1/url?u=http://www.enocean.com/en/e
 nocean-wireless-standard/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY
 0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=oPkjVe4%2BRVhG5YbcjaOblx
 rFCEyqzyHyJ4AtCQ34xNY%3D%0As=cd4c6e13d7c8195e6c24cdec575a6a2a1debddc8
 0729844605a411482b93a909

 We looked at them when Facilities was shopping around to upgrade some 
 lighting systems. Haven't seen any of their gear in operation yet.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=oPkjVe4%2BRVhG5YbcjaOblxrFCEyqzyHyJ4AtCQ34xNY%3D%0As=4ee17dfe6427a1219139011ede324f1797b21914f183fc4fad38719f804577bd.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=oPkjVe4%2BRVhG5YbcjaOblxrFCEyqzyHyJ4AtCQ34xNY%3D%0As=4ee17dfe6427a1219139011ede324f1797b21914f183fc4fad38719f804577bd.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 802.1x Certificates for RADIUS

[McClintic, Thomas]

AddTrust via InCommon


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Wednesday, September 24, 2014 3:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x Certificates for RADIUS

On Wed Sep 24 2014 15:07:33 CDT, Jason Wang j.w...@its.utexas.edu wrote: 
 I'm curious which CA's you are using for your RADIUS servers for your 802.1x 
 implementations.

We use the Comodo certs available via InCommon.


--
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services Northwestern 
University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: 
https://urldefense.proofpoint.com/v1/url?u=http://www.it.northwestern.edu/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=9scvih8TMbNyOJPy%2BXmetY%2F%2BwLbtFGYPjA2hFgpaxiY%3D%0As=1df79b678494e8e680884fc237a95301594a4ee0cd89611fd3a2e7fe4f2eb9b0
PGP Public 
Key:https://urldefense.proofpoint.com/v1/url?u=http://bt.ittns.northwestern.edu/julian/pgppubkey.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=9scvih8TMbNyOJPy%2BXmetY%2F%2BwLbtFGYPjA2hFgpaxiY%3D%0As=bd32fe194524bafc8941843868771f8616f2b47548323c9c20ba3ffec648cfd3

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=9scvih8TMbNyOJPy%2BXmetY%2F%2BwLbtFGYPjA2hFgpaxiY%3D%0As=5e9dd316267e81eb6f4909211544230054542e4a2d22c654c70674356edb4995.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[McClintic, Thomas]

We have 1 802.1X SSID and 1 open web auth passthrough SSID.

Traffic on the authenticated SSID goes through our normal User VRF. Traffic on 
guest goes directly to an internet VRF which passes through our PAN. We do 
allow traffic to go out the internet and back, which we are flirting with 
disabling.

We throttle the speed of the open SSID to 1mbps up/down.

Our problem is that users find it easier to configure devices for the web auth 
so we try to time them out often, lower their speed, and maybe prevent them 
from reaching VPN (future). 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
Sent: Tuesday, September 09, 2014 10:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

Our general policies are posted here:

https://urldefense.proofpoint.com/v1/url?u=http://www.wpi.edu/Academics/CCC/Netops/Wireless/Guest/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0As=c96ff8e0f964342ef759d323c7d96cf860113ed8931ca16b2e6236d6248e1dce

We avoid doing completely open wifi, as we have decided not to become a hotspot 
for any neighbors or people wandering by.  To handle the request volume and 
keep the turnaround time low, we have a larger number of contacts throughout 
campus (including the majority of administrative assistants) set up to hand out 
guest passes, typically limited to one day.

We don't set concurrent limits on logins, so we don't do anything special for 
group accounts vs individual ones.

In addition, we are also in the process of rolling out eduroam campus wide.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 09/09/2014 11:40 AM, Mark Reboli wrote:
 I am looking for information on what people do with guest wireless.  
 Do you have open wireless on your campus?  Do you have a password that 
 everyone knows?  Do you create special passwords for groups?  Any 
 assistance would be helpful.

 Thank you

 m

 Description: MU Arches

 Mark Reboli

 Network/Telcom Manager

 Misericordia University

 (570) 674-6753

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0As=e5c6f89fb62653a0d95879fdd6086e0d68e9311f8aca8200b3ac774ae9621d9e.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0As=e5c6f89fb62653a0d95879fdd6086e0d68e9311f8aca8200b3ac774ae9621d9e.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[McClintic, Thomas]

Can anyone running MR3 (.130) speak to the stability of the code? Any issues 
you have seen? How long have you been on it?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Friday, September 05, 2014 9:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

For engineering builds, you need to ask TAC for them. If you have a good 
relationship with your local Cisco wireless SE, he/she can probably get it as 
well.


I only have the build for the 5508.


Jeff

 John York  09/05/14 7:27 AM 
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced.

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff

 On Thursday, September 04, 2014 at 10:21 AM, in message , Britton
Anderson  wrote:
We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out.

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.


Britton Anderson |

Senior Network Communications Specialist |

University of Alaska |

907.450.8250



On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt  wrote:
There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0
Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.
We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode.
However, the active “secondary” still showed standby hot, so we did a failover 
– which caused an outage (uh oh). While consoled in, we got the maintenance 
moded primary back up, and was bringing the secondary back up, when we found 
this:
pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4) this entry's previous access was by: 
file(capwap_ac_sm.c), line(7393)
(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)
(pmallocProcessMemoryCorruption): thread ID(349= (349256224))
(pmallocProcessMemoryCorruption): current access file
name(rrmSocket_wlc.c)
(pmallocProcessMemoryCorruption): previous-access file
name(capwap_ac_sm.c)
pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4) this entry's previous access was by: 
file(capwap_ac_sm.c), line(7393)
(pmallocProcessMemoryCorruption):
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)
(pmallocProcessMemoryCorruption): thread ID(349256224)
(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = 

RE: [WIRELESS-LAN] Replacing ageing APs

[McClintic, Thomas]

Good Morning,

We added the wireless infrastructure to the 5 year refresh cycle which is used 
for our wired network. In this cycle specific school buildings are refreshed 
each year. This helps in two ways; first the budget for 5 years is spread 
nicely and second we aren’t hit with a large uplift all at once. This may not 
keep us totally current all the time, but it works.

Wi-Fi is far from the luxury it once was and has become a standard. When 
students are purchasing new devices with they expect to see the increase in 
associated speeds. Changing the perspective of executives to understand that 
wireless connectivity is now as essential (sometimes more so) as wired 
connectivity is key. A quick poll of your students about the Wi-Fi may open 
their eyes as well if they are in denial about the need for Wi-Fi.

From a Cisco model perspective, it is critical to remove/replace all your non-N 
capable APs. That should keep you going for the projected codes. Here is a list 
of APs that should last you a bit: 1140, 1260, 2600, 3500, 3600, 2700, 3700, 
1550, 1530, 700. I italicized the 1140 and 1260 because technically they could 
drop them off code support by year’s end. *shutter*

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver Elliott
Sent: Thursday, August 07, 2014 3:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Replacing ageing APs

Hi all

I've been looking into EOLs and end of software support for some of our older 
APs and was wondering what other institutions do to keep their estate up to 
date. Up to now we've had very sparse funding for wireless as it was always 
viewed as an add on service. A recent outage (caused by buggy 7.6.120 code) has 
shown just how important Wifi has become. Up to now APs have been largely 
installed on an ad-hoc basis with funding from departments or projects but this 
doesn't tend to account for EOL replacement.

We're looking to apply for a formal replacement project based on either rolling 
yearly replacement budget or a big bang approach every few years.

