RE: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

[Oakes, Carl W]

We had the 515’s at 2.5 Gig initially, but ran into a PoE issue on that style 
port, so right now they are back to a Gig until that is resolved.

~Carl O.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Christopher Brizzell
Sent: Thursday, September 5, 2019 1:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

Thanks for the responses.

Is anyone running multi-gig out to their APs or just a 1Gbps link?


Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Hurt,Trenton W.
Sent: Thursday, September 5, 2019 3:52 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

We have over 100   515s and 535s deployed.  I have disabled the HE (ax) radio 
for now due to  legacy client issues. (intel)   I’ve seen this with other ax ap 
vendors so not just aruba thing.  Yes updating drivers has fixed but it’s 
really hard to instruct end user to go download drivers when the device doesn’t 
see any ssid even open guest one.   We weren’t seeing many ax clients so 
disabling this phy isn’t really huge issue for us today.

We have been very pleased with the performance of the system from client 
perspective.  But going from 802.11n 2ss aps to 802.11ac 4ss with 5ghz in room 
design probably has more to do than model of the ap.  Now the 8.x gui in aruba 
is another story.   Learning the ways of the mm cli will get you much farther 
than the buggy gui that is in the 8.5 train.  I’m on the latest 8.5.3 code as 
well.


Thanks
Trent



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Julian Y Koh
Sent: Thursday, September 5, 2019 3:32 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

On Sep 5, 2019, at 14:08, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

We've done a test deployment of Aruba 515s.  There seem to be some driver 
compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
connect and see SSIDs just fine in our building with 315s.  When she came to 
the building with 515s, she saw nothing.  I updated her drivers, and then 
everything worked.  So just be aware you might see more of that.  We were 
running 8.503 code (I think).

Having users update their device drivers is on our standard troubleshooting 
script for when people call in trouble reports.  It’s been solving problems for 
years.  :)

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
>
PGP Public Key: 
>


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If 

RE: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

[Oakes, Carl W]

We’ve got a new  5 Story Science building fully deployed with 515’s, so far so 
good.  We had the same driver issue, Intel AC-7620 was the card in question.  
Semester is two weeks in and no complaints.Actual benefits, eh, I think 
I’ve seen two clients connect as WiFi6 (HE). J   Hope to see more as clients 
become available. I like the new mounting system for the AP’s.We have 
one small building / isolated that we plan to drop a 555 in to see how it 
behaves.

The good news is that they work, so by deploying now you have a little more 
future proofing, ie, not buying older model AP’s.

We did have a PoE problem with the AP’s and switches (Alcatel-Lucent), still 
under review, but we were able to mitigate it for now.

We also moved to Aruba v8 (8.5.0.2) this summer, and let AirMatch choose 80 Mhz 
channels if it wanted too, which it did for a lot of the AP’s, that too has 
gone well.  Keeping an eye on that one though.

Carl Oakes
Senior Network Architect
California State University Sacramento
oake...@csus.edu



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Julian Y Koh
Sent: Thursday, September 5, 2019 12:32 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wi-Gi 6 APs

On Sep 5, 2019, at 14:08, Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:

We've done a test deployment of Aruba 515s.  There seem to be some driver 
compatibility issues.  We have 2 IT buildings.  I had an induvial able to 
connect and see SSIDs just fine in our building with 315s.  When she came to 
the building with 515s, she saw nothing.  I updated her drivers, and then 
everything worked.  So just be aware you might see more of that.  We were 
running 8.503 code (I think).

Having users update their device drivers is on our standard troubleshooting 
script for when people call in trouble reports.  It’s been solving problems for 
years.  :)

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2020 Ridge Avenue #331
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

[Oakes, Carl W]

We just went option 1, did a self-signed 20 year CA, then generated radius 
certs off that.   Only role/function of that CA is for RADIUS.  (PEAP-MSCHAPv2).
For the most part, things went well, we use SecureW2 for onboarding if clients 
choose to do so, which installs the CA and sets the verification check, with a 
wildcard against the domain so any number of radius server changes could be in 
play.. (*.network.).

Only issues so far with this:

1 - Windows 7 will not trust the cert unless you onboard / install the CA, just 
joining the network doesn't work.
2 - We've had about a dozen Windows 10 clients fail to connect out of 1,000's.  
Appears to be a software/patching issue, chasing with Microsoft now.   If we 
boot the problem machine from a clean windows 10 boot disk, works fine.

I doubt we will get 20 years out of it.  Sometime before hand we will probably 
need to update due to encryption levels, exploits, new methods, etc.  But at 
least we won't be changing simply because the timer ran out. :)

I look forward to option 4 in the near future, although it doesn't fully solve 
the issue, but since folks need to onboard, makes things easier to manage.

Carl Oakes
California State University Sacramento



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Monday, October 30, 2017 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

Thanks Philippe.  Hadn’t thought about fragmentation coming from the internet.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset
Sent: Monday, October 30, 2017 5:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

All,

We love option 4 but it has its issues...and on that note let me share (with 
his permission) a tidbit from Curtis Larsen from University of Utah
sent to the eduroam-admins list about EAP-TLS and firewalls/load balancer.
Make a mental note for the future ;-), it took us a while to discover that 
problem: Fragmentation, fragmentation, fragmentation.

