Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Michael Davis]

We see about 28K devices peak and so far haven't seen the issue crop 
up.  We did
just upgrade to 8.7.1.4 just before the Semester begun, because we were 
getting

smacked by the false radar detection bug that was causing AP reboots.

On 9/2/21 8:50 AM, Rob Harris wrote:

Has anyone seen any details regarding what they consider "Large" environments? 
We upgraded during the break, but both before and after versions are affected. We didn't 
notice this happening before, should we be concerned now?

The "dropped" is 0 and the stm cpu usage is in single digits, but client count 
is really low (they come back this weekend as well), could we be in the clear?

(asked the SE team and opened a tac call, same questions to them)

thx

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jason Healy
Sent: Thursday, September 2, 2021 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [External] Re: [WIRELESS-LAN] Anyone else seeing 
any issues in the fall with large classrooms and delayed connection times 
(Aruba 8.5.0.13)

CAUTION: This email originated from outside The Culinary Institute of America. 
Do not click links or open attachments unless you recognize the sender and know 
the content is safe.

FWIW, Aruba just posted an advisory regarding this issue:

Aruba Support Advisory ARUBA-SA-20210901-PLVL04, "Wi-Fi Client Connectivity Failures 
in Large Client Environments"

Good luck to those of you hit by this. My students start coming back this 
weekend so I'll be watching this closely!

Jason
**
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you 
want to reply only to the person who sent the message, copy and paste their email address 
and forward the email reply. Additional participation and subscription information can be 
found at 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunitydata=04%7C01%7CRobert.Harris%40CULINARY.EDU%7C9624098759e143958e1708d96e0f8742%7C91b9485d8b6d4e2da3caf432e56721bd%7C0%7C0%7C637661835282336222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=%2Bram23JxP8FS6%2BUruT13pfiX%2F5z8mYsT5yywvQeWTTo%3Dreserved=0

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



--
 Mike Davis
 IT - University of Delaware - 302.831.8756
 Newark, DE 19716   Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Anyone else seeing any issues in the fall with large classrooms and delayed connection times (Aruba 8.5.0.13)

[Michael Davis]

Is your backend (controllers - Radius) all jumbo frame clean?  We've 
seen issues

with large EAP-TLS packets getting fragmented.

We also had a specific OS8 release bug affecting AP-515s specifically, 
but it seems
like we're in perpetual bug-chasing mode so I can't recall what version 
that was.

(Probably 8.5 something)

(edit: I just saw the 8.5.0.13 in the subject.   You may have to move 
away from that..)



On 9/1/21 11:27 AM, Turner, Ryan H wrote:


This is a stab in the dark.  With the University mostly shutdown since 
the Spring of 2020 (=not operating in standard mode and most people 
work from home), we got campus upgraded from 6.X to 8.X code base.  
We’ve also installed many 515 series APs.  We are getting a large 
number of complaints in large classrooms that connecting to things 
like eduroam takes a long time.  Looking into the connection, we see 
many incomplete RADIUS challenges.  The general complaints are ‘we 
come into the classroom, and for some folks it can take up to 5 
minutes to get connected’.  The odd thing is that our RADIUS 
infrastructure is very large, polished and load shared, and we can see 
no performance issues with any of the RADIUS servers.  We have begun 
reducing power in the large classrooms to make association issues 
better, but so far that hasn’t changed much.  We anticipate opening a 
ticket with Aruba, soon.  We do seem to see the most complaints in the 
big classrooms.  But I do keep going back to the RADIUS Challenges 
incomplete.  I know if no reason for those not to complete unless the 
connection is broken midway.


Has anyone else seen something like this?

Ryan Turner

Head of Networking

Communication Technologies | Information Technology Services

r...@unc.edu 

+1 919 445 0113 (Office)

+1 919 274 7926 (Mobile)

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware - 302.831.8756
 Newark, DE 19716   Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Papercut Mobility-print and Enterprise mDNS

[Michael Davis]

Thanks to all.   We weren't aware of the DNS option and will look into 
that..


thanks
mike

On 3/19/21 3:14 PM, Tony Skalski wrote:
We've had it running since it was released. We don't use mDNS however. 
The DNS config was not quite working for the few weeks of its life, 
but this was straightened out quickly and has been solid since. We run 
BIND on our name servers with a zone that forwards the discovery 
requests to our mobility print server. This works on all networks, 
wired and wireless. Personally I have never had much luck with 
enterprise mDNS (I'm looking at you AirGroup).


ajs

On Fri, Mar 19, 2021 at 2:04 PM Michael Davis <mailto:da...@udel.edu>> wrote:


We are an Aruba shop, but I'm curious about any campus WiFi
deployments
using
Papercut Mobility-print.

We've recently started looking at the mobility-print feature of
Papercut.  We have it
working in some small and testing deployments, but we're having
difficulty getting
Android and Windows clients (using the papercut app) to see the
Papercut
server.
Those same clients can see other mDNS printers on the wireless
network,
but not
the Papercut server.

If anyone has it working with Android/Windows and maybe added any
service types
to make it happen, I'd love to hear from you.

https://www.papercut.com/products/free-software/mobility-print/
<https://www.papercut.com/products/free-software/mobility-print/>

thanks
mike
-- 


*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu <http://stolaf.edu>




**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Papercut Mobility-print and Enterprise mDNS

[Michael Davis]

We are an Aruba shop, but I'm curious about any campus WiFi deployments 
using

Papercut Mobility-print.

We've recently started looking at the mobility-print feature of 
Papercut.  We have it
working in some small and testing deployments, but we're having 
difficulty getting
Android and Windows clients (using the papercut app) to see the Papercut 
server.
Those same clients can see other mDNS printers on the wireless network, 
but not

the Papercut server.

If anyone has it working with Android/Windows and maybe added any 
service types

to make it happen, I'd love to hear from you.

https://www.papercut.com/products/free-software/mobility-print/

thanks
mike

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba Wireless- MacBook WiFi slow on 5gHz channels 60-64

[Michael Davis]

How did you isolate it to channels 60+ and 64- ?   We have started 
seeing odd issues
with MacBooks on AP 200 series APs, but never thought to correlate it to 
channels yet.


Clients are unable to connect or connect with poor performance to APs in 
or right outside
their rooms, but go to other areas or buildings and connect fine. Some 
APs that the Macs

refuse to connect to have iPhones/Windows/Android/etc. systems on them fine.

We are on 8.5.0.7


On 2/24/21 2:32 PM, Jon Marriott wrote:
Has anyone using Aruba wireless experienced poor performance for 
MacBook users on channels 60-64 (40mHz channel width)?
We have been getting a lot of tickets for this issue lately with no 
recent changes.

What I know so far:
Wireless is mostly slow but speed fluctuates. Sometimes pages load 
slowly, other times not at all and the Mac reports "no internet". 
Sometimes it works fine for a short period of time.

Only occurs with MacBooks (but not all)
Only reported so far on 200 series APs (AP-205H and AP-225)
Both 60+ and 64- 40mHz channels seem to have the issue.
Happens all across campus, no specific area
AP is usually close to the client and the signal and SNR are great
When the client roams to another AP/channel the problem resolves 
immediately.


We are on AOS version 8.6.0.7
I do have an open case with Aruba TAC but wanted to see if anyone else 
has seen the issue while I wait.


Jon

--
Jon Marriott
Network Engineer
Library & IT
Bucknell University
570-577-1986





**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 






**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] (EXTERNAL) Re: [WIRELESS-LAN] Aruba Clearpass Voucher System

[Michael Davis]

If you run eduroam on site and depending on what your security view is 
of guests and their access,
you may want to look into just directing long-term guests at the Anyroam 
service (https://www.anyroam.net/)
and enabling access for your campus.  It gives them a 1-year certificate 
and you can program your
clearpass (or other access controls) to give them the same role as a 
WiFi guest, or an eduroam-guest, or

as yet another role as you see fit.


On 1/28/21 10:56 AM, Aaron D. DeVall wrote:


Yeah, I’d like a system where people can register an account on their 
own set for 3 day, (or whatever we decide the default to be), or we 
can give a long term guest a “code” of sorts to have extended access. 
The manual creation of accounts sounds like the way to go. Thanks for 
this information, it’s helpful. We’ll look more into this.


Aaron DeVall

System Administrator

Information Technology

*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
 *On Behalf Of *Cody Ensanian

*Sent:* Thursday, January 28, 2021 9:46 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* (EXTERNAL) Re: [WIRELESS-LAN] Aruba Clearpass Voucher System

CAUTION: This email originated from outside of the organization. Do 
not click links or open attachments unless you recognize the sender 
and know the content is safe.


ClearPass has a Guest module (pretty powerful, you can do a lot with 
it). We use it for a few different things (our captive portal guest 
network, self-registering for a temp username/password for our secure 
network, specialty one-off accounts, etc)


You can manually create guest accounts and set their expiration to 
whatever you’d like, and assign the account the role you’d like (to 
define their access). It maybe sounds like this what you’re trying to 
achieve?


(If you didn’t want to go the ‘manual’ route if you expect a lot of 
these, you could build a registration page in the Guest module for 
these types of guests to register themselves, and build approval into 
your workflow – this way a sponsor has to OK the account and they can 
also set expiration dates)


-Cody

University of Colorado Colorado Springs

*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
> *On Behalf Of *Aaron D. 
DeVall

*Sent:* Thursday, January 28, 2021 8:03 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 


*Subject:* [WIRELESS-LAN] Aruba Clearpass Voucher System

Hey all –

Does anyone know if Aruba Clearpass uses a voucher system for long 
term guests? We used to use Cloudpath which had a voucher system, but 
have moved away from it. Looking for a solution for long-term guests.


Thanks!

Aaron DeVall

System Administrator

Information Technology

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 



**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 



**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 






**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

[Michael Davis]

eing naive.

Thanks for waking me up!

Regards,

Keith

M: (803) 464-2397 O: (919) 962-6564

Sent from my mobile device so please excuse any typos.



*From:*The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> on behalf of Michael
Davis mailto:da...@udel.edu>>
*Sent:* Thursday, December 17, 2020 10:22:13 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
*Subject:* Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6
Experiences?

It's not so rare, it's been happening to our 515s since 8.4.

The AP will upgrade successfully, but the apboot> environment
variable that selects which
partition to boot, never gets changed so it reboots to the old
partition and rinse and repeat.

On 12/17/20 9:03 PM, Miller, Keith C wrote:

2. We hit a “rare” bug that’s only affected a small number of
515s worldwide where the AP gets stuck in a boot/image upgrade
loop and you must physically console into the AP to fix it and
boot from the upgraded partition.