So, how do you guys handle this problem?

Oli
--
Oliver Elliott
Network Specialist
IT Services
University of Bristol
e: oliver.elli...@bristol.ac.ukmailto:oliver.elli...@bristol.ac.uk
t: 0117 92 (87861)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco Controller Code

[McClintic, Thomas]

Good Morning,

We have been running 7.6 for over 2 months in full production, 6 months in test 
and limited deployment. No client issues reported yet.

We did run into the issue with web auth crashing our anchor controller. Be sure 
to get the code .120.6 or later for the fix if you are running web auth.

I haven’t had issues with HA like in earlier releases. Running static addresses 
on the service ports, had issues with DHCP on them though.

We have been seeing some 2602’s have issues with the file system. It requires a 
file system check to resolve. I’m not sure if this is related to the inability 
to get the backup version put on. It’s not a game breaker for us and only rears 
its head on 1 out of about 200 APs.

If you are running Prime and MSE be sure you review those upgrade paths as 
well. Bookmark this page 
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html.
 Also shows 1131’s are supported.

7.6 is more of a band aid to get us to ac(2700/3700) support, most of the 
highlights will be coming with 8.0 like RX-SOP, etc. Going from 7.3 to 7.6 you 
are going to have a lot of new nerd knobs, so enjoy!


TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271 tel | (713) 364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, July 31, 2014 10:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco Controller Code

We’ve been running it for over a month.  I’ve seen one primary issue with 
cluster failover (Active controller failed), and have an active TAC case opened 
on it.  I just received 7.6.122.12 from TAC and will be putting it on my lab 
test cluster today.  The users have not seen any issues, because the HA works 
really well – fortunately.  Other than the GLBP/Macintosh Maverick issue, we’re 
happy with it (running 1252’s, 1142’s, 3502’s and 3702’s).  You may need to 
check the 1131’s to see if they are supported on 7.6.120.0, though.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tom Klimek
Sent: Thursday, July 31, 2014 9:47 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco Controller Code

We need to upgrade our 5508 controller code to support the 2702i AP's(Currently 
at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 
1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience 
with this version ? Any issues? recommendations?


Thanks,
Tom Klimek
University of Notre Dame


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=%2Bk2Jbd0SV7vX6vMVg9nAbXw0lZVJQWszc%2BkwGY%2BLNgw%3D%0As=5fd8efedeea244e53a71f11100c045e8956ffa48902e36d02fc985dcc0ff7620.

!DSPAM:911,53da570663332191220525!
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] apple tv wired/wireless

[McClintic, Thomas]

Wired with mDNS Snooping enabled on the required APs. Wireless is just not 
worth the hassle.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, June 13, 2014 8:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] apple tv wired/wireless

Wired. Period.

Sent from my Android phone using TouchDown 
(www.nitrodesk.comhttp://www.nitrodesk.com)

-Original Message-
From: Hurt,Trenton W. [trent.h...@louisville.edu]
Received: Friday, 13 Jun 2014, 9:31
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
Subject: [WIRELESS-LAN] apple tv wired/wireless
For the folks that have apple tvs on campus.  How are they connecting to the 
network?  Wired/wireless


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] 5508 or 3850

[McClintic, Thomas]

You must also upgrade to 7.5 or later to enable 'New mobility'. If you can't do 
this yet, avoid mixed environments to prevent mobility issues.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-5/config_guide/b_cg75/b_cg75_chapter_010010101.html

TJ McClintic

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, May 16, 2014 9:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 5508 or 3850

Until the 5760s can be fully managed by PI and achieve feature parity with the 
5508s, I'd stay away. They still feel half-baked to me...

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Christina Klam ck...@ias.edu
Sent: Friday, May 16, 2014 9:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 5508 or 3850

All,

I am trying to put together a large purchase.  Cisco has some nice bundles but 
we are trying to determine if they are right for us.  A big issue is the 
divergent paths Cisco is taking on wireless.  Should we invest in a pair of 
5508 which may be good for a 3-4 years?  Or, should we jump into the Converged 
world of 3850s and 5760s?  What will I be losing by moving off of the 
5508/WiSM2s?

I have read that clients cannot seamlessly roam between APs on different 
platforms.  Is that still true?  We have a layer 2 design so clients will be 
keeping their IP addresses.  But, what happens to the 802.1X authentication?  
If clients have to re-authenticate as they move from AP-converged to AP-AireOS, 
that can be a problem for the areas where the two overlap.

Thank you for your help,

-- Christina
Christina Klam
Network Engineer
Institute for Advanced Study
Email:  ck...@ias.edu

Einstein Drive  Telephone: 609-734-8154
Princeton, NJ 08540 Fax:  609-951-4418

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=sG3uQ9Qp45lo%2FR8nM0N4tnD9m03Xb%2Bo8e7rwBOFG4zc%3D%0As=9fc99574c67b2247e2f2d9497b0af5c821ab1997917ea17dfb76c6670b7f166c.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=sG3uQ9Qp45lo%2FR8nM0N4tnD9m03Xb%2Bo8e7rwBOFG4zc%3D%0As=9fc99574c67b2247e2f2d9497b0af5c821ab1997917ea17dfb76c6670b7f166c.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: time for the annual wifi will kill us response

[McClintic, Thomas]

It would be very helpful to have a visible comparison for proposed acceptable 
levels of exposure compared to maximum FCC regulations, and then compared to 
average transmit power for your environment.

Something similar to showing a high wattage bulb then lowering the power to the 
ratio of FCC max transmit and finally showing the average power in the 
environment.


* Use a 1000 watt bulb at the starting point for 4W/kg that is done for 
lab testing. This would be the example of the tested level for long term 
exposure

* Drop the bulb to 50 watt and state that is the level for FCC max

* Drop the bulb to say 20 watt and state that is the level for your 
computer and most access points
I think what scares most people is they can't see it, they have no idea just 
how low the output is. They just hear 'same frequency as your microwave' and 
think we are putting open microwave ovens above their heads.

Of course, if they are reasonable people just point them to the IEEE document 
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01626482 Section 7.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, April 09, 2014 12:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] time for the annual wifi will kill us response

Every WLAN vendor has their own white paper on this, but they all say the same 
thing. I also sat through  a course not so long ago that laid waste to the 
notion of dangerous Wi-Fi. 
https://www.acgih.org/resources/press/emr-webinar_pr.htmhttps://urldefense.proofpoint.com/v1/url?u=https://www.acgih.org/resources/press/emr-webinar_pr.htmk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=4r9w7wKdahNziZwJLtDxFxNrC69%2FIToHAXgYUHoc8Qw%3D%0As=e821de01f9e5bd32cda9df874a19866e909e1d6dc89f325519aad76c80bf8d4f
 is excellent, and puts the topic to bed.

-Lee Badman

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James P
Sent: Wednesday, April 09, 2014 1:48 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] time for the annual wifi will kill us response

Well, it's that time of year again, wherein we get the following contact from 
one faculty member or staff member (out of tens of thousands of students, 
faculty and staff):


 I am an adjunct faculty member and I would like to have a meeting with 
someone that is charge of the WiFi system on the UNC-CH campus. I believe that 
there is a significant health risk to all students and faculty around this type 
of radiation. I would like the opportunity to bring solid research and 
professionals before you to present the materials.  This cannot be ignored. The 
liability is too great to all of the students and faculty.



And just like folks that come up with scientific studies that there's no 
climate change and the Earth is 7,000 years old, of course he has research 
links to back his claims.