Best,

Philippe

Philippe Hanset
www.anyroam.net

--
From Curtis:

We resolved this today working with our Firewall team but I wanted to thank 
Chad with Anyroam support for helping with the pcaps and suggesting a look at 
fragmentation initially.

It turns out our problem had to do with how fragmented packets are handled by 
our border firewalls and our chosen load-balancing method on the respective 
port-channel interfaces.  The key is that we needed to balance these RADIUS 
sessions/transactions on source/dest. IP alone instead of including the TCP/UDP 
port as well.  The problem did not occur with PEAP MSCHAPv2 tests because the 
packets never fragmented and thus all had the same UDP port number and all got 
marked as the same session/transaction and sent out the same interface.  
Sometimes we got lucky and all EAP-TLS packets needed for a single 
authentication went the same way and it worked but often packets went different 
ways and the fragments were not able to be marked as part of the same 
session/transaction and that is when my server got half of the packets.

Curtis K. Larsen
Senior Wi-Fi Network Engineer
University of Utah IT/CIS
Office 801-587-1313
--

On Oct 30, 2017, at 4:19 PM, Mike Atkins 
> wrote:

We are option 3 with 3 year certs.  We were in the same boat as Craig just over 
a year ago.  We moved to a different onboarding utility and different CA.  It 
is a long story so feel free to hit me up offline.  That said, in the future we 
will likely end up using both options 3 & 4 to be flexible with 
device/owner/use.



Mike Atkins
Network Engineer
Office of Information Technology
University of Notre Dame
Phone: 574-631-7210


   .__o
   - _-\_<,
   ---  (*)/'(*)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Craig Simons
Sent: Monday, October 30, 2017 2:22 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

All,

I know the subject has been broached on the list a few times before, but I’m 
looking for informal opinions/survey about how you are deploying your Radius 
EAP certificates for PEAP/TTLS users (non-TLS). We use Cloudpath to onboard 
users, but recently went through a difficult renewal period to replace our 
expiring certificate. As we had configured all of our clients to “verify the 
server certificate” (as you should from a security perspective), we found that 
iOS/MacOS and Android clients did not take kindly to a new certificate being 

RE: Aruba OS 6.5.X

[Oakes, Carl W]

Hi Amel,

We've been on 6.5.3.2 for about a month.
Primarily AP 225's, but now some AP325 and 335's, and a couple AP 365/367's, 
along with some legacy 135,105 and 93h's.
~1,400 AP's total, all on a single 7240.  We have a second 7240 for backup, and 
a pair of 7210's for master redundancy.
Primary auth is eduroam, PEAP/MSCHAPV2 against Clearpass (6.6.7).

3 weeks into the semester and so far no issues, knocking on anything wooden I 
can find. :)

Carl Oakes
California State University Sacramento




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Amel Caldwell
Sent: Thursday, September 21, 2017 2:15 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba OS 6.5.X

Hi y’all—

We have depleted our supply of AP 215s and are wanting to begin installing AP 
315s on our campus and have been having a hard time finding stable 6.5.X code.  
Our school starts next week, and we just had a failed attempt at rolling out 
6.5.1.8 because we saw dozens of radar detected events right after upgrading.  
This was the fourth version of 6.5.1.x we have tried to put on this particular 
set of controllers and each has brought a new set of issue; STM crash and cause 
APs to lose contact with controller; AMON not sending firewall session data; 
radar detection events; LACP and VRRP problems to name a few.

Since most of you have been back in session for a month or so, I thought I 
would ask to see what code version you have, issues you may have experienced, 
and any war stories you might want to share.  It would also be interesting to 
know what types of APs and controllers, and a brief description of your 
environment.

Thanks

Amel Caldwell
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Wireless Monitoring

[Oakes, Carl W]

I manage a 4 node cluster, a master and 3 locals, centrally located that 
watches over 7 sites across California, no issues.
You should be fine.

Carl Oakes
Senior Network Architect
California State University Sacramento




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Martin MacLeod-Brown
Sent: Thursday, March 23, 2017 1:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Wireless Monitoring

Hi All

Im just curious as to how sensitive Airwave is to latency? I ask as I would 
like to put our new Airwave solution in our remote DC (typically 6-8ms average 
response time)
We would be looking at monitoring 500 AP's and 2000 connections. Does anyone 
here run a remote Airwave server, or does it need to be on site?

Thanks

Martin Macleod-Brown | Infrastructure Engineer
London Business School
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Certificate for 802.1x

[Oakes, Carl W]

This one hits home for me, going through this now on a certificate expiring and 
battling on what to do next.

Most clients don't trust any certificate, even if the device is set to trust 
them OS wide (web browser, etc).  The wireless / supplicant configuration needs 
to be setup to trust specific certs or CA's.

Onboarding tools can be used like SecureW2, Aruba , Cloudpath, eduroam CAT 
to load and enable the RADIUS cert and set it active/trusted.

If clients onboard themselves, just by manually attaching to the network, they 
trust the immediate certificate, and I think in some cases, just the digest of 
the cert, making future cert updates "eventful".