**
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent
the message, copy and paste their email address and forward the
email reply. Additional participation and subscription information
can be found at https://www.educause.edu/community

<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cfs%40WPI.EDU%7C5ddc863f0a924b96501b08d8a35c56ed%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637438964959389090%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=q6ANUGHf0NQD0VYarrAFmDAOQACfLtMpdoHmJ96sHD0%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent
the message, copy and paste their email address and forward the
email reply. Additional participation and subscription information
can be found at https://www.educause.edu/community

<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cfs%40WPI.EDU%7C5ddc863f0a924b96501b08d8a35c56ed%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637438964959389090%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=q6ANUGHf0NQD0VYarrAFmDAOQACfLtMpdoHmJ96sHD0%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent
the message, copy and paste their email address and forward the
email reply. Additional participation and subscription information
can be found at https://www.educause.edu/community

<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cfs%40WPI.EDU%7C5ddc863f0a924b96501b08d8a35c56ed%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637438964959399085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=vUtmoCjM5JXcmov9oummhrAvPuLCi9aVyIinDv96XJw%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent
the message, copy and paste their email address and forward the
email reply. Additional participation and subscription information
can be found at https://www.educause.edu/community

<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=04%7C01%7Cfs%40WPI.EDU%7C5ddc863f0a924b96501b08d8a35c56ed%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637438964959399085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000=vUtmoCjM5JXcmov9oummhrAvPuLCi9aVyIinDv96XJw%3D=0>


**
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent
the message, copy and paste their email address and forward the
email reply. Additional participation and subscription information
can be found at https://www.educause.edu/community
<https://www.educause.edu/community>

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 
<https://www.educause.edu/community>





**
Replies to EDUCAUSE 

Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

[Michael Davis]

I reported to them last Fall and was working with a tier 2 or 3 engineer 
on the issue,
but the only resolve was to console in and change the boot partition 
flag manually.
Since that was a work around and I ran out of example failed APs to 
test, the case was

closed with the workaround.

On 12/18/20 6:32 AM, Miller, Keith C wrote:
That’s the one. Have you reported it to them? I didn’t pull the word 
rare out of thin air... That’s what I’ve been told and that it 
affected roughly 0.0001% of deployed 515s. I guess I’m just being naive.


Thanks for waking me up!

Regards,
Keith
M: (803) 464-2397 O: (919) 962-6564

Sent from my mobile device so please excuse any typos.

*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 


*Sent:* Thursday, December 17, 2020 10:22:13 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 


*Subject:* Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?
It's not so rare, it's been happening to our 515s since 8.4.

The AP will upgrade successfully, but the apboot> environment variable 
that selects which
partition to boot, never gets changed so it reboots to the old 
partition and rinse and repeat.




On 12/17/20 9:03 PM, Miller, Keith C wrote:


2. We hit a “rare” bug that’s only affected a small number of 515s 
worldwide where the AP gets stuck in a boot/image upgrade loop and 
you must physically console into the AP to fix it and boot from the 
upgraded partition.




**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 
<https://www.educause.edu/community>


**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 
<https://www.educause.edu/community>





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] ArubaOS 8.5.0.11 or 8.6.0.6 Experiences?

[Michael Davis]

It's not so rare, it's been happening to our 515s since 8.4.

The AP will upgrade successfully, but the apboot> environment variable 
that selects which
partition to boot, never gets changed so it reboots to the old partition 
and rinse and repeat.




On 12/17/20 9:03 PM, Miller, Keith C wrote:


2. We hit a “rare” bug that’s only affected a small number of 515s 
worldwide where the AP gets stuck in a boot/image upgrade loop and you 
must physically console into the AP to fix it and boot from the 
upgraded partition.





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Client roaming

[Michael Davis]

ple.co%2F3cLBa1Z=02%7C01%7Cjemallon%40ua.edu%7C838c8185582e40d94e7408d86c9803d0%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637378747868024480=fDnsi4xpVAVHvWwYJTT1yIJhvzQancgUybRcCqzPEYc%3D=0> - 
Build Trust Through Better Privacy


https://bit.ly/2SgyQXb 
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbit.ly%2F2SgyQXb=02%7C01%7Cjemallon%40ua.edu%7C838c8185582e40d94e7408d86c9803d0%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637378747868024480=rLMJhnMeptz5wMdIinuBN5IIdd%2FXpL9eC%2BtKeC91KyU%3D=0> - 
You Should Care About DHCP Option 51


https://apple.co/3jnEDWR 
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapple.co%2F3jnEDWR=02%7C01%7Cjemallon%40ua.edu%7C838c8185582e40d94e7408d86c9803d0%7C2a00728ef0d040b4a4e8ce433f3fbca7%7C0%7C0%7C637378747868034474=%2FFqCxIdxHFe870FNwaMMuf9UXPL6Oqop1vfMyV%2FPrLs%3D=0> - 
How To Modernize Your Captive Network//


Maybe it is just us, but we have lots of places where a 12dB delta is 
hard to achieve when designing for dual 5G radio coverage at -65 dB.  
Clients end up skipping an AP (or two) before actually roaming.  Not 
to mention use case and behavior differences between laptops and 
mobile devices like phones and tablets.  You might notice on a laptop 
Zoom session, maybe not with an iPhone VoWi-Fi session.  Our focus was 
on VoWi-Fi, thinking it was the more challenging thing to tackle.   
Remote learning is challenging those assumptions.


*/Mike Atkins /*

Network Engineer

Office of Information Technology

University of Notre Dame

*From:*The EDUCAUSE Wireless Issues Community Group Listserv 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> *On Behalf Of *Jake Snyder

*Sent:* Friday, October 9, 2020 3:33 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

*Subject:* Re: [WIRELESS-LAN] Client roaming

On thing to keep in mind is that iOS devices start behavior poorly 
when they have no good option above -65.  That’s the threshold they 
prefer 5GHz and when you combine that with “hallway design” and “band 
select” you are asking for a bad time.


Scenario:

Client doesn’t see 5GHz above -65.  2.4Ghz looks better, client tries 
to associate and bandselect tries to send them back.  Client doesn’t 
think 5GHz meets its requirements, tries to associate on 2.4Ghz. Round 
and round they go.


If you need band select for devices like iOS that prefer 5GHz, you 
likely don’t have enough 5GHz coverage, and trying to force them to 
5GHz only results in issues.


A better approach is to have at least 6db of transmit power more on 
5GHz than 2.4.  This makes 5GHz generally look more attractive so 
clients naturally pick it, band select not needed.  You can easily do 
this with TPC min/max settings.


Also keep in mind when looking at your survey reports.  -65 is as 
measured by the device, not your fancy sidekick or aircheck.  Figure 
you need an extra 7-10db delta to overcome the limitations of some 
mobiles devices. That puts you -58 to -55 as measured.


Sent from my iPhone

On Oct 9, 2020, at 1:08 PM, James Helzerman mailto:jarh...@umich.edu>> wrote:



Best thing you can do for clients is have a 5GHz only SSID.  We
moved over the summer to this with our main 802.1x network and it
has fixed a ton of these roaming issues and complaints of
performance.  Basically take the decision making out of the hands
of the client, give them only one band to choose from.  Band
Select / steering may work but can lead to a lot of users issues
as roaming can break if the client doesnt take the hint to use
5GHz.  Transitions with real time applications like voice can be
negatively affected.

For those on our campus that have 2.4GHz only devices, we offer
eduroam in both bands and have them use that then use AAA override
to place them in the same network as our branded ssid giving them
all the same access to resources.  Our branded 802.1x, MWireless,
has 95% of our user devices.

-Jimmy

-- 


James Helzerman
Wireless Network Engineer
University of Michigan - ITS

On Fri, Oct 9, 2020 at 12:03 PM Enfield, Chuck mailto:cae...@psu.edu>> wrote:

FWIW, I’ve been reluctant to assume this is a new problem.
Usage patterns have changed in the dorms and people are
spending much more time using real-time protocols than ever
before.  Those protocols make brief connectivity issues very
noticeable.  It’s quite possible we’ve always had these
problems, but they rarely bothered users enough to make them
open trouble tickets.

*From:*The EDUCAUSE Wireless Issues Community Group Listserv
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> *On Behalf Of
*Michael Davis
*Sent:* Friday, October 09, 2020 10:49 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Subjec

Re: [WIRELESS-LAN] Client roaming

[Michael Davis]

We're an Aruba shop and only seeing it on iOS and MacOS devices.


On 10/9/20 10:44 AM, Mallon, Jason wrote:


I have not been able to pinpoint a device type as of yet.  It seems to 
be happening across all platforms including game systems.


Thanks,

*Jason Mallon*| Network Engineer III

/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp 



OIT
The University of Alabama
jemal...@ua.edu 

/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp 



*From: *The EDUCAUSE Wireless Issues Community Group Listserv 


*Date: *Friday, October 9, 2020 at 9:40 AM
*To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 


*Subject: *[EXTERNAL] Re: [WIRELESS-LAN] Client roaming

We’re an Aruba shop and have noticed similar behavior.  We’re having 
more incidents of intermittent connectivity issues this year than in 
previous years, and most of those clients are making questionable 
roaming decisions.  It’s been really prevalent with iOS and MacOS.  
Much less on Windows and Android. There’s always been problems with 
picking a good radio when those devices first connect, but, 
historically, once they were steered to a good 5GHz radio they stayed 
there. They’re not staying there this year.  We haven’t figured out why.


Chuck Enfield

Manager, Wireless and Cellular

Penn State IT

814.863.8715

*From:*The EDUCAUSE Wireless Issues Community Group Listserv 
 *On Behalf Of *Mallon, Jason

*Sent:* Friday, October 09, 2020 10:30 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Client roaming

Wondering if anybody else is seeing this.  We currently have devices 
doing a lot of roaming between 5 and 2.4 radios, especially in the 
dorms.  I would not think anything of it normally, but they are moving 
from a -52 to -58 on the 5 radio to a -75 or worse on the 2.4 radio.  
This doesn’t seem to matter what SSID they are connected to.  Band 
select is enabled on all SSIDs.  We are running Cisco 8540 WLCs on 
8.10.130. Most of the complaints are coming from the dorms, so I am 
not sure if it is happening on our other controllers with an older 
code level.


Thanks,

*Jason Mallon*| Network Engineer III

/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp 



OIT
The University of Alabama
jemal...@ua.edu 



/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp 



**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 
 



**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community 
 



**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] ArubaOS 8.5.0.7

[Michael Davis]

AFAIK 8.6 will be the first to support the complete 802.11ax suite.  
While 8.5
provides support for the 500-series and their WiFi6 components, they are 
incomplete.


So we'll all eventually be there, for now they're concentrating on 
getting 8.5 stable.