Before I go digging out what studies and replies we've used in past years when 
this has come up, I was wondering (a) how many of you also have to deal with 
this and (b) has there been anything more recent in terms of research we can 
point to than what I dug up years ago?



Thanks in advance



-- Jim Gogan / ITS Comm Tech

Univ of North Carolina at Chapel Hill

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=4r9w7wKdahNziZwJLtDxFxNrC69%2FIToHAXgYUHoc8Qw%3D%0As=5f406a3598181d25a2dc054cfb82e6a4b788ca81e97c1cd18fc2e7ec8dc30115.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

[McClintic, Thomas]

Tristan,

I do not have a laptop with the issue yet, I will ask our Desktop groups to 
report issues back. However, do you have Global IPv6 Config Enabled or Disabled?

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Thursday, March 27, 2014 9:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

Hi all,

Thanks for your information! Looks like this is a thing

Has anyone chased this up with wireless vendors (assuming this has only been 
observed on a Cisco network) to work out whether it's a Broadcom or Cisco issue?

I don't have one of these devices myself to reproduce the issue in testing 
which will make TAC case troubleshooting and diagnosis very challenging to 
provide.

I've had a report of success from a student who has downgraded their release to 
6.30.59.15 (previously 6.30.223.102).

Ideally a root cause analysis will require packet captures to find out what's 
going on in wireless client land and what's different about the packets between 
devices that work and devices that don't.  Has anybody progressed to that stage?

Cheers,
Tristan



Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
Office: 03 9902 9092 | Mobile: 0403 224 484
www.monash.eduhttps://urldefense.proofpoint.com/v1/url?u=http://www.monash.edu/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=V6ehsZU2wLfoN1%2BF5ZnIqpdKCNJ0JxhkYTg5fob1Otc%3D%0As=b49f8cd99f15f718b75c1e46c1a72fef56c29b97114c12d1230111a11edff802
 | tristan.gul...@monash.edumailto:tristan.gul...@monash.edu







On 28 Mar 2014, at 2:57 am, Eric T. Barnett 
ebarn...@astate.edumailto:ebarn...@astate.edu wrote:


I've only seen one, but I fixed it by rolling back to a Windows 7 driver. I was 
running Cisco 7.5 at the time. Very frustrating as it worked with a Mi-Fi I had 
handy. If I recall, someone else said that it was sending the DHCP request and 
the server was receiving it, but the client wasn't receiving the reply for some 
reason.

Regards,

Eric Barnett
Senior Network Engineer/Wireless Administrator
Information and Technology Services
Arkansas State University
(870) 680-4243
http://wireless.astate.eduhttps://urldefense.proofpoint.com/v1/url?u=http://wireless.astate.edu/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=V6ehsZU2wLfoN1%2BF5ZnIqpdKCNJ0JxhkYTg5fob1Otc%3D%0As=51c2ab0eacd776db46b211bb7fc5ede58803912f176228124fc0b57c5cf7f764



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Thursday, March 27, 2014 12:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Broadcom Win8.1 clients not accepting DHCP offer

Hi all,

We've seen several occurrences of an issue where wireless clients would not 
accept an IP address from our DHCP server after authenticating.

This seems to be limited to Broadcom devices running either Windows 8.1 or 
Ubuntu Linux (seen this on 12.04).

Our infrastructure is Cisco based (derivative of 7.2.111.3 firmware) on 3600 
series APs.

Has anybody else seen something similar?

Cheers,
Tristan


Tristan Gulyas
Wireless Network Engineer
Network Operations
eSolutions | Monash University
738 Blackburn Road Clayton 3800
www.monash.eduhttps://urldefense.proofpoint.com/v1/url?u=http://www.monash.edu/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=V6ehsZU2wLfoN1%2BF5ZnIqpdKCNJ0JxhkYTg5fob1Otc%3D%0As=b49f8cd99f15f718b75c1e46c1a72fef56c29b97114c12d1230111a11edff802
 | tristan.gul...@monash.edumailto:tristan.gul...@monash.edu






** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found 
athttp://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=V6ehsZU2wLfoN1%2BF5ZnIqpdKCNJ0JxhkYTg5fob1Otc%3D%0As=a5447bfb2f84d51032e5fc25ed92a4f9ade495f1f69e74ee3a98e202f6f7916a.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=V6ehsZU2wLfoN1%2BF5ZnIqpdKCNJ0JxhkYTg5fob1Otc%3D%0As=a5447bfb2f84d51032e5fc25ed92a4f9ade495f1f69e74ee3a98e202f6f7916a.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion 

RE: Wireless RFPs

[McClintic, Thomas]

That can depend on your scope. Are you looking for a one for one swap of the 
hardware? Are you looking to expand your wireless coverage? Make sure you 
identify the deliverables. Most importantly site survey documentation prior to 
the installation for your review. Provide your minimum RSSI for a and g. If you 
are allowing the vendor/contractor to specify your hardware you may want to 
allow only specific APs your team is comfortable supporting. 

RFPs can be tricky, you want to it be exact enough to not limit your 
contractors. Sometimes you may put a specific AP model  antenna or your 
placement when the vendor has alternatives that could save on costs or enhance 
the service.

If you don't have a PM I would get one involved to assist.

Good Luck!

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christopher Wieringa
Sent: Friday, March 28, 2014 7:26 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless RFPs

I'm going down the road of issuing my first RFP for wireless replacement for a 
set of buildings.  My team and I have never issued an RFP before, so we're a 
bit unsure about everything that we should include (or shouldn't include) in 
the RFP.

Has anyone issued a wireless RFP that wouldn't mind letting us read over it?  
Also, suggestions for things that must be in the proposal?  

(If you feel like you can share, feel free to send it to me directly if you 
don't want to share with the whole list.)

Thanks a ton!

Chris Wieringa
Sr. Systems Engineer
Calvin Information Technology

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=01m%2BsAZXrelHVZlcDs6CNHxtshFABoLIom%2FOZhfcsqE%3D%0As=3a2824278c7b80a45f5a40fe4a33b99068fa66a74ce9ef61d054dc10637b747c.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Radio specific client count report in Cisco environment

[McClintic, Thomas]

Kitri,

If you are allowing RRM to do TPC you may want to evaluate your layout. TPC is 
setting the PL to 7 because the APs can all see each other. If you turn up the 
PL you may see your utilization for 802.11 climb as well.

Just something to consider, you can also set the Minimum Power Level Assignment 
to something higher, like 10dBm. Just be sure to keep an eye on utilization at 
the AP.

Totally off subject, but tossing it out there

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kitri Waterman
Sent: Monday, March 24, 2014 10:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Radio specific client count report in Cisco 
environment

Cisco has a WLC config checker here.


https://supportforums.cisco.com/document/7711/wlc-config-analyzerhttps://urldefense.proofpoint.com/v1/url?u=https://supportforums.cisco.com/document/7711/wlc-config-analyzerk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=7hn5no7F102IkSNWt3ijBEG3n%2FCpCjqGktnbSFp2zmk%3D%0As=09e683c661b6ee7aad3d167fe4221b56fa2497762821339d5f752aa1aa006f2c




Running our config through it revealed that we have a large amount of 2.4 
radios at power level 7...which translates to 2 dBM...meaning your radios could 
just be WAY powered down.

Make sure you have no output to the WLC console and then run config paging 
disable and then show run-config. Dump all that output into the analyzer.

Kitri

On 3/24/14 7:35 AM, Jim Glassford wrote:
Hi,

I can not answer your question, I have looked for this also but also I really 
do not trust WCS/NCS/Prime N to give an accurate output.