Clients when authenticating can't check the CRL or OCSP for certificate 
revocation, since they aren't on the network yet while trying to authenticate.

So, with all that, I really don't want to get another 3 or 4 year cert and deal 
with the expiring cert again.Not a pretty scenario.
Last time this happened, it hit us by surprise since we couldn't get a new cert 
based on the previously trusted CA.  E

I'm tempted to create a self-signed local CA just for the RADIUS server 
validation, and a then generate a single cert off that CA.   Then have SecureW2 
(what we have) provide that CA and mark it as trusted.
Since it's our own CA, was going to make it good for 20 years (just shy of the 
2038 unix time clock issue).Avoids the problem until after I retire. :)

In testing, so far this seems to work great.But test is very different than 
thousands of random student devices.

In theory it could be just a single self-signed cert, but I liked have the 
added bonus / flexibility / futures of the self-signed CA just in case.

Either way, if the private key of the RAIDUS cert gets compromised (commercial 
or self-signed), it's a world of hurt to get folks moved over in a secure way.

Has anyone done this?  Good or bad? Am I missing anything key?

Next up will be client based certs, but that doesn't fix/resolve the above 
issue.

Carl Oakes
California State University Sacramento




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric Glinsky
Sent: Monday, March 13, 2017 12:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Certificate for 802.1x

Hi everyone,

I'm looking for thoughts/opinions/experiences on 802.1x and security 
certificates. I dug through the archives from a few years ago, and from what I 
gather it isn't even possible to use a 3rd-party cert so devices (iOS, OS X, 
Windows, Android) trust it automatically, but maybe someone has succeeded with 
this by now? If so, which CA would you recommend?

For us, our GoDaddy wildcard cert failed to authenticate clients, so we went 
with DigiCert. That isn't trusted by clients by default, offering no benefit 
over our domain-generated cert, with which all Apple and Windows 8/10 devices 
must be told to "trust," Windows 7 fails to authenticate entirely, and Android 
just works. We have a Cisco WLC and Windows NPS.

Thanks for any pointers you can give!

- Eric
This e-mail message is intended only for the person or entity to which it is 
addressed and may contain CONFIDENTIAL or PRIVILEGED material. Any unauthorized 
review, use, disclosure or distribution is prohibited. If you are not the 
intended recipient, please contact the sender and destroy all copies of the 
original message. If you are the intended recipient but do not wish to receive 
communications through this medium, please so advise the sender immediately.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: 7Signal- anyone?

[Oakes, Carl W]

Hey Jim,

We are a 7 Signal customer and have been very happy with them.

We are and Aruba shop, so I'm not sure all that CleanAir gives you, but with 
Aruba and 7 Signal, there is some overlap in terms of RF Spectrum analysis, 
Rouges, etc.
(And that's nice in some ways to have each vendor verify the others findings).  
We have Aruba everywhere, 7 Signal in key areas.

What 7 Signal does give you is performance testing from a client perspective.  
The problem we had is from the Aruba Wireless system and other monitoring 
tools, wireless looked great, but from a client perspective, there were some 
issues.

So, the first big benefit was that it was able to test wireless as an 
independent auditor, to the wireless network it looks like another client.   In 
a repeated loop, it:
Associates (in can target specific AP's and radio bands)
Authenticates (Open web portal, or PSK, or 802.1x, or all of the above, which 
helps test/monitor your authentication back end)
DHCP's (this can help test for pool exhaustion, etc)
Transfer tests to sonar devices, both FTP for bandwidth and VOIP/SIP for 
jitter/latency, up and down.
All information is logged and tracked to give nice histories on what is going 
on.
It can also alert if it finds issues / thresholds.
You can control what you do in the loop, etc. Other stuff like Rouge detection, 
Spectrum Analysis, Passive tests, etc.

The longer term benefit was twofold:
1) The guys at 7 Signal are pretty sharp, they had a lot of good insight and 
recommendations within a little bit of time on campus.  Not just reporting 
problems, but solutions as well.
2) Trending.  As we play with our wireless vendor options, even code upgrades, 
7Signal's historical data can show marked improvements (or, performance 
degradation  :( ).

We didn't go the full Eye coverage model for the entire wireless space like a 
hospital might do, instead we focused one Eye per Aruba controller to help 
verify the controller was behaving, for each controller we picked a high 
utilization area to get the most info.  Since the initial deployment, we've 
bought a few more to focus on important areas such as large lecture halls or 
critical conference areas, working on installing those now.   We did run cables 
for each of the Eye's, just part of the project.  You could in a pinch deploy 
in the Telco closet to avoid the cable run.  Doesn't give the Eye the best 
visibility, but gets you up and running quickly.

As for modifications, it's not just about AP location but configuration 
parameters as well, channel / power fluctuations, config parameters, etc.

One of the biggest benefits we saw was turning off 802.11b.  We knew it would, 
but it was nice to see stats from 7Signal to help prove/show it.

Hope that helps, let me know if you have any questions.

Carl Oakes
Network Architect
California State University Sacramento
oake...@csus.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, May 31, 2013 12:25 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 7Signal- anyone?