On 3/31/20 4:39 PM, Adam Forsyth wrote:
All I wish for is that one day they'll have a version that they think 
is stable enough to call a conservative release and which supports the 
AP515 (which they started selling more than a year ago.


They have an 8.6.0.3 out as well.  Does anyone know the logic of who 
should want to be using 8.6 code vs 8.5 code.  I guess I didn't know 
that logic for 8.4 code either.  We switched to that when we bought 
some AP515's, and then I switched from the 8.4 branch to the 8.5 
branch when it seemed like the consensus on this list was that lots of 
people were having trouble with 8.4 and were having better luck with 8.5


On Tue, Mar 31, 2020 at 2:17 PM Cesar Fernandez 
mailto:cfernan...@sandiego.edu>> wrote:


Antonio,

Thank you for feedback.  I really hope this version is stable. 
The 8.5 code has been quite challenging.  Please let us know if
you experience any major issues.


*Cesar Fernandez
*
*Sr. Network Engineer*
*University of San Diego*



On Mon, Mar 30, 2020 at 2:19 PM Antonio Garcia mailto:aagar...@scu.edu>> wrote:

We just upgraded to 8.5.0.7 this past Friday so far so good.
We also experienced two of our MDs crash and we had to take
one MD out of the cluster due to it being unstable. We had
been running 8.5.0.5 without issues, no new MD crashes. Aruba
stated the crash was due to a corrupt AMON packet. I
reintroduced the MD that was offline without issues and then
upgrade the cluster to 8.5.0.7.

On Mon, Mar 30, 2020 at 1:28 PM Steve Fletty mailto:fle...@umn.edu>> wrote:

At the University of Minnesota, we're running 8.5.0.5 in
production. We have 8.5.0.7 in our lab. No issues with
8.5.0.7 so far. Been running close to a week, but not a
lot of users on campus.

On Mon, Mar 30, 2020 at 2:24 PM Cesar Fernandez
mailto:cfernan...@sandiego.edu>>
wrote:


Hi Everyone,

We are an Aruba wireless shop currently running
ArubaOS 8.5.0.1 on an Active/Standby MM pair with 4 MD
controllers.  Ever since we upgraded to the 8.5 code
we've encountered several critical issues requiring
upgrades, and subsequent downgrades, between various
8.5.0.X versions. We have been on 8.5.0.1 for the
better part of the school year as it has been the most
stable for our environment.  A couple weeks before the
COVID-19 crisis, 3 of our 4 MD controllers randomly
crashed.  TAC is now recommending that we upgrade to
8.5.0.7, which was released last week.

Are there any universities on this list that
have recently upgraded to 8.5.0.7? If so, what has
been your experience?

I understand most campuses are only seeing a fraction
of the normal wireless traffic load as most students
are currently not on campus - so any feedback would be
greatly appreciated.


*Cesar Fernandez
*
*Sr. Network Engineer*
*University of San Diego*

**
Replies to EDUCAUSE Community Group emails are sent to
the entire community list. If you want to reply only
to the person who sent the message, copy and paste
their email address and forward the email reply.
Additional participation and subscription information
can be found at https://www.educause.edu/community






-- 
Steve Fletty

Network Engineer
Office of Information Technology (OIT)
University of Minnesota
Phone: 612-625-1048
Email: fle...@umn.edu 

**
Replies to EDUCAUSE Community Group emails are sent to the
entire community list. If you want to reply only to the
person who sent the message, copy and paste their email
address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

Re: [WIRELESS-LAN] ArubaOS 8.5.0.7

[Michael Davis]

When going from 8.5.0.3 to 8.5.0.6 it occurred on 5 AP515s, they didn't come
back online after the (live) upgrade.  When going from 8.5.0.6 to 
8.5.0.7, one

AP515 didn't come back online after the (manual) upgrade.

I worked with TAC on the original 5 and they symptoms were determined, but
no other cure but to console in the APs and manually flip the 
environment variable.



On 3/31/20 2:38 PM, Cesar Fernandez wrote:

Mike,

Thank you for you reply.  Regarding the end-less loop on 515s - is 
that issue randomly triggered after normal functioning uptime or did 
the issue occur during an upgrade? Also, were any of this APs factory 
reset?


*Cesar Fernandez
*
*Sr. Network Engineer*
*University of San Diego*



On Mon, Mar 30, 2020 at 12:36 PM Michael Davis <mailto:da...@udel.edu>> wrote:


We're on 8.5.0.7.  So far only one odd issue with SNMP traps
exploding Airwave (110K
traps during the upgrade) but with no one on campus, testing is
limited.

I have a recurring issue (since 8.5.0.6) with AP-515s not flipping
their boot variable and
getting stuck in an end-less upgrade loop..

On 3/30/20 3:14 PM, Cesar Fernandez wrote:


Hi Everyone,

We are an Aruba wireless shop currently running ArubaOS 8.5.0.1
on an Active/Standby MM pair with 4 MD controllers.  Ever since
we upgraded to the 8.5 code we've encountered several critical
issues requiring upgrades, and subsequent downgrades, between
various 8.5.0.X versions. We have been on 8.5.0.1 for the better
part of the school year as it has been the most stable for our
environment.  A couple weeks before the COVID-19 crisis, 3 of our
4 MD controllers randomly crashed.  TAC is now recommending that
we upgrade to 8.5.0.7, which was released last week.

Are there any universities on this list that have recently
upgraded to 8.5.0.7? If so, what has been your experience?

I understand most campuses are only seeing a fraction of the
normal wireless traffic load as most students are currently not
on campus - so any feedback would be greatly appreciated.


*Cesar Fernandez
*
*Sr. Network Engineer*
*University of San Diego*

*



--
 Mike Davis
 IT - University of Delaware - 302.831.8756
 Newark, DE 19716   Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] ArubaOS 8.5.0.7

[Michael Davis]

We're on 8.5.0.7.  So far only one odd issue with SNMP traps exploding 
Airwave (110K

traps during the upgrade) but with no one on campus, testing is limited.

I have a recurring issue (since 8.5.0.6) with AP-515s not flipping their 
boot variable and

getting stuck in an end-less upgrade loop..

On 3/30/20 3:14 PM, Cesar Fernandez wrote:


Hi Everyone,

We are an Aruba wireless shop currently running ArubaOS 8.5.0.1 on an 
Active/Standby MM pair with 4 MD controllers. Ever since we upgraded 
to the 8.5 code we've encountered several critical issues requiring 
upgrades, and subsequent downgrades, between various 8.5.0.X versions. 
We have been on 8.5.0.1 for the better part of the school year as it 
has been the most stable for our environment.  A couple weeks before 
the COVID-19 crisis, 3 of our 4 MD controllers randomly crashed.  TAC 
is now recommending that we upgrade to 8.5.0.7, which was released 
last week.


Are there any universities on this list that have recently upgraded to 
8.5.0.7? If so, what has been your experience?


I understand most campuses are only seeing a fraction of the normal 
wireless traffic load as most students are currently not on campus - 
so any feedback would be greatly appreciated.



*Cesar Fernandez
*
*Sr. Network Engineer*
*University of San Diego*

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware - 302.831.8756
 Newark, DE 19716   Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Device visibility in Aruba AirGroup + ClearPass

[Michael Davis]

If you setup your SSIDs not to allow client-to-client communication and pass
all mDNS,etc. traffic through CPPM, then the users can register devices and
only those they designate to share to (clients, APs, ap-groups, etc.) 
can see

the device.

Our primary SSID (eduroam) has a username@domain that users can share
mDNS devices to and any authenticated devices on eduroam can access
the mDNS device.

On 3/4/20 10:19 AM, Craig D Rice wrote:
We are an Aruba shop and are evaluating AirGroup + ClearPass to 
provide students a more home-like experience in their residence halls. 
That is, we would like students to be able to register and see only 
their registered devices.


If a user registers a device in ClearPass, is that device visible to 
non-registered devices (or devices registered to another user) -- even 
if the devices are associated with the same AP?


We have received conflicting answers from our Aruba SEs, account exec, 
and TAC, so we are hoping to learn how to limit device visibility from 
others who are using ClearPass.


Thanks for your advice!
Craig
--

*Craig D. Rice
*
Director of Enterprise Infrastructure | IT
St. Olaf College
*Office: *+1-507-786-3631
1510 St. Olaf Avenue Northfield, MN 55057-1097  USA
/stolaf.edu/


**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] securew2 onboarding server maintenance

[Michael Davis]

Yes.

On 1/29/20 10:31 AM, Hurt,Trenton W. wrote:


Hey are other securew2 edu’s getting server maintenance messages for 
the onboarding url?


Servers are currently down for maintenance.
Public pages are still available, and all servers will be back online 
shortly.

We apologize for any inconvenience this may have caused.
Please write to supp...@securew2.com  if 
you would like more information.

We appreciate your patience and thank you for being a SecureW2 customer.

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Michael Davis]

Do you run CPSEC on your APs?   I've heard that non-CPSEC AP connections can
contend with the controller cluster heatbeats and cause disconnect.

On 1/14/20 3:37 PM, Miller, Keith C wrote:


Hi Trent,

No not related to AirGroup, but we’ve had problems with AirGroup 
server leaks in the past on 8.4 – One of the solutions was to 
configure AirGroup in centralized mode at the group level.


The other problems are related to the 515s and we are suffering from 
cluster disconnects in a few of our 8.x environments for what seems to 
be varying reasons.


Regards,

Keith




--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Michael Davis]

FWIW, some of the most bizarre issues I've ran into with Aruba APs have 
been related to:

 - MTUs on the path
 - Reassembly of packets
 - Out of order fragments
 - LLDP
 - tx, beacon, basic radio rates

Some things to look into if the 5GHz radio drop can be deterministically 
recreated and tested,

but I know that's usually half the battle..


On 1/9/20 3:34 PM, Turner, Ryan H wrote:


We are on 8.5.0.3 for the ITS cluster. We were going to upgrade to 
8.0.0.5, but we had a disaster in one of our data centers just before 
the holidays.  Power was tripped for a 13,000 sq foot data center.  
For some reason, APs associated to the controller in this building did 
not fail over to the other site.  We are going to be testing this 
scenario again next week by yanking the power to confirm if we’ve hit 
yet another bug, or if this was a one-off.


Ryan

*From:* The EDUCAUSE Wireless Issues Community Group Listserv 
 *On Behalf Of *Steve Fletty

*Sent:* Thursday, January 9, 2020 1:20 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Who has transitioned away from Aruba, 
and why?


What version of 8.5?

We saw some issues in our lab prior to 8.5.0.4. We have a mix of 335s 
and 535s.