Still using some perl scripts from FAT AP days and modified these to 
double-check the capwap units are taking clients.
Check for clients on APs and what radios they are working on, if no counts when 
feel there should be, then take a closer look what is going on.
If you have anything left over from managing individual APS and wanted to 
reuse, the hard part for me was understanding hitting the WLC then appending 
the MAC address of the AP to query the MIB and all has to be in decimal. Can 
then pull a client MAC address list from each AP, change to decimal and query 
again to get the radio information for each client and other information if 
wanted.

Electrical brown outs and other issues has caused APs to look fine but not take 
clients for us on array of AP models and OS versions over the years.

best!
jim



On Sun, Mar 23, 2014 at 8:00 PM, Peter Arbouin 
p.arbo...@qut.edu.aumailto:p.arbo...@qut.edu.au wrote:
Hi,

I was wondering if anyone has been able to run a report that identifies unused 
radios of using Cisco Prime 1.4.

We recently found a room with two access points where a client couldn't 
connect. It turned out that even though the 2.4 radio reported as being on and 
functioning, no clients could connect. One stopped working a few weeks ago, and 
the other three days ago. The 5GHz radios were working fine and had clients 
associated to both access points.

I ran the Client Count report for the affected floor from the Client Reports 
section and this was ok for a small area, as it reports all the access points 
in a graph format, and allowed me to select by radio type.

It got me wondering how many other radios may have a similar problem.

If I run this report for all our access points, there is no sort function, so 
you have to manually look through all the graphs.

In the Device section, there is a Top AP by Client Count This is a handy 
report, as it gives a numeric output and can be sorted, but it seems to be 
total clients for the AP and there is no option to report on just specific 
radio type, so I can only assume that this report only reports access points 
with no associations on any radio.

Any assistance would be greatly appreciated.

Thanks,

Peter.


Peter Arbouin | Network Engineer
IT Networks | Information Technology Services
Queensland University of Technology
Level 3 | 88 Musk Avenue | Kelvin Grove Campus
Mob: 0402476892 | Ph: +61 7 3138 1030tel:%2B61%207%203138%201030
Email: p.arbo...@qut.edu.aumailto:p.arbo...@qut.edu.au

CRICOS No. 00213J

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=7hn5no7F102IkSNWt3ijBEG3n%2FCpCjqGktnbSFp2zmk%3D%0As=8234bda1e33b5466434d90e309277b87d6360aaf341d0c95642f55a0bc43a901.



--
Alan Nord, CCNA
Infrastructure Manager
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] 11ac migration question

[McClintic, Thomas]

We don't use Aruba here, but I believe they use RPSMA while Cisco uses RPTNC. 
That articulating mount comes with the antenna we used.

I found the mount in the wireless journal. 
http://wirelessjournal.tessco.com/app.asp?RelId=5.5.11.9 page 18. Since the 
part number isn't working I would assume they are having production issues?



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kitri Waterman
Sent: Monday, March 17, 2014 4:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

Thomas,

We're looking at the same antenna for an auditorium space as well, so glad to 
hear it's worked out for you.

Considering this universal mount or similar: 
http://www.terra-wave.com/shop/universal-articulating-mount-p-672.htmlhttps://urldefense.proofpoint.com/v1/url?u=http://www.terra-wave.com/shop/universal-articulating-mount-p-672.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=x7iW64iGGord21EeOua30YxbZz9em1rVOt1%2BMtI6UrI%3D%0As=fa4275e3f3fcc9266c8146b6ffb9ce669fc334c2c2bab72c37c226e06a1eaf03

Also, looking at the Cisco AIR-ANT2566P4W-R.



Kitri
--
University of Oregon
On 3/17/14 1:40 PM, McClintic, Thomas wrote:
Sure!

http://www.terra-wave.com/shop/245-ghz-6-dbi-mimo-quad-patch-antenna-with-rptnc-plug-connector-p-2075.htmlhttps://urldefense.proofpoint.com/v1/url?u=http://www.terra-wave.com/shop/245-ghz-6-dbi-mimo-quad-patch-antenna-with-rptnc-plug-connector-p-2075.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=x7iW64iGGord21EeOua30YxbZz9em1rVOt1%2BMtI6UrI%3D%0As=5d8564632488a0ecc616248540cb7726783f1af8e66c62f4191c6c43a1bdd57c

The Georgia Tech story came out after we installed, but looks like these may do 
exactly what some people need in auditoriums (we used 3702 though). We didn't 
get a straight cone like they state in the specs, it seemed to be larger spread 
on the horizontal plane. It worked wonderfully and removed the issues we were 
seeing with the omni which allowed clients to stay on an AP across the room at 
a lower PHY.

They also came out with a very slick mounting bracket after we had begun 
installing. It mounts the AP and the antenna to a flush look that can still be 
angled any direction. I have a quote with the part number, but I can't seem to 
get it to load. SKU 568800 from Tessco.

I'm going to look into the 10/11 ones next, we have a higher ceiling auditorium 
+25 ft. left to do.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Elton
Sent: Monday, March 17, 2014 3:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

 We are using directional patch antennas to keep the coverage to the 
 auditorium as well as use a higher mandatory rate.

Mind sharing what antennas you use?

Thanks

Norman

On Mon, Mar 17, 2014 at 3:12 PM, McClintic, Thomas 
thomas.mcclin...@uth.tmc.edumailto:thomas.mcclin...@uth.tmc.edu wrote:
We have installed in a few auditoriums to help enhance the wireless there. We 
are using directional patch antennas to keep the coverage to the auditorium as 
well as use a higher mandatory rate.

I have seen no issues with clients hanging on to ac, however I see only about 
5-10% of users associating with ac right now. I'm sure that will change in the 
next year.

This is our strategy on ac for now, we are deploying in high density areas and 
using various mechanisms to isolate the coverage cell.


TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271tel:%28713%29%20486-2271 tel | (713) 
364-8683tel:%28713%29%20364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Cameron, Damien L.
Sent: Monday, March 17, 2014 2:03 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

I believe it's recommended that you upgrade floor by floor, and building by 
building.

If you don't have that capability, I would suggest upgrading the hardware, but 
not enable the VHT capabilities until all hardware has been upgraded. I'm not 
totally sure of .11ac's protection mechanisms, but doing this would also avoid 
any unforeseen issues of an mixing VHT clients/APs with non-VHT clients/APs.

Damien Cameron
Network Engineer
Norfolk State University
Office of Information Technology
Marie v. McDemmond Center for applied Research
Room 401
555 Park Avenue
Norfolk, VA 23504
O: (757) 823-9123tel:%28757%29%20823-9123


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN

RE: [WIRELESS-LAN] 11ac migration question

[McClintic, Thomas]

We have installed in a few auditoriums to help enhance the wireless there. We 
are using directional patch antennas to keep the coverage to the auditorium as 
well as use a higher mandatory rate.

I have seen no issues with clients hanging on to ac, however I see only about 
5-10% of users associating with ac right now. I'm sure that will change in the 
next year.

This is our strategy on ac for now, we are deploying in high density areas and 
using various mechanisms to isolate the coverage cell.


TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271 tel | (713) 364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cameron, Damien L.
Sent: Monday, March 17, 2014 2:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

I believe it's recommended that you upgrade floor by floor, and building by 
building.

If you don't have that capability, I would suggest upgrading the hardware, but 
not enable the VHT capabilities until all hardware has been upgraded. I'm not 
totally sure of .11ac's protection mechanisms, but doing this would also avoid 
any unforeseen issues of an mixing VHT clients/APs with non-VHT clients/APs.