Hello to the group,

I know that this has been discussed before, but I'm coming back around to it. 
I'm intrigued by 7signal.com and see attractive aspects to their approach, but 
find myself struggling with:

* Pricing- Seems incredibly expensive

* What's really being delivered- we are a CleanAir environment, so much 
of 7Signal would be duplicitous in function, and so far I can't tell all what 
one is delivering that the other leaves out

* What 7Signal expects you to do to optimize- there are locations where 
APs cannot be moved, there are groups of clients that you are likely not going 
to easily pin down for driver updates, etc, and only so many system settings 
you can tweak without creating other issues

* Deployment model- given that Eyes themselves need to be cabled, it's 
not exactly easy in all cases to deploy them and there is no radio backhaul 
option

All of my cynicism aside- is anyone on the list a 7signal user? Any 
testimonials or thoughts?


Thanks very much-

Lee Badman
Syracuse University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiFi Quality Monitoring

[Oakes, Carl W]

Not that I could find.  I'd been looking for quite a while to find such a tool 
and none of the items out there tested from a client perspective.  I talked to 
vendors like Aruba, Cisco, AirMagnet, Fluke, some resellers, etc and mentioned 
what I was looking for, none of them could do it, nor knew of a company that 
was doing it.  The closest thing I found was Meru could take their AP's and 
switch it into client mode and test its neighbors.  Airwave also has a cool 
client utility, but it's not widely used, my hope is they will do more with it.
I was just about to develop a tool in house that would leverage our existing 
performance tools, the plan was to deploy some PC's in key locations and do 
some tests on a recurring schedule and alert on issues, I just started to play 
with that when I found 7Signal.

7Signal has some overlap with other tools, it can do Spectrum scanning, Rogue 
detection, etc, all handy to have btw, and could be worth it on their own 
merit. 
The ability to work as a client and report back on 
Association/Authentication/DHCP/File Transfer and VOIP metrics seems to be 
unique to them for now, and it provides a lot of good info both from a 
troubleshooting / pro-active response point of view, and as validation of 
parameter tweaking. 

Our initial deployment was one Eye per controller so that at a minimum we 
know the AP's / Controllers are operational.  We choose high density areas for 
each controller to get the most benefit from the unit (Student Union, Library, 
etc).  We are hoping to expand this year for additional coverage of other high 
density areas along with key classrooms.

Carl Oakes
California State University Sacramento

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Adam Forsyth
Sent: Friday, October 26, 2012 5:26 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi Quality Monitoring

Does 7Signals have any competitors out there?  Certainly wireless gear has 
sensing capabilities, and there are some dedicated sensors out there, but 
that's all got an IDS focus to it.  As I look around I don't see anyone else 
that's monitoring the wireless network and its performance from the point of 
view of a wireless client.

On Fri, Oct 19, 2012 at 9:32 AM, Oakes, Carl W oake...@csus.edu wrote:
 We use 7Signal (www.7signal.com) to continually test and compare 
 performance against areas of campus.  Neat product, it's been good at 
 detecting issues, but even more useful in providing good feedback when we 
 make changes to the
 wireless environment, such as dropping B support, etc.They can do a lot
 (spectrum analysis, wifi monitoring, etc), but one of the basic 
 features is that they act as clients, target specific AP's and test 
 attaching, login in, DHCP and then file and VOIP performance tests.



 (Don't let their Health Care centric web page discourage you... J )



 - Carl



 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanson, Mike
 Sent: Friday, October 19, 2012 7:18 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] WiFi Quality Monitoring



 We have a much much smaller wireless network than you all at 200 Cisco 
 fat AP's controlled with Aruba's Airwave product, but I have been 
 noticing in the last several months the same type of behavior with our 
 AP's. I have traditionally rebooted the AP's twice a year to clear out 
 the memory and or during a firmware upgrade. In the past year I did 
 not reboot the AP's and have begun to receive complaints of poor 
 connectivity and throughput. A reboot of the AP fixes the problem.



 I have not contacted Cisco about this problem yet.



 Mike




 Mike Hanson, CISSP
 Network Security Manager
 The College of St. Scholastica
 Duluth, MN 55811



 On Fri, Oct 19, 2012 at 8:49 AM, Caston Thomas 
 ctho...@iworkstech.com
 wrote:

 Www.7signal.com

 Caston Thomas
 InterWorks
 Sent from my iPhone
 586.530.4981 mobile
 248.608. office


 On Oct 19, 2012, at 9:32 AM, Christina Klam ck...@ias.edu wrote:

 Good Morning,

 We have noticed that after ~4 months the quality of our Cisco 
 wireless network sours.  We will get reports of poor wireless quality 
 from users sitting directly under an access point.  Often the WCS 
 will report users on the access points with good dBm, but in reality 
 the users can barely search the web.  (I cannot remember if the 
 average client SNR was looked at).  The solution is to reboot the 
 access point.  So, we now are now talking about scheduling a reboot 
 of all access points and controllers
 (4400s) every 3 months.  While this may work to keep the problem at 
 bay, it does not address two related questions.