On Thu, Jan 9, 2020 at 10:15 AM Turner, Ryan H > wrote:


All:

We’ve been an Aruba shop for a very long time and have around
10,000 access points.  While every relationship with vendors have
their ups and downs, my frustration with the Aruba is finally
peaking to the point that I am considering making the enormous
move to choose a different vendor.  The biggest reason is with the
8.X code train, and bugs that we just don’t consider appropriate
to use in production.  It has been one thing after the other, and
my extremely talented and qualified Network Architect (Keith
Miller) might as well be on the Aruba payroll as much work as he
has been doing for them to solve bugs.  Just when we think we have
one fixed, another one crops up.

The big one as of late is with 515s running 8.5 code train.  We
have them deployed in one of our IT buildings.  Periodically,
people that are connected to these APs in the 5G band will stop
working.  To the user, they are browsing a site, then it becomes
unresponsive.  If they are on their phone, they will disconnect
from wifi and everything works fine on cell.  Nothing makes an
802.11 network look worse than switching to cell and seeing a
problem resolve. Normally, if the users disconnect then reconnect,
their problems will go ahead (but I think they end up connecting
in the 2.4G band).   We’ve been working on this problem with them
for months.  It always seems as though we have to prove there is a
real issue.  I’m fed up with it.  We are a sophisticated shop.  If
we have a problem, 9 times out of 10 when we bring it to the
vendor, it is a real problem.  I’m extra frustrated that due to
issues we’ve seen in ResNet on the 8.3X train that we don’t want
to abandon our 6 train on main campus.  To Aruba’s credit, we
purchased around 1,000 515s last year (I think around February). 
When they could not get good code to support them on, Aruba bought
back half of them.  I asked for them to buy back half because I
thought for sure with the 315s that we would have instead, the
issues would be fixed by the time the 315s ran out. Not looking to
be the case.

So, with that rant over, we are seriously considering looking to
move away from Aruba (unless they get their act together really
soon).  There are other bugs I’m not even mentioning here.  For
those of you that made the switch to another vendor, I would be
curious how long the honeymoon lasted, what were your motivators,
and were you happy with the overall results?  Of course, this is a
great opportunity to plug your vendor.  As I see it, we have 3
choices….  Something from Cisco (we had Cisco long ago and dumped
them for bugs), something from Extreme (we are a huge Extreme shop
so this makes sense), something from Juniper (Mist).





**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Michael Davis]

While not an answer to your request, we are also starting to look into 
this possibility for
the same reasons.  While we only have about 500 515s deployed with WiFi6 
extensions
disabled, we haven't seen tickets to this extent but we also don't have 
any greenfield

515-only deployments.

We will be looking at Mist, being a heavy Juniper shop, but also Cisco 
as some existing

collaborations may lead to cost effective transitions..


On 1/9/20 11:15 AM, Turner, Ryan H wrote:


All:

We’ve been an Aruba shop for a very long time and have around 10,000 
access points.  While every relationship with vendors have their ups 
and downs, my frustration with the Aruba is finally peaking to the 
point that I am considering making the enormous move to choose a 
different vendor.  The biggest reason is with the 8.X code train, and 
bugs that we just don’t consider appropriate to use in production.  It 
has been one thing after the other, and my extremely talented and 
qualified Network Architect (Keith Miller) might as well be on the 
Aruba payroll as much work as he has been doing for them to solve 
bugs.  Just when we think we have one fixed, another one crops up.


The big one as of late is with 515s running 8.5 code train.  We have 
them deployed in one of our IT buildings.  Periodically, people that 
are connected to these APs in the 5G band will stop working.  To the 
user, they are browsing a site, then it becomes unresponsive.  If they 
are on their phone, they will disconnect from wifi and everything 
works fine on cell.  Nothing makes an 802.11 network look worse than 
switching to cell and seeing a problem resolve. Normally, if the users 
disconnect then reconnect, their problems will go ahead (but I think 
they end up connecting in the 2.4G band).   We’ve been working on this 
problem with them for months.  It always seems as though we have to 
prove there is a real issue.  I’m fed up with it.  We are a 
sophisticated shop.  If we have a problem, 9 times out of 10 when we 
bring it to the vendor, it is a real problem.  I’m extra frustrated 
that due to issues we’ve seen in ResNet on the 8.3X train that we 
don’t want to abandon our 6 train on main campus.  To Aruba’s credit, 
we purchased around 1,000 515s last year (I think around February).  
When they could not get good code to support them on, Aruba bought 
back half of them.  I asked for them to buy back half because I 
thought for sure with the 315s that we would have instead, the issues 
would be fixed by the time the 315s ran out.  Not looking to be the case.


So, with that rant over, we are seriously considering looking to move 
away from Aruba (unless they get their act together really soon).  
There are other bugs I’m not even mentioning here.  For those of you 
that made the switch to another vendor, I would be curious how long 
the honeymoon lasted, what were your motivators, and were you happy 
with the overall results?  Of course, this is a great opportunity to 
plug your vendor.  As I see it, we have 3 choices….  Something from 
Cisco (we had Cisco long ago and dumped them for bugs), something from 
Extreme (we are a huge Extreme shop so this makes sense), something 
from Juniper (Mist).


Thanks,

Ryan Turner

Head of Networking

The University of North Carolina at Chapel Hill

+1 919 445 0113 Office

+1 919 274 7926 Mobile

r...@unc.edu 

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Mail to gmail and yahoo stopped working after IOS 13

[Michael Davis]

Have the clients upgraded further ?  We saw widespread mail issues with 
IOS 13.0 and 13.1

but all resolved after 13.2, that we were experiencing..


On 11/13/19 4:23 PM, Christina Klam wrote:

All,

Has anyone experienced this issue and have a solution? With IOS 13, 
people are no longer able to send or receive emails from google or 
yahoo through the Mail app.  If they try accessing gmail or yahoo mail 
through the specifically branded app or a web browser, everything is 
fine.    We have narrowed down the issue even further.  The problem 
only happens when the iPhone is using a proxy server.   We even tried 
bypassing the proxy all together for p*-mailws.icloud.com, but that 
has not helped.


Christina Klam
Network Engineer
Institute for Advanced Study
1 Einstein Dr
Princeton, NJ 08540
+1 609-734-8154
ck...@ias.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Clearpass /AD /Palo fw

[Michael Davis]

What PanOS version?  We saw one case where the palo was delivering 
fragments in
reverse order which wasn't technically incorrect, but some devices 
didn't like it.



On 11/5/19 6:32 PM, Hurt,Trenton W. wrote:

Hello

Any folks using clearpass for radius auth against AD with a palo fw in 
between?   Have all the correct ports opened but still seeing some 
timeouts randomly during auth.


Trent Hurt

University of Louisville

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

[Michael Davis]

We currently have the Wi-Fi 6 extensions disabled because of the Intel 
Driver issues

(https://www.intel.com/content/www/us/en/support/articles/54799/network-and-i-o/wireless-networking.html)

We've been notifying clients and were updating drivers until instructed 
to just turn off Wi-Fi 6.
This begs the question of trying to identify the problematic machines 
and seek them out, or
just announce a future date to turn on Wi-Fi 6 and go back to dealing 
with updating drivers as
they come up.  We'll have a mix (currently ~15% Wi-Fi 6) of AP models 
for a while, so the issues

won't all show right away.

Anyone looked into identifying the machines needing updated through 
fingerprinting

(Aruba Insight or Airwave or Clearpass ) ?



On 9/5/19 3:08 PM, Turner, Ryan H wrote:

We've done a test deployment of Aruba 515s.  There seem to be some driver 
compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
connect and see SSIDs just fine in our building with 315s.  When she came to 
the building with 515s, she saw nothing.  I updated her drivers, and then 
everything worked.  So just be aware you might see more of that.  We were 
running 8.503 code (I think).


Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu



-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Chris Brizzell
Sent: Thursday, September 5, 2019 2:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

Anyone have any Wi-Fi 6 APs deployed yet, and if so any thoughts either good or 
bad. I'm looking at swapping out the APs in our dining hall first, since they 
seem to get the most use.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community



--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] WiFi failures due to eduroam profiles

[Michael Davis]

We onboard EAP-TLS to eduroam.  I'm not following this progression of 
events.


On 9/20/19 3:47 PM, Aaron Abitia wrote:


Hello all, Aaron from Cal Poly, San Luis Obispo here...


We just went all eduroam and turned off our primary branded dot1x 
SSID, which featured Aruba Clearpass EAP-TLS Onboarding of devices. 
Because Onboarding is now gone, my question is about the eduroam CAT 
tool…I believe reasons for using it would be to mitigate 
man-in-the-middle attacks, to get rid of the red “Not Verified” iOS 
message and to otherwise insulate the user from manually accepting our 
RADIUS certificate.



However, I’m wondering about usability once our users leave our 
campus.  We have seen users here from other universities who are 
unable to connect to eduroam, and we find that they are running a 
profile from their home university, though we’re not sure if its the 
eduroam CAT tool or another installer.  Once we remove their profile, 
they are able to get on eduroam.  I believe that if an organization is 
using a profile and that profile lists the RADIUS server(s) from that 
organization for the eduroam connection, the user may or may not be 
dead until that profile is removed, depending on what’s in the 
profile; if all that’s in the profile is the organization’s RADIUS 
servers, the user should still work here, but if there’s other 
elements in that profile, the user could fail, which we’ve seen, but 
I’m trying to identify what precisely in the profile could cause the 
failure to connect.  Would anyone have any insight into this?



We have many other eduroam users from other organizations that work 
fine here, presumably because no profile is being used and the user 
has just manually connected at home and here at our school. I would 
also be interested in hearing about the eduroam CAT tool from anyone 
using it, or other config tools used by anyone and the reasons for it, 
beyond what I’ve mentioned above.



Many thanks.


--
Aaron Abitia
Network Analyst
Enterprise Information Systems, Networks
Information Technology Services
Cal Poly State University
Tel: 805.756.1295

**
Replies to EDUCAUSE Community Group emails are sent to the entire 
community list. If you want to reply only to the person who sent the 
message, copy and paste their email address and forward the email 
reply. Additional participation and subscription information can be 
found at https://www.educause.edu/community





--
 Mike Davis
 IT - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Chromecast on Residence Hall Network

[Michael Davis]

Just curious at what scale you're seeing the devices not appearing on 
clients' list?


We run clearpass so it never was a concern, but I just checked and we're 
seeing

about 250 each chromecast, roku, AppleTV, and fire stick devices.


On 9/4/18 10:04 PM, Adam Forsyth wrote:
Does anyone have a good solution for managing student Chromecasts on 
their residence hall network?  The problem that we're running into is 
that I think there is some limit to the number of chromecasts that 
will appear on the list when you try to select a device to cast to.  
The result is that some students can see their chromecast, but other 
people can just see a bunch of other chromecasts but theirs is not on 
the list.