Damien Cameron
Network Engineer
Norfolk State University
Office of Information Technology
Marie v. McDemmond Center for applied Research
Room 401
555 Park Avenue
Norfolk, VA 23504
O: (757) 823-9123


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeff Kell
Sent: Sunday, March 16, 2014 1:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

Have seen similar results with Dell laptop locking onto 802.11n at a distance 
and ignoring same room a/b/g.  We are trying to avoid mixed deployments, and 
sounds like the same concerns extend to 11ac as well.

Jeff

On 3/15/2014 11:12 PM, Alok Vimawala wrote:
Hi Frank,

We just had an interesting incident in one of our buildings where half of the 
ac radios stopped working. The building has Cisco 3602i APs with the add-on 
802.11ac Wave-1 module. So, the building turned into a mixed 802.11n and 
802.11ac deployment on the 5GHz spectrum. What we saw in that building was that 
new Apple MacBook Pros with the 802.11ac capable chipsets were preferring to 
associated with a bad 802.11ac signal rather than connecting to a great (AP 
right above the laptop) 802.11n signal.

Clients seem to prefer protocols with highest theoretical throughput regardless 
of signal strength and that behavior hasn't really changed since the days when 
802.11n was first introduced. My recommendation would be to avoid mixed 5GHz 
802.11n and 802.11ac environments.

Thanks,

Alok Vimawala
University of Michigan

On Sat, Mar 15, 2014 at 9:54 PM, Frank Sweetser 
f...@wpi.edumailto:f...@wpi.edu wrote:
Hello all,

  we're beginning plans to upgrade our wireless infrastructure from 11n to 
11ac, and I'm hoping that someone can chime in on their experience with mixed 
capability buildings.

When we first went from  11a/b/g to 11n, we found that clients in buildings 
with mixed capability APs had some odd roaming issues - and by odd, I mean 
utterly braindead.  A fair number of clients would aggressively latch onto an 
11n AP at -80, while ignoring an a/b/g AP in the same room at -50, with 
predictably poor results.  In the end, we had to ensure that buildings were 
upgraded in full, rather than incrementally, to fix the complaints.

My question is, has anyone seen similar issues in buildings with a mix of 11ac 
and 11n APs?

--
Frank Sweetser fs at 
wpi.eduhttps://urldefense.proofpoint.com/v1/url?u=http://wpi.eduk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=lwbu5AiAuwTjD6PUOrvHW6VKFYy0Iz2P%2BqhdVY75ng4%3D%0As=5fbcc40d23368897c190a445e95b80b80aa6245b9c9fb9492aa76250e14c1589
|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=lwbu5AiAuwTjD6PUOrvHW6VKFYy0Iz2P%2BqhdVY75ng4%3D%0As=93f94e0564ab3b39e45723942e13457da1462d507f0dc160d1ff8ea911dea2fc.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] 11ac migration question

[McClintic, Thomas]

Sure!

http://www.terra-wave.com/shop/245-ghz-6-dbi-mimo-quad-patch-antenna-with-rptnc-plug-connector-p-2075.html

The Georgia Tech story came out after we installed, but looks like these may do 
exactly what some people need in auditoriums (we used 3702 though). We didn't 
get a straight cone like they state in the specs, it seemed to be larger spread 
on the horizontal plane. It worked wonderfully and removed the issues we were 
seeing with the omni which allowed clients to stay on an AP across the room at 
a lower PHY.

They also came out with a very slick mounting bracket after we had begun 
installing. It mounts the AP and the antenna to a flush look that can still be 
angled any direction. I have a quote with the part number, but I can't seem to 
get it to load. SKU 568800 from Tessco.

I'm going to look into the 10/11 ones next, we have a higher ceiling auditorium 
+25 ft. left to do.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Norman Elton
Sent: Monday, March 17, 2014 3:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

 We are using directional patch antennas to keep the coverage to the 
 auditorium as well as use a higher mandatory rate.

Mind sharing what antennas you use?

Thanks

Norman

On Mon, Mar 17, 2014 at 3:12 PM, McClintic, Thomas 
thomas.mcclin...@uth.tmc.edumailto:thomas.mcclin...@uth.tmc.edu wrote:
We have installed in a few auditoriums to help enhance the wireless there. We 
are using directional patch antennas to keep the coverage to the auditorium as 
well as use a higher mandatory rate.

I have seen no issues with clients hanging on to ac, however I see only about 
5-10% of users associating with ac right now. I'm sure that will change in the 
next year.

This is our strategy on ac for now, we are deploying in high density areas and 
using various mechanisms to isolate the coverage cell.


TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271tel:%28713%29%20486-2271 tel | (713) 
364-8683tel:%28713%29%20364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Cameron, Damien L.
Sent: Monday, March 17, 2014 2:03 PM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

I believe it's recommended that you upgrade floor by floor, and building by 
building.

If you don't have that capability, I would suggest upgrading the hardware, but 
not enable the VHT capabilities until all hardware has been upgraded. I'm not 
totally sure of .11ac's protection mechanisms, but doing this would also avoid 
any unforeseen issues of an mixing VHT clients/APs with non-VHT clients/APs.

Damien Cameron
Network Engineer
Norfolk State University
Office of Information Technology
Marie v. McDemmond Center for applied Research
Room 401
555 Park Avenue
Norfolk, VA 23504
O: (757) 823-9123tel:%28757%29%20823-9123


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeff Kell
Sent: Sunday, March 16, 2014 1:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 11ac migration question

Have seen similar results with Dell laptop locking onto 802.11n at a distance 
and ignoring same room a/b/g.  We are trying to avoid mixed deployments, and 
sounds like the same concerns extend to 11ac as well.

Jeff

On 3/15/2014 11:12 PM, Alok Vimawala wrote:
Hi Frank,

We just had an interesting incident in one of our buildings where half of the 
ac radios stopped working. The building has Cisco 3602i APs with the add-on 
802.11ac Wave-1 module. So, the building turned into a mixed 802.11n and 
802.11ac deployment on the 5GHz spectrum. What we saw in that building was that 
new Apple MacBook Pros with the 802.11ac capable chipsets were preferring to 
associated with a bad 802.11ac signal rather than connecting to a great (AP 
right above the laptop) 802.11n signal.

Clients seem to prefer protocols with highest theoretical throughput regardless 
of signal strength and that behavior hasn't really changed since the days when 
802.11n was first introduced. My recommendation would be to avoid mixed 5GHz 
802.11n and 802.11ac environments.

Thanks,

Alok Vimawala
University of Michigan

On Sat, Mar 15, 2014 at 9:54 PM, Frank Sweetser 
f...@wpi.edumailto:f...@wpi.edu wrote:
Hello all,

  we're beginning plans to upgrade our wireless infrastructure from 11n to 
11ac, and I'm hoping that someone can chime in on their experience with mixed 
capability buildings.

When we first went from  11a/b/g to 11n, we found that clients in buildings

RE: [WIRELESS-LAN] 7.4 to 7.6 upgrade

[McClintic, Thomas]

Danny,

Were you running 7.4 with that disabled as well and 7.6 turned it back on? We 
are running SecureWeb without issue, however we use web-passthrough.

John,

Did you see this on your anchor controller?