 1.  Why is this happening?  When I mentioned this behavior to a Cisco
 TAC, they said they had never heard of this before.   As this has been
 our norm through

RE: [WIRELESS-LAN] Disabling 802.11b speeds

[Oakes, Carl W]

We turned off all B rates this summer along with 802.11b protection (we are 
an Aruba campus).  We did it during the summer and saw immediate improvements 
in speed.  To be effective, you need all B rates off, the goal isn't to kill 
the lower speeds, the goal is to kill B altogether.  It's an older and less 
efficient protocol. 

Part of the reason for the increase of speed even during the quiet time of 
summer is that the AP's will use the lower speeds 1Mps/2Mps for management / 
broadcasting / Beacons / etc.  By dropping B, the slowest speed is now 6 Mbps 
for all the base level management traffic, etc.

No complaints so far, we have both open and wpa2 and all sorts of devices.  

Stats from last semester showed almost no B usage, so we felt pretty safe in 
shutting it down.

I have heard that the Wii's want B/1Mbps to find the AP and then can ramp up, 
but haven't confirmed / seen this yet. 

Carl Oakes
California State University Sacramento

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew
Sent: Thursday, September 27, 2012 8:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds

In my experience, disabling b rates only help in areas with high AP density, in 
particular, Apple devices that like to be very close to the APs.  In areas with 
low AP density, it could create issues for devices such as Macbooks. 

Marcelo Lew
Wireless Enterprise Administrator
University Technology Services
University of Denver
Desk: (303) 871-6523
Cell: (303) 669-4217
Fax:  (303) 871-5900
Email: m...@du.edu



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Harry Rauch
Sent: Thursday, September 27, 2012 8:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Disabling 802.11b speeds

We will probably end most of the B rates at the end of this school year. 
They have not been a problem since switching to Ruckus wireless. We get a LOT 
of BYODs on campus, we support TVs, Game Consoles, wireless printers, etc. Most 
of our slower B traffic has been Android devices.

Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. 
Petersburg, FL 33711
On 9/27/12 9:30 AM, Watters, John wrote:
 We disabled all the b speeds several years ago. Had no complaints then and 
 continue to not have any.

 -jcw

 -
 John WattersUA: OIT  205-348-3992


 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
 Sent: Thursday, September 27, 2012 7:55 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Disabling 802.11b speeds

 This has been discussed in the past, but it has been a long time.

 We're at the point that we have to turn off the lower connection rates 
 on our campus.  I'm curious what other schools have done and the 
 positive/negative results from the changes.  We have disabled 1, 2, 
 5.5, and 11 Mbps in some of our buildings with great success, but some 
 might argue to just eliminate 1  2 Mbps rates.  Also, I'd be 
 interested to hear from schools that have not disabled these rates and why 
 not.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Fwd: Re: [WIRELESS-LAN] Apple Petition- Mid-Week Sanity Check

[Oakes, Carl W]

I agree that we should include some of the key networking issues we see, 
WPA2-Enterprise, Opportunistic Key Caching, etc.  Basically we’d love to see 
Apple take a leadership role in supporting these technologies instead of their 
current status as a boat anchor forcing us to keep many of these features 
turned off.  We should keep the petition short and to the point, which so far 
it appears to be, just need to add in a few more bullets. ☺

Thanks for putting this together!!

Carl Oakes
Network Architect
California State University Sacramento



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of jkaf...@utica.edu
Sent: Thursday, July 12, 2012 8:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Fwd: Re: [WIRELESS-LAN] Apple Petition- Mid-Week Sanity 
Check



I've never had a complaint about BonJour but consistently have issues with 
Apple devices connecting via wireless or getting snagged in NAC.  As far as I 
know Macs connected via 802.1x still cannot survive a password change without 
blowing away the key chain.

Bonjour is a networking issue as are the wireless issues.  I'd like to see them 
included in the petition due to the considerable effort it takes to get the 
petition together.  Would we do another petition for the wireless issues?  How 
would that come off?  Seems like we would lose signatures on our end and we 
would lose the punch on their end.

John Kaftan
Infrastructure Manager
Utica College

- Reply message -
From: Kellogg, Brian D. bkell...@sbu.edu
Date: Wed, Jul 11, 2012 10:26 am
Subject: [WIRELESS-LAN] Apple Petition- Mid-Week Sanity Check
To: WIRELESS-LAN@listserv.educause.edu

I agree.  I think if it get too broad it is just going to look like a 
well-organized rant.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Johnson, Neil M
Sent: Wednesday, July 11, 2012 10:25 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: Apple Petition- Mid-Week Sanity Check

It's just my opinion, but while asking Apple to implement OKC sounds like 
worthwhile idea, I'd like to keep the focus on Bonjour and Airplay for this 
petition.

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: 
neil-john...@uiowa.edumailto:neil-john...@uiowa.edumailto:neil-john...@uiowa.edu%3cmailto:neil-john...@uiowa.edu


From: Curtis K. Larsen (UIT-Network) 
curtis.k.lar...@utah.edumailto:curtis.k.lar...@utah.edumailto:curtis.k.lar...@utah.edu%3cmailto:curtis.k.lar...@utah.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3cmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Wednesday, July 11, 2012 9:05 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3cmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3e
 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3cmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple Petition- Mid-Week Sanity Check

What is the scope of the petition?  What is the goal?  Is it only to improve 
the Airplay feature in the enterprise?  If so, the petition looks fine to me.  
If the goal is to encourage Apple to incorporate enterprise support in *all* of 
their products, then we should include more lacking enterprise features in 
other products in the petition.