We are transitioning from an HP MSM wireless network to an Aruba 
wireless network. This problem is getting worse over time as we move 
to more Aruba AP's because the MSM's were configured with a separate 
wireless subnet for each building. That limited the number of 
chromecasts on each network and increased a user's chance of seeing 
theirs.  As we move to Aruba, all of traffic is tunneled back to the 
controller and all of the users are on a single subnet.  An elegant 
solution is to us ClearPass as the NAC for the network and then let 
users set up their own Air Groups then their devices see each other 
and no one else's.  This also solves the problem that there is nothing 
preventing one user from streaming to another user's chromecast.  We 
use Bradford Networks Network Sentry as our NAC, however, and 
switching to a different NAC isn't in the cards as a near term 
solution anyway.  Network sentry doesn't provide any way to manage air 
groups.


When we first set up our Aruba controller the chromecast traffic was 
blocked by default, and I worked with support to get an Air group set 
up tohave that traffic sent everywhere. I was wishing for some way to 
make an air group per building or per some group of AP's that we'd 
create.  That would mimic the imperfect but better solution that we've 
had with our MSM AP's.  Support couldn't seem to come up with that 
sort of a solution for me.  I'm not sure if that's not possible, or if 
I simply should have kept escalating the ticket until I found someone 
that could help make that configuration.


I'm wondering if any other Aruba users out there have found a solution 
to this issue that doesn't involve also being Clear Pass customers.


--
*Adam Forsyth*
Director of Network and Systems
Luther College Information Technology Services
*
700 College Drive
Decorah, IA 52101
563-387-1402
*
** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wall plate APs and shared wall plates?

[Michael Davis]

The aruba AP-303H has keystone knockout provisions on an optional extension
mounting kit.   ap-303h-mntw


On 8/30/18 10:56 AM, Hales, David wrote:


We’re looking at retrofitting a dorm for per room WAPs using some wall 
plate installed APs.  The issue we’re looking at is that the current 
drop in each room has a network port and a cable TV port in a shared 
faceplate.  Does anyone have a favorite workaround or product to get 
the F connector out around the wall plate WAP?  Possibly a box 
extension with side ports or something along those lines?


*David Hales*

*Network Systems Administrator*

*Information Technology Services*

1010 N. Peachtree

Clement Hall 117

Cookeville, TN 38505

*P* 931-372-3983

*F* 931-372-6130

*E**dha...@tntech.edu* 

*www.tntech.edu/its* 

*Tennessee Tech Logo* 

*TTU Facebook * *TTU Twitter 
* *TTU Instagram * 
*TTU Youtube * 
*TTU Pintrest* 



** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Locating forgotten WiFi auth enabled systems

[Michael Davis]

I threw in the towel and started adding the MACs to our controller
blacklist to allow the APs to reject them at that level.  Not as clean
as you're suggesting, but diminishing returns..

thanks
mike

On 7/18/18 10:38 AM, John Kristoff wrote:

Friends,

Over time there is some non-negligible number of devices and systems
that attempt to connect and authenticate to an institution's WiFi
network.  Many of these seem to be from devices or systems that had
been configured with a former employee, student, or affiliated user's
credentials that are no longer valid if they ever were.  Some of these
forgotten clients might try to authenticate thousands of times a day.

While they may not cause a significant operational problems hammering
away, it would be nice to keep the airspace and auth logs as clean as
possible.

I've perused a couple of odd solutions that purport to do some form of
triangulation, but before I dig too far done this road I thought I'd
issue a query here.

What do you do or do you recommend to locate and eradicate poorly
managed and inspid WiFi clients?

Thank you,

John

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.



--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Fwd: Your eduroam semi-annual report

[Michael Davis]

We're just about to complete our first year with eduroam as primary and 
our reports
definitely show the growth and success rates climb.  We tried the first 
year with CAT
onboarding and struggled somewhat.  We're hoping our second year along 
with a

commercial onboarding package will increase our success rates even further.

thanks
mike

On 7/5/18 9:03 PM, Turner, Ryan H wrote:

All:

We have run eduroam as our primary SSID for several years.  For those 
institutions that do not, but wonder what it might look like for those 
that do, I’ve included our semi annual report.


Ryan Turner
Senior Manager of Networking, ITS
The University of North Carolina at Chapel Hill
+1 919 274 7926 Mobile
+1 919 445 0113 Office

Begin forwarded message:

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam CAT Tool questioin

[Michael Davis]

There is a CAT users email list that might be helpful 
(https://lists.geant.org/sympa/subscribe/cat-users)


You wouldn't happen to be using a wildcard cert would you?  I believe 
Windows

has issues with them.

On 5/11/18 4:01 PM, Schwartz, Roger J wrote:


Tony,

Reading the documentation and after several eap option attempts, still 
not getting the endpoint on. I have tried eap types (in order of 
preference) PEAP-MSCHAPv2, TTLS-MSCHAPv2, TTLS-PAP all together and 
separately and still not getting on eduroam.


This is from the radius log:

Login incorrect (eap_peap: TLS Alert read:fatal:access denied): 
[rschw...@uthsc.edu/]


Login incorrect (eap: No mutually acceptable types found): 
[XxxxXxxx\rschwart/]


Any thoughts. What eap method are you using for your windows 10 
devices. We don’t have any issues with our MAC emdpoints.


I appreciate your help.

Roge

*From: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
 on behalf of Tony Skalski 
<0057dcfe0332-dmarc-requ...@listserv.educause.edu>
*Reply-To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 


*Date: *Thursday, May 10, 2018 at 4:19 PM
*To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 


*Subject: *Re: [WIRELESS-LAN] eduroam CAT Tool questioin

I would check the connection properties that get set up (by the CAT) 
and verify they are correct. This sounds similar to an issue we see 
with Windows 10 clients connecting to older PPTP VPNs, where we have 
to explicitly pick the EAP type to be used.


ajs

On Thu, May 10, 2018 at 4:05 PM Schwartz, Roger J > wrote:


Tony,

We cannot authenticate, getting the following error:  Login
incorrect (eap: No mutually acceptable types found): [uthsc.edu
\rschw...@uthsc.edu/
] or a varation
of this when we try other auth methods.  I am pretty sure it has
to do with the Supported EAP types for the profile.

Thanks

Roger

*From: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
"
> on behalf of Tony
Skalski <0057dcfe0332-dmarc-requ...@listserv.educause.edu
>
*Reply-To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
"
>
*Date: *Thursday, May 10, 2018 at 2:57 PM
*To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
"
>
*Subject: *Re: [WIRELESS-LAN] eduroam CAT Tool questioin

Yep. We have onboarded a bunch. What are you seeing?

There is also: https://lists.geant.org/sympa/info/cat-users

ajs

On Thu, May 10, 2018 at 2:55 PM Schwartz, Roger J
> wrote:

Has anyone used the eduroam CAT tool to create the onboarding
for Windows 10 users? We are stuck getting a Windows 10
configuration to work with the CAT Tool.

Any help would be appreciated.

Thanks

Roger


*___*

*Roger Schwartz *|Senior Wireless Network Technician/|
/*Information Technology Services*

*UNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER*

877 Madison Ave., Suite 738 | Memphis, TN  38163

( 901.448.2236 | 7 901.448.8199 |*: rschw...@uthsc.edu


*Error! Filename not specified.*

** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/discuss.


-- 


*Tony Skalski*

System Administrator | IT

*Office: *507-786-3227

1510 St. Olaf Avenue Northfield, MN 55057

stolaf.edu 

** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/discuss.


--

*Tony Skalski*

System Administrator | IT

*Office: *507-786-3227

1510 St. Olaf Avenue Northfield, MN 55057

stolaf.edu 

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 

Re: [WIRELESS-LAN] Xbox 360 connection issues?

[Michael Davis]

And just to throw out another thing to check, we've had APs that work 
fine for
most system but won't connect Xbox or PlayStation consoles, not allowing 
DHCP
to pass.  The AP gets rebooted (AP215,AP225) and the consoles connect 
and work
fine afterwards..   We've seen this on ArubaOS 6.5.4.2 (current) and 
previously on

6.5.3.2.

thanks
mike

On 11/30/17 1:46 PM, Thomas Carter wrote:

We have had a few issues crop up (most recently a Google Home Mini) that seems 
to be rate related (won't connect even to an open network). What is the general 
rate configuration being used out there? What rates do you have disabled?

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonathan Groves
Sent: Thursday, November 30, 2017 10:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues?

Neil,

I can confirm what Jess is saying. We had the exact same issue with our 
AeroHive APs deployed in our residence halls. Had to enable 5.5Mbps as an 
optional data rate before it would work. If you can get a hold of an Xbox 360 
and do a wireshark of the wireless connection process, you can see it 
requesting that data rate from the AP and nothing higher. We had turned off 
this data rate per best practice, but have since turned it back on. When we 
did, we also found that it fixed some HP wireless printers as well that had 
similar issues.

Regards,

Jonathan Groves
Network Engineer
Arkansas State University

On Nov 30, 2017, at 10:43 AM, Williams, Jess 
> wrote:

Neil,

Support advised us to enable the 5.5Mbps basic rate on the g radio which 
resolved the issue.  We encountered the issue only with XBOX 360 models 1439.  
Below was their explanation:


The issue is with the specific model of the XBOX360 - 1439.
AP-215 uses Broadcom driver and AP-105 uses Qualcomm driver. There is a 
behaviour difference between Broadcom driver Qualcomm drivers.

Even though HT is enabled on AP105 (Qualcomm), it will fall back to the legacy 
rates if the client is not responding in HT rates.
This is not the case for AP215 (Broadcom). Unless HT is disabled, legacy rate 
are not used.

The issue will always happen with the particular x-box clients whenever it is 
connected to an AP which does not use legacy rate with HT enabled. (not 
specific to Aruba APs).

This also seems to be a known issue with the client as it does not support HT 
rates.


Jess Williams
Sr. Network Engineer
University of Tennessee at Chattanooga



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf 
of Johnson, Neil M >
Sent: Thursday, November 30, 2017 10:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba

Just curious if anyone came up with a solution.



We have a half a dozen Xbox 360s with connection issues. In our case they seem 
to work on AP 225’s but not AP 205H’s.



 From what my colleague has been able to gather, the AP205H is not passing the 
DHCP offer back to the 360 (We see the request come in to our DHCP server and 
it responds with an offer, but the 360 never sees it and keeps requesting, It 
is getting back to the Aruba Controller).



We have no issues with newer Xbox’s (One, S, X) or other gaming consoles.



Thanks.