~TJ

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 10, 2014 10:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 7.4 to 7.6 upgrade

The issue I saw when I upgraded was that on the web-auth failing was that on 
the Management tab of the WiSM-2, under HTTP-HTTPS, the WebAuth SecureWeb 
was enabled by default.  Our Mac laptops did not like that, so after disabling 
that option everything was working fine.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Monday, March 10, 2014 10:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7.4 to 7.6 upgrade

Hi
Along with installing the latest  security patch, I tried to go from Cisco WLC 
7.4 to 7.6 this weekend.  However, it broke our web auth.  I had lots of error 
messages from the controller about improper web requests.  The release notes 
mention something about fragmented requests no longer working, but I didn't 
think our web auth additions were complicated enough to cause anything.  Has 
anyone else seen this?
Thanks
John
!DSPAM:911,531ddcad44331955614800!
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=Ckkva17tvUMKq9H1oFU6cGVS%2FjfBi40S5RmmwZOXXvc%3D%0As=4b12f20ffd5b81d5adcf811c0427256653609ef9a7d87d9067425ddaef53a2d3.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: RLDP Feature?

[McClintic, Thomas]

The open SSIDs that RLDP will look for will be during the day when personal 
devices are out and about. If  you are looking for something someone hooked up, 
that would work if they leave it on overnight. Try turning it on for a night 
and see what it finds, sounds like a good idea to me. I see it firing off more 
in the daytime though.

To be honest, it's a nuisance. It causes inconsistency in your network. It is 
best to use the rule of separating client supporting devices and monitoring 
devices. 


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Wednesday, March 05, 2014 5:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] RLDP Feature?

I agree.  But for a short term solution to bridge the gap until we install the 
dedicated AP's - I think toggling RLDP on/off for Local mode AP's at scheduled 
intervals after hours might be a decent option.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of McClintic, Thomas 
[thomas.mcclin...@uth.tmc.edu]
Sent: Wednesday, March 05, 2014 4:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] RLDP Feature?

I would rather use Rogue Detector APs. We have RLDP enabled here, we are 
working toward incorporating Rogue Detector APs instead.

RLDP only works on open SSIDs and impacts valid client performance.

Rogue Detectors can sense secured networks for wired rogues.

We do not currently use any real-time voice applications.

Thanks



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Wednesday, March 05, 2014 3:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] RLDP Feature?

For those running Cisco I am wondering how many of you have the RLDP feature 
enabled on your controllers, and if you support real-time voice applications 
like Vocera - have you noticed any affect to their performance, and 
connectivity?

I am looking at enabling the feature with alerting only -no auto-containment 
just yet- in order to gain a bit more detailed info regarding the rogues in our 
environment.  From the Cisco document here:  
https://urldefense.proofpoint.com/v1/url?u=http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0As=4a01be1a611d0300de7f7e638438a274101d03538be6fd449acad9dc97789836
  ...It says  During the RLDP process, the AP is unable to serve clients. This 
will negatively impact performance and connectivity for local mode APs.  
Interested to know your experience if any with this.

Thanks,

Curtis Larsen
University of Utah


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0As=06047f242b1b04bf8c6c1583f82c4f3b6c0968bd3e31d2aed0ccd79c6b115542.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=fgBPbABqGYg3RVszrcTUPz1%2B0KshmyF1lpzTbXu9R4Q%3D%0As=0bd9b5a126224dcdc11ec7faa7b5246bc987cbbd9c495222ce945c753fcdd19d.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=fgBPbABqGYg3RVszrcTUPz1%2B0KshmyF1lpzTbXu9R4Q%3D%0As=0bd9b5a126224dcdc11ec7faa7b5246bc987cbbd9c495222ce945c753fcdd19d.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: RLDP Feature?

[McClintic, Thomas]

I would rather use Rogue Detector APs. We have RLDP enabled here, we are 
working toward incorporating Rogue Detector APs instead.

RLDP only works on open SSIDs and impacts valid client performance.

Rogue Detectors can sense secured networks for wired rogues.

We do not currently use any real-time voice applications.

Thanks



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Wednesday, March 05, 2014 3:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] RLDP Feature?

For those running Cisco I am wondering how many of you have the RLDP feature 
enabled on your controllers, and if you support real-time voice applications 
like Vocera - have you noticed any affect to their performance, and 
connectivity?

I am looking at enabling the feature with alerting only -no auto-containment 
just yet- in order to gain a bit more detailed info regarding the rogues in our 
environment.  From the Cisco document here:  
https://urldefense.proofpoint.com/v1/url?u=http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0As=4a01be1a611d0300de7f7e638438a274101d03538be6fd449acad9dc97789836
  ...It says  During the RLDP process, the AP is unable to serve clients. This 
will negatively impact performance and connectivity for local mode APs.  
Interested to know your experience if any with this.

Thanks,

Curtis Larsen
University of Utah


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0As=06047f242b1b04bf8c6c1583f82c4f3b6c0968bd3e31d2aed0ccd79c6b115542.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Strange 802.1x behavior with single signon

[McClintic, Thomas]

We have started using a group policy for user AD authentication on our loaner 
laptops, here are the instructions sent to the desktop folks:

Click Start
In the search box type group policy
Press ENTER
Open the following folder:
Computer Configuration  Administrative Templates  System  Logon

Double click on the Always wait for the network at computer startup and logon 
setting

Click the radio button to Enabled
Click OK and Exit Local Group Policy Editor
Restart the machine, disconnect from the wired network and verify the logon 
process works for a new user

We use user authentication only, so there may be a change for you. Test it, let 
me know if it works in your environment as well.

Thanks.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Kaftan
Sent: Monday, February 10, 2014 3:58 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Strange 802.1x behavior with single signon

I tried that and got the same results.

I am able to get a packet capture of the traffic just before it hits the radio 
and can see that the arp replies are making it that far.  So I believe they are 
getting on-the-air to get back to my client.  I have found that if I have 
logged on the machine successfully before I get on the desktop.  If I have not 
logged onto the machine before I get No logon servers found.  I installed 
Wireshark on one of the machines and was able to get on the desktop and run 
Wireshark while this is happening and I do not see any packets reaching the 
machine via the wireless NIC.  However, if I disconnect and reconnect from the 
wireless network it starts working immediately.

I am not sure about the ins and outs of what is going on with 802.1x and 
Enterprise WPA2 but I believe the encryption key comes from a combination of 
the username and password if you are not using certificates.  I am wondering if 
my issue is that the client or the wireless controller is not re-keying the 
encryption when the user changes from computer to user.  If that was the case 
the AP would be sending the encryption using one key and client would be 
deciphering using another key thus the traffic would never hit the stack.


On Sat, Feb 8, 2014 at 1:06 PM, Tim Cappalli 
cappa...@brandeis.edumailto:cappa...@brandeis.edu wrote:
Do you have this issue if you leave computer and user but uncheck Single Sign 
On?

As far as I know, Single Sign-on is an alternative to machine authentication. I 
don't think it is designed to be used with it.

By default, Windows will switch to user authentication at the desktop.

Single sign allows the users credentials to be used to authenticate and contact 
AD vs machine auth which uses the computers account to contact AD.

Tim


Tim Cappalli  |  ACCP /  ACMP /  CCNA
Wireless Engineer  |  Brandeis University
cappa...@brandeis.edumailto:cappa...@brandeis.edu | (617) 
701-7149tel:%28617%29%20701-7149

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of John Kaftan
Sent: Friday, February 7, 2014 4:05 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Strange 802.1x behavior with single signon

We have a number of laptops that are mobile labs (Tanks) and in the library for 
students to check out.

We push the 802.1x settings via AD and it works very well.  The problem we have 
run into is that when we have login set to 'user or computer' and check single 
sign-on it comes up and logs into the network using the computer name just 
fine.  But then when the user logs in it immediately authenticates 802.1x as 
the user and then proceeds to churn until ultimately failing with No logon 
servers found.