I don't want to muddy the waters with the message we are sending, but in my 
opinion - as soon as you get things like Airplay working you have another big 
problem and that is that you cannot pull off a seamless roam from any Apple 
device connected to a WPA2-Enterprise SSID.  So if you are fine with telling 
those users to stay put while doing Airplay, or voice apps, etc. then no 
biggie, but if you want to support mobile real-time video/voice - these devices 
have to support a fast-roam using an Enterprise method.

Since Windows XP, microsoft supports this - it is called opportunistic key 
caching.  You can add the feature to Linux by editing the wpa_supplicant.conf 
file and adding proactive key caching.  All of the WiFi phones (Cisco, Avaya, 
Polycom) support this.  Not a single Mac or iOS device does.

Some think 802.11r is the solution - I have my doubts that Apple will ever 
incorporate 802.11r, and if they did and you turn it on, then all of your other 
non-802.11r devices on that SSID will no longer fast-roam.  ...May be something 
to consider.


Curtis Larsen
University of Utah
Wireless Network Engineer
Office 801-587-1313



From: The EDUCAUSE Wireless Issues Constituent 

RE: [WIRELESS-LAN] shared lab devices using enterprise WPA2

[Oakes, Carl W]

We use the same SSID for all WPA2 stuff, nice to keep the number of SSID's the 
users see to a minimum. 

We have the laptop login via its computer account with 802.1x against AD, then 
any user can login with their AD credintials and the laptop then re-auths to 
the network with the users identity.  You could have the laptop configure not 
to re-auth with the user, and rely on AD events/logs. 

- Carl Oakes
  CSU Sacramento


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Matthew Clark
Sent: Tuesday, September 27, 2011 2:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] shared lab devices using enterprise WPA2

We use Active Directory group policy and the 802.1x configuration for our 
Windows 7 clients.  It uses their AD credentials to validate to the secure 
wireless network then logs them into the computer.

Matthew
William John Bigelow wrote: 

RE: [WIRELESS-LAN] selectively disabling wireless in classrooms

[Oakes, Carl W]

Same here, we've been asked over the years, no for all the same reasons.

I did see one wireless product, forgot who (maybe meru?) that claimed with 
enough AP's you could tell if the user is in the room or not, and if so, kill 
their access.
Neat idea, not sure if anyone does it, still a scheduling nightmare.

I had a funny counter, modify one (or more) classrooms and turn them into a 
Faraday cage, kill all signals in and out.  Maybe even as testing center.  
Faculty could then schedule that room.
I'm sure facilities mgmt would love that. ;)


-  Carl

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jacobson, James
Sent: Friday, September 23, 2011 7:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] selectively disabling wireless in classrooms

Last year we tackled this problem by working with the Deans and administration 
of the University.  Ultimately, it was decided that wireless access will remain 
on and available at all times as the management overhead would be horrendous to 
activate/deactivate AP's, there was no guarantee of bleed over from another AP, 
and there was no way for us to stop any type of cellular signal.  In other 
words, if our students wanted to access wireless services, they would find a 
way regardless of the restrictions we tried to enable.  The Deans made it clear 
to their faculty that wireless services would be installed in all classrooms 
and lecture halls (we have some programs that are required to have laptops) and 
would be available to students at any time.

Adoption of wireless technology in the classrooms has been well received and 
having the support of the Deans and University administration really helped.


James Jacobson
Information Technology Services
__

[Description: Description: mwuseal (Custom)]Midwestern University



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James P
Sent: Friday, September 23, 2011 7:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] selectively disabling wireless in classrooms

Well, it's that time of year again 

the time when we get calls from a handful of faculty who want the ability to 
disable the wireless access point that covers their classroom during specific 
class periods (they also want cellular coverage disabled during those times -- 
yeah, right ..).When I point out that the AP that covers their 
classroom may also provide coverage for the one next door, or that with a 
controller-based architecture, shutting off one access point would likely just 
increase the signal coverage area of adjacent APs, the response I usually get 
back is well, I KNOW that other universities are doing it, so  FIX IT.

So, let me ask my biennial question: what ARE other universities doing in this 
regard?I was specifically given U of Michigan as an example.Anyone know 
what they're doing? Any successful implementation details from anyone 
dealing with this issue are welcome.And yes, I am biting my tongue to not 
say teach more engagingly.

Thanks in advance!

-- Jim Gogan / Univ of North Carolina
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

inline: image001.png

RE: [WIRELESS-LAN] Wireless in dorms

[Oakes, Carl W]

Depending on your switch vendor, you can setup DHCP Trust, which says only 
certain ports can respond to DHCP requests.
Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco 
3750).

As for our wireless, we have Aruba deployed in our newer locations, and are in 
progress on the older buildings.  Actually looking to use the students wired 
jack to activate the AP.  We discourage via policy BYO Access Points campus 
wide, but don't enforce heavily in the non covered Res Hall areas, that will 
change as the Aruba deployment expands.