-Neil



--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319-384-0938
e-mail: neil-john...@uiowa.edu







From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of 
"Osborne, Bruce W (Network Operations)" >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Friday, January 13, 2017 at 7:09 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
>
Subject: Re: [WIRELESS-LAN] Xbox 360 connection issues? - Aruba



Correction:



We run 20 MHz channels with HT & VHT modes enabled.



Bruce Osborne
Senior Network Engineer
Network Operations - Wireless



  (434) 592-4229



LIBERTY UNIVERSITY
Training Champions for Christ since 1971



From: Osborne, Bruce W (Network Operations)
Sent: Friday, January 13, 2017 8:07 AM
To: 'The EDUCAUSE Wireless Issues Constituent Group Listserv' 

Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

[Michael Davis]

We're on Option 3, first time this Semester so we haven't gone through 
an update yet.

(We use the eduroam CAT application)

Android before v7.1 have a known issue not being able to have 2 
certificates at once.
Any iOS will have a warning that it hasn't seen that certificate before, 
but it shouldn't

be an error.
What MacOS issues were you seeing?

We're exploring Option 4, and it'll be a race to see if we get there 
before the Cert renews...




On 10/30/17 2:21 PM, Craig Simons wrote:

All,

I know the subject has been broached on the list a few times before, 
but I’m looking for informal opinions/survey about how you are 
deploying your Radius EAP certificates for PEAP/TTLS users (non-TLS). 
We use Cloudpath to onboard users, but recently went through a 
difficult renewal period to replace our expiring certificate. As we 
had configured all of our clients to “verify the server certificate” 
(as you should from a security perspective), we found that iOS/MacOS 
and Android clients did not take kindly to a new certificate being 
presented. This resulted in quite a few disgruntled users who couldn’t 
connect to WiFi as well as a shell-shocked Service Desk. To help 
prevent this in the future (and because we are moving to a new Radius 
infrastructure), what is the consensus on the following strategies:


Option 1: Using a self-signed/private PKI and a 10 year cert. Onboard 
with "verify server certificate" enabled


Option 2: Removing all traces of “verify server certificate” from 
OnBoard configuration and use 2-year certs from CAs


Option 3: Use 2-year CA certificates, enable “verify server 
certificates” and educate/prepare every two years for connection issues.


Option 4 (probably the best long-term answer): Move to private PKI and 
EAP-TLS.


Opinions?

*Craig Simons*
Network Operations Manager

Simon Fraser University | Strand Hall
 University Dr., Burnaby, B.C. V5A 1S6
T: 778.782.8036 | M: 604.649.7977 | www.sfu.ca/itservices 




** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wi-Fi Request for University Conference event

[Michael Davis]

We currently do something similar as Bruce.  Normal Self-registration 
and sponsored registration
using clearpass guest, but large and/or multi-day events can get a PSK 
SSID assigned if given

ample time and planning.

On 9/27/17 8:07 AM, Osborne, Bruce W (Network Operations) wrote:


Our process is not ideal.

Where possible, we try to avoid setting up special SSIDs. Our normal 
Guest SSID allows for self registration for bandwidth-restricted 
Internet access or sponsored registration for faster Internet access.


We utilize our ClearPass Guest management to create an expiring event 
guest username with unlimited devices ending in “@event” instead of a 
proper email address. The original plan was for our IT Communications 
BRMs to create these accounts. Lately, our wireless team has been 
doing that. Event coordinators need to test access ahead of time, 
especially if it is “critical”. Otherwise, they are failing their job, 
IMHO.


For major events, with special access we sometimes set up a PSK SSID. 
In our experience, an open SSID is not good because you will pick up 
every roaming mobile device, exhausting your DHCP address pool.




*Bruce Osborne***

*/Senior Network Engineer/***

*Network Operations - Wireless***

***(434) 592-4229***

*LIBERTY UNIVERSITY***

*/Training Champions for Christ since 1971/***

*From:*Williams, Mr. Michael [mailto:mmwilli...@tarleton.edu]
*Sent:* Monday, September 25, 2017 4:01 PM
*Subject:* Wi-Fi Request for University Conference event

Hello,

Here recently, we have received numerous requests for guest WI-FI 
access during on campus conference events.  In order to support these 
events, we normally create a special open conference SSID that 
requires a pre-shared key or passcode for authentication.


What we struggling with is how to set the level of expectation for 
WI-FI functionality during these types events.   Conference sponsors 
inform us that Wi-Fi/internet access for conference attendees is 
critical, or some special app must function flawlessly or their 
conference event will be a bust.


We want to develop a formal conference request process that would 
detail what type of Wi-Fi support we can offer, what level of user 
experience to expect and what the sponsor responsibilities would be 
during these conference events.


I am curious to hear how other university handle these types of 
events. Does anyone have a formal process, that they are willing to 
share, that addresses some of these concerns?


Thanks

Mike

*/Michael M. Williams/*

Senior Network Engineer

Information Technology Services

Tarleton State University

201 St. Felix Str.

Box T-0220

Stephenville, TX 76402

Tel: (254) 968-1850

Fax: (254) 968-9658

mmwilli...@tarleton.edu 

*/“ Tarleton Networks – Connecting people with their potential”/*

/Information Technology Services staff will never ask for your 
password in an email.  Don't ever email your password to anyone or 
share confidential information in emails./


//

/Confidentiality Notice:  This electronic message, including any 
attachments, is for the sole use of the intended recipients(s) and may 
contain confidential and privileged information.  Any unauthorized 
review, use, disclosure or distribution is prohibited.  If you are not 
the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message/





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] FTE's for Wireless

[Michael Davis]

It might be difficult to correlate any information you get because of 
the diversity of

operations.  I'll try to use your scope for our ops:

We have 3200 APs, one wireless engineer for: large plan reviews, Tier 3 
level support, Controller/AP config/monitoring/maintenance, lifecycle 
replacements, testing/evals/research of new technologies.

(also includes systems support for AAA/IPAM/etc.)

We have three network "planners" (PMs) that do planning, site surveys, 
requests for additional coverage.
(They also do Wired as well).  We have five in-house technicians and may 
also use contractors, that run

cable, mount APs, switches, troubleshooting. (They also do Wired as well)

On 9/26/17 5:03 PM, Hector J Rios wrote:

Need your help. What is the number of network engineers you have dedicated to 
wireless? Please indicate the size of your network, the scope of your wireless 
team's responsibilities, whether you rely on other resources (like contractors 
or other internal groups) to complement your efforts, and the most important 
question, is this enough people or do you need more (if so, what would the 
ideal number be)?

Not sure if this has been done before, if so, please let me know.

Here at LSU, we have 3600 APs, and two wireless engineers. The scope of their 
work includes plan reviews (designing WLANs for new construction), requests for 
additional coverage, site surveys, Tier 3 level of support, Controller/AP 
config/monitoring/maintenance, lifecycle replacements, testing/evals/research 
of new technologies. We rely on cable contractors to run cable and mount APs , 
NOC personnel to install some switches, APs, and troubleshooting, and student 
workers to configure APs and minor deployments. Two wireless engineers is not 
enough for us. We need at least one more.

If you think there is value in this information and would prefer a better 
format let me know.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.



--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Aruba OS 6.5.X

[Michael Davis]

We've been chasing bugs all the way down the 6.5 release chain, from 
Airgroup bugs, to APs
crashing.  We then started the semester with an emergency upgrade to 
6.5.3.2 when the first
wave of early student arrivals started triggering bug 159797 (stm 
crashes) .   We are enjoying

our 303H's and 365 AP's, but it's been a hell of a ride.

We have been noting that RF coverage is perhaps reduced in 6.5.3 ?  Over 
a dozen locations
(untouched for years hardware-wise) are now submitting help tickets of 
little to no signal.

(We've just recently bumped max signal level by 3db to test)
http://community.arubanetworks.com/t5/Wireless-Access/Reduced-range-after-firmware-upgrade-IAP205-and-IAP215/m-p/308012#M74118

We're also seeing a large number of legacy AP105s crashing now, again in 
areas that haven't

seen hardware changes in years.

I haven't had time to open TAC calls on them yet since I'm also dealing 
with Clearpass and

Airwave issues.



On 9/21/17 8:00 PM, Michael Hulko wrote:
We are experiencing the exact same issues across our controllers.  We 
upgraded in August to bring the AP300 series Aps online.  We have been 
in communication with TAC and there is a new release tomorrow to 
address the STM crashes… no word yet on the radar events.  I have not 
opened the can on the AP103H reboots that are constantly plaguing us. 
 WE are running 6.5.4.0 as it was recommended by TAC at the time to 
resolve the radar events.




On Sep 21, 2017, at 5:14 PM, Amel Caldwell > wrote:


Hi y’all—
We have depleted our supply of AP 215s and are wanting to begin 
installing AP 315s on our campus and have been having a hard time 
finding stable 6.5.X code.  Our school starts next week, and we just 
had a failed attempt at rolling out 6.5.1.8 because we saw dozens of 
radar detected events right after upgrading. This was the fourth 
version of 6.5.1.x we have tried to put on this particular set of 
controllers and each has brought a new set of issue; STM crash and 
cause APs to lose contact with controller; AMON not sending firewall 
session data; radar detection events; LACP and VRRP problems to name 
a few.
Since most of you have been back in session for a month or so, I 
thought I would ask to see what code version you have, issues you may 
have experienced, and any war stories you might want to share.  It 
would also be interesting to know what types of APs and controllers, 
and a brief description of your environment.

Thanks
Amel Caldwell
** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found 
athttp://www.educause.edu/discuss.







Michael Hulko
Network Analyst

Western University Canada
Network Operations Centre
Western Technology Services
1393 Western Road, SSB 3300CC
London, Ontario  N6G 1G9

tel: 519-661-2111 x82433
direct: 519-850-2433
e-mail: mihu...@uwo.ca 



** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Campus Wireless in Married or Family Student housing

[Michael Davis]

I was wondering if anyone had policies or thoughts on wireless service in
Married/Family student housing?   We've had an informal policy of not
providing it and treating the units as "apartments" where the residents
can purchase and install their own residential wifi.  The thought process
(as handed down in oral history) is that servicing the APs in areas 
containing

non-University students, had legal implications,etc..  The physical Apt's
are in a "townhouse" style, and the university maintains the maintenance
areas between units and even has Wired networking service to them.

We've been asked to review the policy and was looking for any input
on the subject.

thanks
mike

--
 Mike Davis
 Systems Programmer V
 NSS - University of Delaware  - 302.831.8756
 Newark, DE  19716 Email da...@udel.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

[Michael Davis]

Thanks.. I believe it turned out to be devices sticking in the "preauth" 
role that
were not yet registered.  The commonality of all the epsons focused on 
them instead
of the issue.  They're defensive IP policy must have been triggered by 
the locked

down role.