The strangest thing about this is that packet captures reveal that while the 
machine is churning it is sending out ARPs for its gateway.  The gateway 
replies but the client ignores it.  It does this 30-40 times before giving up.

If the user has logged onto the machine before they will get on with cached 
credentials and they will be fine, other than being grumpy over how long it 
takes to get on.  If they have never logged on before they will get the dreaded 
No logon servers found

Doing a 'ARP -a' at the command line reveals the gateway address is listed and 
the machine is able to browse just fine.

I don't think this is a wireless\policy issue as I set up the client to get our 
IT_Admins profile no matter what and also after the client finally stops asking 
for the gateway's mac address everything is fine.

Our work around is to just set it to Computer authentication only.  This is a 
bummer because we lose visibility as well as the ability to apply user based 
profiles.


--
John Kaftan
IT Infrastructure Manager
Utica College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be 

RE: [WIRELESS-LAN] DAS Wireless

[McClintic, Thomas]

With the FCC changes coming on March 1st regarding signal boosters, working 
with the carriers is now required. We have started getting approached by 
carriers here too.

http://wireless.fcc.gov/signal-boosters/index.html


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jess Walczak
Sent: Monday, February 10, 2014 10:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] DAS Wireless

I second that desire.  I think we could see a huge demand for this from both 
directions (i.e. institutions and carriers) this year, though admittedly, the 
carriers have much to gain by continuing to simply let our institutional 
wireless carry the load for their devices.
Thanks!--JW
Jess Walczak
Senior Network Analyst
University of St. Thomas
2115 Summit Avenue
Saint Paul, MN 55105

On Mon, Feb 10, 2014 at 10:45 AM, Sullivan, Don 
dsulli...@samford.edumailto:dsulli...@samford.edu wrote:
No, but I would really be interested in your experience if you go through with 
it.


Don Sullivan
Network Adminstrator
Technology Services

205-726-2111tel:205-726-2111 | office
205-566-1432tel:205-566-1432 | mobile
205-726-2524tel:205-726-2524 | fax

dsulli...@samford.edumailto:dsulli...@samford.edu
www.samford.eduhttps://urldefense.proofpoint.com/v1/url?u=http://www.samford.eduk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=3QuZ%2B2g7AlpTnjRPmPJFPpT3bs%2BpVvdMJRcQmJJLfNA%3D%0As=1a1e45c097ebcf985cfbbd83306515e8bbd0d6298476991c8f39247bc3c1f831
800 Lakeshore Drive, Birmingham, AL 
35229https://urldefense.proofpoint.com/v1/url?u=http://maps.google.com/maps?q%3D800%2BLakeshore%2BDrive%2C%2BBirmingham%2C%2BAL%2B35229%2C%2BUSk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=3QuZ%2B2g7AlpTnjRPmPJFPpT3bs%2BpVvdMJRcQmJJLfNA%3D%0As=a4eebf0796f1df25cd31d491c7fe3a9cfcf7f741e80e55140d94dd0a513342ec

[Samford University Logo]



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Ray DeJean
Sent: Monday, February 10, 2014 10:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] DAS Wireless


All,

We've been approached by wireless company to install a DAS (distributed antenna 
system) throughout our campus.  They would then market the system to local 
carriers, which would increase their coverage (we have pretty poor ATT service 
on campus).  There would be revenue sharing and they've offered to assist in 
expanding our 802.11 coverage as well.

Just wondering if anyone else has entered into a similar agreement with a 
wireless company, and how it's working out for you.

thanks,
Ray
--
Ray DeJean
Systems Engineer
Southeastern Louisiana University
email: r...@selu.edumailto:r...@selu.edu
http://r-a-y.orghttps://urldefense.proofpoint.com/v1/url?u=http://r-a-y.orgk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=3QuZ%2B2g7AlpTnjRPmPJFPpT3bs%2BpVvdMJRcQmJJLfNA%3D%0As=e6fc1597396165cd521edaeb1e0128ce8db382697be73e00fd5c833dbb7d8770
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=3QuZ%2B2g7AlpTnjRPmPJFPpT3bs%2BpVvdMJRcQmJJLfNA%3D%0As=71fd5ef442582d0ec22dc1a40d60362fd3472a5bcf25bb25c7d379826ee47ec7.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=3QuZ%2B2g7AlpTnjRPmPJFPpT3bs%2BpVvdMJRcQmJJLfNA%3D%0As=71fd5ef442582d0ec22dc1a40d60362fd3472a5bcf25bb25c7d379826ee47ec7.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

inline: image001.png

RE: [WIRELESS-LAN] Cisco WLC 7.6 code

[McClintic, Thomas]

Those that are seeing issues, what is your Global IPv6 Config setting? 

I have been running 7.6 in test and am unable to replicate the issue in my test 
environment. I will turn off the g radios to see if I can force the issue here.

Thanks

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Friday, January 31, 2014 3:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 7.6 code

Just curious because I'm starting to get reports about random OSX all versions 
and some Samsung/nexus, all dropping connections and then getting 169 ip.  
Toggle wifi on/off has been fixing.  All seem to be happening on the 5GHz 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Spurgeon, Charles E
Sent: Friday, January 31, 2014 2:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 7.6 code

No solid bugID so far, but we are expecting one soon. Work is continuing, and 
we have been providing Cisco with debugs, packet captures, config files, sho 
tech, etc.

Cisco has a bugID which contains most of the elements involved in what we are
seeing: CSCuj17283.

At this point I think that they are in the process of confirming that our issue 
fits within this bug, and improving their bugID information.

-Charles

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Friday, January 31, 2014 9:32 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 7.6 code

Any new updates regarding this issue?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Spurgeon, Charles E
Sent: Monday, January 27, 2014 10:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 7.6 code

That is correct. So far the issue occurs only on the 5GHz radios in those 
models.

Cisco was able to replicate last week, and is still working on root cause 
analysis. There is no bugID as yet.

-Charles

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott Allen
Sent: Monday, January 27, 2014 9:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco WLC 7.6 code

This issue just affects 3700s and 3600s with the AC module installed, correct?
-Scott

On Mon, Jan 27, 2014 at 9:58 AM, Spurgeon, Charles E 
c.spurg...@austin.utexas.edu wrote:
 UT Austin will not be deploying 7.6.100.0 until the issue that is 
 causing connection loss on all Mac OSX clients (and reportedly 
 affecting other platforms as well) is resolved, or an acceptable 
 workaround developed.



 Current status is that the TAC has replicated the issue, and wireless 
 developers are working to determine the root cause.



 -Charles



 Charles E. Spurgeon

 University of Texas at Austin / ITS Networking

 c.spurg...@its.utexas.edu / 512.475.9265



 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Timothy J.
 Meade
 Sent: Thursday, January 23, 2014 5:04 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Cisco WLC 7.6 code



 Hey everyone.   Our campus is planning an upgrade of our WLC's from 7.4 code
 to 7.6 code.  Reading past postings in this list serv it seems that 
 there were initial problems some clients (OSX) were having.  Have 
 these been resolved and do you feel 7.6 is stable?  Feature wise we 
 are looking at enabling the location specific services features of the 
 Bonjour gateway.
 Thanks in advance for the advice.

 Tim Meade
 The University of Scranton

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=SSkc0EsgHv%2B7Zhk%2FEfIVMnlarsUhpafEXTytQi8AyXM%3D%0As=1ccce53c3f2c38afeb075e94748ba1f80c7534a8e0ebd75d8332019344d9632d.