Carl Oakes
Network Architect
California State University Sacramento
(916) 278-5551 / oake...@csus.edu



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean
Sent: Monday, September 19, 2011 9:11 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless in dorms

We do have dorms segregated on separate vlans behind a firewall from the rest 
of the network.  However, the Rogue DHCP server issue is one of the main 
reasons we find out that a student is trying to run their own router.  We have 
a roguedhcp perl script that sends out dhcp requests every hour or so and sees 
who responds...  if any rogue's respond we quarantine them and tell them to 
unplug the router.

However that's not good enough for the BYOD policy.  So we're currently testing 
out ACLs and qos profiles on our switches that will just block the dhcp server 
responses on the endpoint ports.   So Timmy can run a dhcp server in his room 
all he wants without affecting anyone else.   I don't know why we didn't think 
of that years ago...

ray
--
Ray DeJean
Systems Engineer
Southeastern Louisiana University
email: r...@selu.edumailto:r...@selu.edu
http://r-a-y.org

On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie 
grac...@canisius.edumailto:grac...@canisius.edu wrote:
On 09/19/2011 11:04 AM, Ray DeJean wrote:
 All,

 We don't currently provide wireless in our dorms, and our official
 policy is to not allow students to bring their own wireless devices.  We
 don't actively enforce this policy though, and as long as the students'
 device isn't causing problems, they typically don't hear from us.  (We
 do provide at least a 100mbps wired connection to each student).

 We are considering changing our policy to allow BYOD (bring your own
 device) in the dorms.   I know lots of students already BYOD, but we're
 not policing it.  We're considering the costs associated with deploying
 our Aruba system to all the dorms, and the fact that students are going
 to BYOD anyway.   Rather than fight them, allow it.  We'll secure our
 wired network obviously, but also have workshops and online instructions
 to show the students how to properly connect and secure their device.
 Of course we realize the interference issues that may arise in a crowded
 2.4ghz space...

 The University of Wisconsin-Madison
 (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a
 policy like this in place.   Just looking to hear from other
 universities who have or are considering a policy such as this.
You don't mention what kind of network architecture you have - if you're
using a relatively flat topology, with comingling of residence hall,
administrative, and academic traffic, be sure that you've got technology
and procedures in place to shut down misconfigured endpoints.

Nobody will be happy when they start getting RFC1918 addresses from the
DHCP server on little Timmy's free-with-rebate Linksys AP.


--
Matt Gracie (716) 888-8378tel:%28716%29%20888-8378
Information Security Administrator  
grac...@canisius.edumailto:grac...@canisius.edu
Canisius College ITSBuffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Aruba

[Oakes, Carl W]

Hello,

We've had Aruba for several years now and are very happy with them. 

We have 5 M3's, 1 Master 4 Locals, ~800 AP's (could do it with 3 M3's, history 
there...) the Master acts as a failover for the locals.  We don't have 
redundancy on the Master at this time.  Would like to, but at the same time, 
hasn't been an issue and the Locals run just fine if the Master drops out (Just 
can't make changes until you get the Master replaced or re-configure one of the 
Locals).   We originally had SC-1 controllers, the M3 was a big improvement 
speed wise and the upgrade was straight forward.

We started with AP 60's originally, over last few years have gone to a mixture 
of AP105's and AP125's.  Both work great,  We use the 105's for 
horizontal/ceiling and 125's for vertical mounts.  The 105 can go vertical, but 
it's not optimal, the 125 can go either way.  Just got our first batch of 
135's, neat.  (Also have some 175 Outdoor units we are testing).  The bulk of 
our 105's are in the ResHalls, and they are surviving quite well. :)

Support has been great, we typically jump on the bleeding edge of the code 
(Just went to 6.1.2.2), and TAC along with the local sales/engineering team are 
great to work with and eager to help. 

We had a big Bake Off several years ago with 22 other campuses within 
California (CSU system has 23 campuses, pretty independent with unique 
requirements / priorities), it was a pretty big effort, Aruba came out the 
clear winner.  The top vendors had pretty similar feature sets that we needed, 
but Aruba matched everyone else and had those extra nuggets (PEF, Remote AP's, 
ARM, etc), and was cheaper than the comparable competition.  The Aruba team / 
company presented well, and you could tell they had some passion for what they 
were doing, they were excited about the product and their capabilities / 
futures.   

Policy Enforcement Firewall ROCKS.  Lots of ability to control the environment, 
not just inbound / outbound traffic, but user/vlan management, various 
protections against attacks, etc.  PEF is well worth it if you need the 
flexibility and security.  You could get by without it if you have a pretty 
static/simplistic design / needs, but I'd get it being a University, nothing is 
every simplistic. ;)

Just getting started with 6.1.2.2 and fingerprinting hosts, but we also use 
SafeConnect/Impulse for NAC, they have a great integration with Aruba and right 
now we let them handle the console identification issues.  We are in the 
process of the Aruba integration, so it's not deployed yet on wireless, still 
working on our deployment design, etc.  We currently have SafeConnect in use 
for our wired ResHall network.

Overall, very happy with Aruba, they have worked well, starting with the 
migration from our Legacy system (Thick Cisco 350's/1200's), to incorporation 
of new features and abilities with new firmware. 