Does anyone know offhand, how to ageout devices quickly from a preauth 
role that's

not the default system preauth role.

thanks
mike

On 8/26/17 4:05 PM, Michael Dickson wrote:
Just a thought but do you have multiple helper addresses configured 
for that vlan/subnet? I'm wondering if maybe the printers aren't 
expecting that. Another random thought, if they're not broadcasting 
for a lease because they require a static could they have maybe all 
self-assigned themselves the same IP and are discovering each other 
over L2?


Good luck. We're pretty much going down the same CPPM/Airgroup path 
right now.


Mike

Michael Dickson
Network Engineer
Information Technology
University of Massachusetts Amherst
413-545-9639 
michael.dick...@umass.edu <mailto:michael.dick...@umass.edu>
PGP: 0x16777D39

On Aug 26, 2017, at 3:18 PM, Michael Davis <da...@udel.edu 
<mailto:da...@udel.edu>> wrote:


First Semester supporting mDNS in production with Aruba Clearpass 
Airgroup.


Almost every Epson XP series printer is complaining of duplicate IP 
addresses
which of course is not the case.  Anyone see anything similar?  There 
are a few
older web searches about Epson's requiring a static IP, which isn't 
an option right

now unfortunately.

Only Freshmen moving in today (~5K), the bulk (~20K) will arrive 
tomorrow and

throughout the week.

ArubaOS 6.5.3.2
CPPM 6.6.7.96909
Four 7240 controllers
~3200 APs
Three primary SSIDs: eduroam, Devices, Guest (clearpass)


thanks
mike

On 8/25/17 9:22 AM, Lee H Badman wrote:
It might be beneficial to share notes in case other schools are 
hitting common problems. I’m wondering how everyone who is in the 
thick of it is faring with back-to-school?
On this end, we are doing OK halfway to our expected total daily 
peak clients (we’re at 15K now high water mark).

Our significant WLAN-related changes since end of Spring semester

  * Running 8.2.151 on our 8540s
  * Significant quantities of Wave 2 APs
  * ISE as RADIUS (only, no NAC, no onboarding)

No changes to:

  * our guest WLAN (Clearpass/an Aruba controller pair)
  * onboarding (Cloudpath Wiz)
  * overall topology
  * open network in dorms for gadgets
  * non-use of AVC, it crapped out and never got solved after
hundreds of hours with TAC

Fears:

  * We haven’t yet hit the scale that will reveal problems with any
of the newer stuff listed above

Anyone else care to share?
-Lee
*Lee Badman*| Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
*t* 315.443.3003 *f* 315.443.4325 *e* _lhbadman@syr.edu_ 
<mailto:lhbad...@syr.edu> *w* its.syr.edu <http://its.syr.edu>

*SYRACUSE UNIVERSITY
*syr.edu <http://syr.edu>
** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.




** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Move In/Opening Week- Any Problems?

[Michael Davis]

First Semester supporting mDNS in production with Aruba Clearpass Airgroup.

Almost every Epson XP series printer is complaining of duplicate IP 
addresses
which of course is not the case.  Anyone see anything similar? There are 
a few
older web searches about Epson's requiring a static IP, which isn't an 
option right

now unfortunately.

Only Freshmen moving in today (~5K), the bulk (~20K) will arrive 
tomorrow and

throughout the week.

ArubaOS 6.5.3.2
CPPM 6.6.7.96909
Four 7240 controllers
~3200 APs
Three primary SSIDs: eduroam, Devices, Guest (clearpass)


thanks
mike

On 8/25/17 9:22 AM, Lee H Badman wrote:
It might be beneficial to share notes in case other schools are 
hitting common problems. I’m wondering how everyone who is in the 
thick of it is faring with back-to-school?
On this end, we are doing OK halfway to our expected total daily peak 
clients (we’re at 15K now high water mark).

Our significant WLAN-related changes since end of Spring semester

  * Running 8.2.151 on our 8540s
  * Significant quantities of Wave 2 APs
  * ISE as RADIUS (only, no NAC, no onboarding)

No changes to:

  * our guest WLAN (Clearpass/an Aruba controller pair)
  * onboarding (Cloudpath Wiz)
  * overall topology
  * open network in dorms for gadgets
  * non-use of AVC, it crapped out and never got solved after hundreds
of hours with TAC

Fears:

  * We haven’t yet hit the scale that will reveal problems with any of
the newer stuff listed above

Anyone else care to share?
-Lee
*Lee Badman*| Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
*t* 315.443.3003 *f* 315.443.4325 *e* _lhbadman@syr.edu_ 
 *w* its.syr.edu

*SYRACUSE UNIVERSITY
*syr.edu
** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] EAP-TLS

[Michael Davis]

Blacklist MAC, Notify Eduroam to inform home institution, inform local 
Help Desk in case they

get a call.  Works for DMCA letters too.


On 8/15/17 10:57 AM, Ian Lyons wrote:


What is the process if  X user (EduRoam) has a lot of malware and is 
sharing it on your network.  But home institution is 2000 miles away…


Black list MAC and call it a day?  Notify eduroam?  Home institution?  
Geiger-Counter person and tell them?


My guest account requires active phone number for user to get on the 
network.


*From:*The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hunter Fuller

*Sent:* Tuesday, August 15, 2017 10:54 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] EAP-TLS

Our campus isn't comfortable with an open ESSID without verifying the 
identity of the user, so that's the value of eduroam - identity.


On Tue, Aug 15, 2017 at 10:47 Jeffrey D. Sessler 
> wrote:


Couple of comments:

  * eduroam – using your point of “…most users can access what
they want off-campus…”, what long-term value is there to
eduroam? IMHO – not at lot. Back in the day, this would
facilitate quick access for a visiting educator who may be
collaborating with someone locally and needing access to local
resources. Today, in age of cloud-based collaboration
platforms and access from anywhere, how important is eduroam
over an open wifi network? With few exceptions, all the
visitor needs is Internet access. eduroam doesn’t add value
here, but does add complexity to manage.
  * Location data – Yeah, this can have some value, but at least
here, our emergency management moved to mobile-based
applications that allow the user to opt-in to being tracked
with the addition of panic-button-like services. I tend to shy
away from using location-based services within WiFi where
life-safety is involved. It can be a wonderful tool, until it
doesn’t work that one-time management believes it should. In
other words, finding a missing AV cart is different than a
missing person.

Jeff

On 8/14/17, 7:23 PM, "The EDUCAUSE Wireless Issues Constituent
Group Listserv on behalf of Jason Cook"
 on behalf of
jason.c...@adelaide.edu.au > wrote:

This is a good topic, we are slowly moving towards a preferred
EAP-TLS from PEAP-MChapv2 but not current date to force and
perhaps never. The points made about why do we bother at all
though are pretty relevant, most users can access what they want
off-campus from whatever network they want, and VPN for more
restricted access. So a properly segmented internal network
providing appropriate access would be fine. *PSK/ open networks
are theoretically ok.

At this point we are still confident that dot1x based auth is
still the best way to go for users accessing our wifi, though this
discussion has certainly opened my eyes a lot.

There's a couple of other reasons though why dot1x (which ever
method) does have advantages to us. This may not be relevant to
all, and there maybe better/other ways.

eduroam will break down via other methods, so you'll still
need to manage a dot1x service no matter what. Then you have still
have calls to SD because the service is now different when you
want to use it, requires special setup that's different to
on-campus.We've had Cloudpath a while, originally for PEAP config
and now TLS. We do roll with a main SSID so our onboarding will
configure our network  UofA and eduroam and users will just work
wherever they go once done.

Occasionally for security reasons we use location data to
track missing people. This is possible without auth to network
data but it's better having that auth data. Same goes for
identifying users acting inappropriately online. User ID to IP
mapping is also fed into our firewall for web filtering exceptions
(including group and personal)

Originally we went with Cloudpath to help users get configured
easier which worked well (though this is less of requirement with
auto-configs now pretty good), as well as properly since
auto-config on OS's doesn't get the certificate right (so it
ensure proper config). Configuring eduroam at the same time for
windows was problematic however with PEAP (can't remember other
OS's). As it would only save 1 SSID User info properly, so the
second SSID it wouldn't save user ID and users would get prompted
and not add the @adelaide.edu.au  .. TLS
resolves that little windows issue.

So for us one additional 

Re: [WIRELESS-LAN] EDUROAM PROBLEM RE: [WIRELESS-LAN] Any Stetson University Network Folks on the List? Live problem in progress

[Michael Davis]

Have you gotten on to the eduroam.us site for your iDP and looked 
through the logs to see if anything

stands out?

On 8/14/17 11:12 AM, Lee H Badman wrote:


I’ll throw this out there for anyone who may be familiar with similar- 
all users from one school are getting this


Aug14 11:01:10eduroam2 CSCOacs_Failed_Attempts 850928 2 1 
NetworkDeviceName=Faraday London, NetworkDeviceGroups=Device Type:All 
Device Types, NetworkDeviceGroups=Location:All Locations, 
ServiceSelectionMatchedRule=eduroam user from off campus, 
Response={RadiusPacketType=AccessReject; Reply-Message=No response for 
@ad.stetson.edu\, Reject from eduroam-US.; }


The  is me. We’re seemingly getting no response from the home 
school’s RADIUS servers, and I’ve not seen that leading “\” before. 
Lots of other successful eduroam schools on in our environment though.


Does this ring bells for anyone? Thankfully, we’ve had many years of 
zero problems with eduroam to date.


-Lee

*Lee Badman*| Network Architect

Certified Wireless Network Expert (#200)
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

*t*315.443.3003 *f* 315.443.4325 *e* lhbad...@syr.edu 
 *w* its.syr.edu


*SYRACUSE UNIVERSITY*
syr.edu

*From:*The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman

*Sent:* Monday, August 14, 2017 10:55 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Any Stetson University Network Folks on the 
List? Live problem in progress


If anyone from Stetson University is around, please respond off list. 
We have a group of law students from Stetson in our London center that 
are having problems with eduroam. All are getting rejected from 
Stetson’s RADIUS servers and it looks like a leading “\” may be the 
problem.


Not seeing that on any other school’s Network IDs.

Thanks-

Lee




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] New Crazy Wireless Devices

[Michael Davis]

We're just starting to see some of the early groups start showing up on 
campus.

The early trends seem to be Amazon Echo/Dots and Google Home systems, among
the ever growing trend of Smart TVs.  The most interesting new device to 
show up so

far as been a Ring Doorbell system.

thanks
mike

On 7/31/17 4:39 PM, Peter P Morrissey wrote:


Wondering if anyone has noticed any new trends in popular wireless 
devices that we might expect returning students to want to connect in 
their residences when they return?