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=SSkc0EsgHv%2B7Zhk%2FEfIVMnlarsUhpafEXTytQi8AyXM%3D%0As=1ccce53c3f2c38afeb075e94748ba1f80c7534a8e0ebd75d8332019344d9632d.



-- 

Scott Allen
Director, Network Services
Georgetown University
sc...@georgetown.edu
mobile - 202-309-5739

**
Participation and subscription information for this EDUCAUSE Constituent Group 

RE: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

[McClintic, Thomas]

I have been told 2.1 is expected sometime around March, and 2.2 (which is now 
the merger back from 1.4) will be in July timeframe. Your date of June looks 
similar, but they are changing the version number because 2.1 needs to be 
released along with 1.4.1(MR not patch).

I also hear 8.0MR will be in June...

Hope this helps,

TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271 tel | (713) 364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce
Sent: Monday, January 27, 2014 12:55 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Same boat - running instances of 7.5 now, moving to 7.6.
I've stayed on PI 1.3 to date (even w/7.5)  but was planning to move to 1.4 for 
7.6.

Although I thought this an interesting 
notehttps://urldefense.proofpoint.com/v1/url?u=http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=OtQzwo9dRV4mtQhyngVhAEy8gA%2BLDUks08bfzmqhC3c%3D%0As=f46bf3b1dd5b0fa12f1864a67c7deeb60df8ae94b95031322d7fbc9f294b162c
 re: PI 1.4.0.45 -  so still not really 'there'.
The Update 1 for Cisco Prime Infrastructure 1.4.0.45 enables you to manage 
Cisco WLC 7.6.100.0 with the features of Cisco WLC 7.5.102.0 and earlier 
releases. This release does not support any new features of Cisco WLC 7.6.100.0 
including the new access point platforms.

I hear 2.1 is ~July timeframe, hoping these two trains do actually come 
together at that point.

hm, boats and trains... we need a plane in here somewhere.. ;-)

Garry Peirce
University of Maine System

On Thu, Jan 23, 2014 at 5:01 PM, Dan Brisson 
dbris...@uvm.edumailto:dbris...@uvm.edu wrote:
Good to know re: 7.6.  I am curious, though, about the Prime version.  We are 
on 2.0 and looking at the 7.6 release notes shows this:

Cisco Prime Infrastructure 1.4.1 is needed to manage Cisco WLC software Release 
7.6.100.0.

We are in the same boat as Matt - don't really use Prime to manage the WLCs 
and at the moment don't have a spare WLC to test with.

Can anyone comment on that combination of code versions?

-dan



On 1/23/2014 4:52 PM, Mike Albano wrote:
Same here.

Mike

-The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
wrote: -
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: Lee H Badman
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
Date: 01/23/2014 11:58AM
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?
I can weigh in on 7.6 code- thus far, after almost a month, it is as stable as 
any code we've had on our very large environment. I can't speak as kindly about 
PI... but not sure anyone can.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, January 23, 2014 2:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Good Afternoon

We are looking at deploying more APs in our campuses and the 3700 seems to be 
the best choice at the moment. The issues we have is we are not at 7.6 Code 
level yet so we'd have to get there for the 3700s to work. We are also running 
Prime 2.0 currently. We are new to Prime so are mostly using it for 
troubleshooting and monitoring, and not for managing our controllers.

My questions are:
- Is 7.6 stable enough to upgrade to? I see some threads on here that are a bit 
scary in relation to 7.6 :)
- Does anyone know if Prime monitoring capabilities would still be available if 
we upgraded our controllers to 7.6? I'd test this myself, but all controllers 
we have are production!

Any info you can provide is greatly appreciated.

Thanks


Matt
New Brunswick Community College
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=OtQzwo9dRV4mtQhyngVhAEy8gA%2BLDUks08bfzmqhC3c%3D%0As=acc76536c2aa6b3fbb253b13a3d4d7bc8fc1499e5a336f4535293bef92db75d3
 .
**Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

RE: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

[McClintic, Thomas]

I cannot confirm, I recommend asking your SE.

How it was explained to me made perfect sense. They are not ready for the 
converged 2.x and need to get a release out for the 7.6 features sooner. 
June-July just isn’t going to cut it for most of us.

I wish I had more to offer you.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Voll, Toivo
Sent: Monday, January 27, 2014 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Can you get confirmation that 2.2, rather than 2.1, is the release that 
converges and will support upgrades from 1.4 and both AireOS and IOS based 
controllers? We’re still under the impression that this happens with 2.1.

--
Toivo Voll
Network Engineer
Information Technology Communications
University of South Florida

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Monday, January 27, 2014 2:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

I have been told 2.1 is expected sometime around March, and 2.2 (which is now 
the merger back from 1.4) will be in July timeframe. Your date of June looks 
similar, but they are changing the version number because 2.1 needs to be 
released along with 1.4.1(MR not patch).

I also hear 8.0MR will be in June…….

Hope this helps,

TJ McClintic
Senior Network Engineer, Network Operations
[2269655.jpg]
Communication Services | Network Operations
7000 Fannin | Suite M50 | Houston, TX 77030
(713) 486-2271 tel | (713) 364-8683 mob
www.uth.eduhttp://www.uth.edu/



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garret Peirce
Sent: Monday, January 27, 2014 12:55 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Same boat - running instances of 7.5 now, moving to 7.6.
I've stayed on PI 1.3 to date (even w/7.5)  but was planning to move to 1.4 for 
7.6.

Although I thought this an interesting 
notehttps://urldefense.proofpoint.com/v1/url?u=http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.htmlk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=OtQzwo9dRV4mtQhyngVhAEy8gA%2BLDUks08bfzmqhC3c%3D%0As=f46bf3b1dd5b0fa12f1864a67c7deeb60df8ae94b95031322d7fbc9f294b162c
 re: PI 1.4.0.45 -  so still not really 'there'.
The Update 1 for Cisco Prime Infrastructure 1.4.0.45 enables you to manage 
Cisco WLC 7.6.100.0 with the features of Cisco WLC 7.5.102.0 and earlier 
releases. This release does not support any new features of Cisco WLC 7.6.100.0 
including the new access point platforms.

I hear 2.1 is ~July timeframe, hoping these two trains do actually come 
together at that point.

hm, boats and trains... we need a plane in here somewhere.. ;-)

Garry Peirce
University of Maine System

On Thu, Jan 23, 2014 at 5:01 PM, Dan Brisson 
dbris...@uvm.edumailto:dbris...@uvm.edu wrote:
Good to know re: 7.6.  I am curious, though, about the Prime version.  We are 
on 2.0 and looking at the 7.6 release notes shows this:

Cisco Prime Infrastructure 1.4.1 is needed to manage Cisco WLC software Release 
7.6.100.0.

We are in the same boat as Matt - don't really use Prime to manage the WLCs 
and at the moment don't have a spare WLC to test with.

Can anyone comment on that combination of code versions?

-dan


On 1/23/2014 4:52 PM, Mike Albano wrote:
Same here.

Mike

-The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
wrote: -
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: Lee H Badman
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv
Date: 01/23/2014 11:58AM
Subject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?
I can weigh in on 7.6 code- thus far, after almost a month, it is as stable as 
any code we’ve had on our very large environment. I can’t speak as kindly about 
PI… but not sure anyone can.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, January 23, 2014 2:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Good Afternoon

We are looking at deploying more APs in our campuses and the 3700 seems to be 
the best choice at the moment. The issues we have is we are not at 7.6 Code 
level yet so we’d have to get there for the 3700s to work. We are also running 
Prime 2.0 currently. We are new to Prime so are mostly using it for 
troubleshooting and monitoring