Oh, almost forgot, great user community (AirHeads), and an equally great users 
conference, its small/focused on wireless, and the product leads are their 
along with the engineers, etc. 

Hope that helped, happy to chat more if you'd like any additional information. 

Carl Oakes
Network Architect
California State University Sacramento
oake...@csus.edu




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kellogg, Brian D. 
[bkell...@sbu.edu]
Sent: Wednesday, August 17, 2011 6:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba

Looking for thoughts on Aruba for the following:

M3 controller
105 APs
How is their support?
What were the differentiators with Aruba that led to your institution choosing 
them over others?
Stability of firmware in APs and controller?  If we choose Aruba we most likely 
will not be able to afford a redundant controller so this is important for us.
Overall satisfaction with the Aruba solution?
Do you find the Policy Enforcement Firewall worth the price?  Are you using it 
to identify gaming stations and allowing limited access for them successfully?


thanks again,
Brian
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Information Services (including the  HelpDesk)  will NEVER ask for your 
password or other personal data via email. Messages requesting such details are 
fraudulent. DELETE THEM WITHOUT REPLY.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] idEngines selling assets

[Oakes, Carl W]

Thanks for the tip to www.cloudpath.com.  We had just started to talk to 
IDEngines about AutoConnect when things went bad with the company.  Needless to 
say, I was bummed, not only for our existing RADIUS server, but another handy 
tool wasn't going to be available to us.  :(

Autoconnect was OEM'd from CloudPath, so at least that product is alive and 
well.  I've received a demo and price quote.  (There might even be some 
familiar names over in cloudpath these days).

If you are an autoconnect customer, (or were looking to be one), hope is not 
lost.

Thanks again for the link!

Carl Oakes
Senior Network Architect
Networking  Telecommunications Services / IRT
California State University Sacramento
(916) 278-5551



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Jim Gogan
Sent: Tuesday, September 30, 2008 11:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] idEngines selling assets

Funny you should mention that.We had been looking at AutoConnect and
saw a lot of potential there, when we were informed by one of the
engineers with our network switch vendor that we should take a good look
at a company called Cloudpath (http://www.cloudpath.net/).

You'll find they have a product called XpressConnect that looks
AMAZINGLY (cough, cough) similar to AutoConnect.   I think you'll find
that the Cloudpath folks were actually the engine (no pun intended)
behind AutoConnect.In fact, we had found a bug with AutoConnect in
our evaluation of that product and when we had talked to the developer
with Cloudpath, he recalled being notified of that bug from the
idEngines folks and dealing with the fix for it.

In our evaluation/assessment of Cloudpath XpressConnect so far, we have
found them to offer everything we were getting with idEngines
AutoConnect, but with even faster turnaround in fixes and feature
enhancements and outstanding pre-customer support.   Indeed, they worked
with us to move what we had set up in evaluation of the AutoConnect
platform over to their XpressConnect system so we didn't have to start
from scratch.

Eliminating the middle man here appears to have been a good decision.
Again, check out http://www.cloudpath.net/ and see if it doesn't look
familiar.

-- Jim Gogan
Director, Networking
University of North Carolina at Chapel Hill

Scott Himes wrote:
 Hi Brian,



 Thanks for the frank report from your perspective. It's helpful for your
 customers to know as much as possible about what's going on, even if
 it's not the official word. Have you heard anything else from the
 support side? Do you have any idea how long support will be up and running?



 For the list: how many of your institutions are currently using
 AutoConnect and would be affected by idEngines potentially going away?
 Also, does anyone know of a product that is similar in function to
 AutoConnect? I'd hate to have to replace it, but it sounds like we ought
 to be prepared for that possibility.



 Thanks,

 Scott



 Scott Himes

 Director | Network  Telecom Services

 Biola University



 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 [mailto:[EMAIL PROTECTED] On Behalf Of Brian McMahon
 Sent: Monday, September 29, 2008 9:36 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] idEngines selling assets



 Quoth John York [EMAIL PROTECTED]:



   We just got a letter from lawyers saying that idEngines has made a

   decision to begin a process to sell its assets.  That's too bad, since

   they had a great product.  Don't know what it means about support...



 I'm not on the business side of the house and I can't speak for the company,

 but I can tell you that, at least for the moment, support operations are

 continuing.  I'm still employed, the telephone hotline and support website

 are both still operational, and we're answering technical questions to the

 best of our ability.



 What happens down the road is entirely up to whatever entity ends up in

 control of the idEngines assets.  Obviously, we all hope that the acquirer

 is someone who sees the value in our product, and will continue to develop

 and support it.  As you can imagine, this is of considerable personal

 interest to me as well.



 In the meanwhile, I strongly recommend that any customers who are not on the

 current (and in my experience, very stable) 5.0.5 code make plans to get

 there soon.  Anyone on pre-5.0 code, please be sure you read the part in the

 release notes about LICENSES first.  Proper prior planning prevents panicky

 support calls (or something to that effect).



 To reiterate, I am only able to speak as an individual technical staff

 member, and not for the company as a whole.  And I do wish I had something

 more positive to tell you all.  More news will no doubt follow.



 --

 Brian McMahon, Member of Technical Staff, Identity Engines

 [EMAIL