Not being a gamer, this one was new to me. It apparently streams games 
on running on your laptop to your TV over a WiFi connection and also 
provides input for controllers. Seems like something that could use up 
a bit of bandwidth. The good news is that it appears to support 11ac.


http://store.steampowered.com/app/353380/Steam_Link/

Pete Morrissey

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam AUP question

[Michael Davis]

Since we're still in the process of migrating to eduroam and using CAT,
we decided to utilize the CAT terms of service feature to meet the best
effort requirements.  We will also be doing documentation and notification
as well.

thanks
mike

On 7/14/17 11:41 AM, Coehoorn, Joel wrote:
​No one said the AUP agreement has to be electronic.  You can put this 
in your Student Handbook and employee contracts, and get agreement 
that way.​






Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu <mailto:jcoeho...@york.edu>*




*Please contact helpd...@york.edu <mailto:helpd...@york.edu> for
technical assistance.*


The mission of York College is to transform lives through 
Christ-centered education and to equip students for lifelong service 
to God, family, and society


On Fri, Jul 14, 2017 at 10:09 AM, Michael Davis <da...@udel.edu 
<mailto:da...@udel.edu>> wrote:


In the AUP itself, it's stated:  "No person or party may use the
eduroam services without agreeing to this Acceptable Use Policy."

I would be curious to see how others are meeting this.  We already
have thousands of users using eduroam,
do we now go back and force them into a Captive portal to agree to
the AUP ?

Seems to me that it's much easier now to just forget eduroam,
remove it from campus, and go back to our
branded Wifi.


On 7/11/17 4:56 PM, Elizabeth Shannon wrote:


Section 3.3.7 of the Internet2 eduroam connector Agreement,
states “Connector used reasonable efforts to ensure that such
employee or Student IdP User acknowledged the AUP”.  I would like
to know other institutions are meeting this requirement. We
offered K-State branded SSIDs, eduroam, and Guest; users do not
have to acknowledge terms of service or accept an AUP. Thanks.

-- 


Elizabeth Shannon, CIPT

Kansas State University

Information Security and Compliance

785.532.2540 <tel:%28785%29%20532-2540>




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam AUP question

[Michael Davis]

This was already debated ad nauseam back in April on this list, I refer 
everyone

to the archives if you'd like to re-read them all.

The top and Subject relate to the implementation of the new AUP for eduroam.


On 7/14/17 12:54 PM, Elizabeth Shannon wrote:


Not that I am disagreeing with Jeff, but is the intent of the eduroam 
network simply as a guest network. I see many benefits of eduroam, but 
I would like to understand the intent of eduroam, so that our 
constituents have a more consistent experience as they utilize 
eduroam. We have guests on our campus, but we have no way of easily 
finding a guest and having a conversion with them if necessary. With 
eduroam, I can contact the host institution and they can decide if 
they are going to allow their user to continuing the use of eduroam. 
If we truly need to speak with the user, they can facilitate our 
interaction with the user. Perhaps, I am in the minority. Thanks.


--

Elizabeth Shannon, CIPT

Kansas State University

Information Security and Compliance

785.532.2540

*From: *The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Jeffrey D. Sessler" 
<j...@scrippscollege.edu>
*Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

*Date: *Friday, July 14, 2017 at 11:29 AM
*To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

*Subject: *Re: [WIRELESS-LAN] eduroam AUP question

As eduroam is really a guest network, I would never make it the 
primary network for my users. Best to treat/deploy it is as a slightly 
better version of the WiFi you can get at Starbucks or McDonalds.


Jeff

*From: *"wireless-lan@listserv.educause.edu" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Michael Davis 
<da...@udel.edu>
*Reply-To: *"wireless-lan@listserv.educause.edu" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

*Date: *Friday, July 14, 2017 at 8:14 AM
*To: *"wireless-lan@listserv.educause.edu" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>

*Subject: *Re: [WIRELESS-LAN] eduroam AUP question

Seems to me that it's much easier now to just forget eduroam, remove 
it from campus, and go back to our

branded Wifi.

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Google Chromecast Provisioning Issue

[Michael Davis]

This isn't the behavior I've seen by the iOS versions of Google Home.  
Do you
have an iOS device to verify behavior?  It may be something in the 
Android version

of Google Home only.  Does the Chromecast setup complete though, even though
the final SSID switch of the controlling phone does not?

On 7/12/17 4:36 PM, Higgins, Benjamin J wrote:


Howdy:

We are having troubles with provisioning Google Chromecasts on our 
wireless network and was wondering if anyone else has seen this.


As a quick overview, we are end to end Aruba Wireless and ClearPass. 
Any EAP-TLS capable device is allowed on our WPI-Wireless and eduroam 
networks.  When connecting this way, the ClearPass Endpoint record is 
flagged as being EAP-TLS capable.


We also have a WPI-Open unsecure network for media devices/game 
consoles/etc.  To be on the WPI-Open network, the device must be 
registered in our IPAM which then creates a ClearPass EndPoint and 
Guest Device.  Due to the magic of Aruba ClearPass, we are not 
allowing EAP-TLS flagged devices on WPI-Open.


Then due to the voodoo – a much higher level of magic – of Aruba 
AirGroups, devices on one network can talk to the other without 
problem.  This has been proven with an AppleTV and iPhone – so it does 
work.



Enter the "Google Home" app on Android devices.  This app appears to 
communicate from the phone on WPI-Wireless to the Chromecast on 
WPI-Open during the provisioning process.  But near the end of the 
provisioning process, the Google Home app attempts to move the phone 
from WPI-Wireless to WPI-Open.  This operation is not supported in our 
environment so the process never completes despite the two devices 
seemingly being able to communicate.


I have been told that before the Google Home app – back when the app 
was the Chromecast app – you could provision a Chromecast and it would 
work flawlessly in this type of scenario.


Has anyone ever run into this problem the field?  How did you solve it?

Many thanks!

--ben

--

Benjamin J. Higgins (‘97), N1ZVY | bjhigg...@wpi.edu 



Senior Network Engineer, JNCIA, ACCA |  Office 508.831.4860

Worcester Polytechnic Institute  |  Cell   508.713.1739

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] eduroam AUP question

[Michael Davis]

In the AUP itself, it's stated:  "No person or party may use the eduroam 
services without agreeing to this Acceptable Use Policy."


I would be curious to see how others are meeting this.  We already have 
thousands of users using eduroam,
do we now go back and force them into a Captive portal to agree to the 
AUP ?


Seems to me that it's much easier now to just forget eduroam, remove it 
from campus, and go back to our

branded Wifi.


On 7/11/17 4:56 PM, Elizabeth Shannon wrote:


Section 3.3.7 of the Internet2 eduroam connector Agreement, states 
“Connector used reasonable efforts to ensure that such employee or 
Student IdP User acknowledged the AUP”.  I would like to know other 
institutions are meeting this requirement. We offered K-State branded 
SSIDs, eduroam, and Guest; users do not have to acknowledge terms of 
service or accept an AUP. Thanks.


--

Elizabeth Shannon, CIPT

Kansas State University

Information Security and Compliance

785.532.2540

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Aruba AP Models - 315 vs 325

[Michael Davis]

Some boot info from new Aruba models:

AP-315
Model: AP-31x
DRAM:  491 MB
SF:Detected MX25U3235F with page size 64 kB, total 4 MB
Flash: 4 MB
NAND:  132 MiB
CPU: ARMv7 Processor [512f04d0] revision 0 (ARMv7), cr=10c5387d

AP-325
Model: AP-32x
DRAM:  491 MB
SF:Detected MX25U3235F with page size 64 kB, total 4 MB
Flash: 4 MB
NAND:  132 MiB
CPU: ARMv7 Processor [512f04d0] revision 0 (ARMv7), cr=10c5387d

AP-335
PU0:  T1024E, Version: 1.0, (0x85480010)
Core:  e5500, Version: 2.1, (0x80241021)
Single Source Clock Configuration
Clock Configuration:
CPU0:1200 MHz, CPU1:1200 MHz,
CCB:400  MHz,
DDR:800  MHz (1600 MT/s data rate) (Asynchronous), 
IFC:100  MHz

FMAN1: 600 MHz
QMAN:  400 MHz
L1:D-cache 32 KiB enabled
I-cache 32 KiB enabled
Board: AP-33x
I2C:   ready
SPI:   ready
DRAM:  512 MB (DDR3, 32-bit, CL=11, ECC off)
Testing 0x - 0x1fff
POST1: memory passed
Flash: SF:Detected MX25L3205D with page size 64 kB, total 4 MB
L2:256 kB enabled
Corenet Platform Cache: 256 kB enabled
Using SERDES1 Protocol: 153 (0x99)
NAND:  128 MiB

AP-365
Model: AP-36x
DRAM:  512 MiB
Flash: Detected W25Q32FV_SPI: total 4 MiB
NAND:  128 MiB
CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
SMP: Total of 4 processors activated (384.00 BogoMIPS).


On 5/1/17 12:46 PM, Chuck Enfield wrote:


The differences that I know of are:

-330 series supports VHT160.  I can’t see using it, but if you can 
than this is the AP for you.


-330 has switchable antenna polarization, which should allow better 
H-plane coverage when wall-mounting the AP. I haven’t tested this to 
see how well it works, but a bracket to wall-mount an AP while 
maintaining its horizontal orientation is pretty inexpensive.


Traditionally, each higher Aruba AP series also has more memory, and 
often a better processor, to ensure adequate performance in the 
densest users environment.  I recently asked my VAR about how the 
320’s and 330’s compare in this way, but haven’t heard back from them 
yet.  Anybody know?


Chuck Enfield

Manager, Wireless Engineering

Enterprise Networking & Communication Services
The Pennsylvania State University

110H, USB2, UP, PA 16802

ph: 814.863.8715

fx: 814.865.3988

*From:*The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Steve Hess

*Sent:* Monday, May 01, 2017 12:07 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Aruba AP Models - 315 vs 325

Aruba folks,

Looking for opinions on whether the price premium of the 325 over the 
315 is worth it.


Thanks,

Steve

https://wheatoncollege.edu/tools/email-signature/img/email_r1_c1.gif

https://wheatoncollege.edu/tools/email-signature/img/email_r2_c1.gif



Steve Hess

Manager of Networking and Telecommunications

26 E. Main St Norton, MA 02766

t. 508-286-3413

f. 508-286-8270

https://wheatoncollege.edu/tools/email-signature/img/wheaton-college.gif 
Wheaton College on Facebook 
Wheaton College on Twitter 
Wheaton College on LinkedIn 




** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.