Re: [WIRELESS-LAN] Prime Infrastructure Validated Alternatives
Is anyone even happily using PI? On 10 January 2017 at 15:33, Lee H Badman <lhbad...@syr.edu> wrote: > This comes up on occasion, and I'm hoping to hear actual cases of users, > versus "have you heard about blah blah blah?" > > > For large Cisco WLAN environments on the list, is anyone happily and > effectively using non-homegrown wireless management other than Prime > Infrastructure? > > > Regards, > > > Lee > > > > > *Lee Badman* | Network Architect | CWNE #200 > Information Technology Services > 206 Machinery Hall > 120 Smith Drive > Syracuse, New York 13244 > *t* 315.443.3003 * f* 315.443.4325 *e* lhbad...@syr.edu *w* its.syr.edu > *SYRACUSE UNIVERSITY* > syr.edu > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > -- Oliver Elliott Senior Network Specialist IT Services, University of Bristol t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] IPv6 issues
We've also had IPv6 enabled on our wireless for many years. The TCAM usage on the 6k Sup2Ts hits about 50% utilization these days so we still have a comfortable margin. Even then there are the XL sups available with gigantic TCAMs. This is with ~2500 APs and tens of thousands of concurrent clients. The main issue we still have is Androids stubborn insistence on avoiding stateless autoconfig, so we have DHCPv6 running. Oli On 9 September 2016 at 20:27, Bucklaew, Jerry <j...@buffalo.edu> wrote: > We have had IPv6 enable on all our wireless for over 5 years now. The > only issue we have seen is some gear processes > ipv6 packets via cpu instead of at the hardware layer. The most recent > issue is we had to move away from ipv6 verify > source as it was done at the cpu level so we went to ipv6 traffic filters > further upstream. > > > On 09/09/2016 02:01 PM, Dave Soltis wrote: > > Good afternoon, > > > > Has anybody had any experience with turning on IPv6 for a mid-large size > University. > > We turned up IPv6 during the summer and had no issues, but the first day > of classes > > where we saw 30,000 concurrent devices we had issues with the upstream > routers routing > > table exceeded(128k) and very high CPU. We have 5 Wism Blades in a > 6513VSS HA Configuration. > > Maybe we need to distribute ? or upgrade hardware ? Any > insights/suggestions would be much appreciated. > > > > Thanks > > > > -- > > Dave Soltis > > Wireless Network Analyst > > Information Services and Technology > > University of Alberta > > Ph.7804923144 > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > > at http://www.educause.edu/groups/. > > > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > -- Oliver Elliott Senior Network Specialist IT Services, University of Bristol t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] How big are your wireless segments?
The only real reason to segment these networks is to prevent broadcast storms, and the wireless controllers tend to have built in broadcast suppression rendering this harmless. I changed our main SSID from several /22s to a single /16 a while ago to negate the need to keep adding more subnets as the usage continues to grow. We've seen no problems with this whatsoever so far. Keep it simple! On 25 July 2016 at 16:32, Tony Skalski <a...@stolaf.edu> wrote: > We have about 50 /24s. The Aruba controllers hash the MAC address and drop > users into one of the /24s. We are at about 5,000 daily users. > > We have broadcasts and multicasts turned off for these wireless nets. We > don't use VLAN pools. > > ajs > > > > On Mon, Jul 25, 2016 at 10:21 AM, Brian Helman <bhel...@salemstate.edu> > wrote: > >> We are in the process of moving from a controllerless vendor to Aruba. >> Our current design is very segmented, to keep wireless device broadcasts >> from overwhelming the network and AP’s (we had this problem back in 11g >> days). Presently, we’ve limited segments to /23’s (give or take). In your >> controller-based environments, how large have you let these segments go? >> Is a /21, /20 … viable? >> >> >> >> -Brian >> >> >> >> >> *Brian Helman, M.Ed *|* Director, ITS/Networking Services | *(: >> *978.542.7272 >> <978.542.7272>* >> >> *Salem State University, 352 Lafayette St., Salem Massachusetts 01970* >> >> *GPS: 42.502129, -70.894779* >> >> >> ** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> >> > > > -- > Tony Skalski > Systems Administrator > a...@stolaf.edu > 507-786-3227 > St. Olaf College > Information Technology > 1510 St. Olaf Avenue > Northfield, MN55057-1097 > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > -- Oliver Elliott Senior Network Specialist IT Services, University of Bristol t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Alternatives to PI for Cisco WLAN
We trialed Airwave for a bit a year ago. The software itself blows PI out of the water but the Cisco support wasn't quite good enough. There is lag for support of newer APs (which PI also has to be fair), but more importantly there were lots of gaps in the data for several of our APs. Shortly after Aruba got bought out by HP so I don't imagine 3rd party support is going to be a high priority sadly. Oli On 25 March 2016 at 12:46, Lee H Badman <lhbad...@syr.edu> wrote: > For those of you that moved away from Cisco's PI, what have you gone to? > And how has it worked? > > > > Lee Badman (mobile) > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > -- Oliver Elliott Senior Network Specialist IT Services, University of Bristol t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] strange WLC behavior
The 7.6.x range was buggy as hell so I'm not surprised. Get off there asap! On 3 December 2015 at 16:15, John York <yo...@brcc.edu> wrote: > After a year of pretty much rock solid behavior we’ve had two instances > this week where EAP failed for some or all of the users on our WLC 5508 > (7.6.130.0). For some users it uses EAP-PEAP-MSChapV2 to a Windows AD > server running NPS. For others it uses EAP-TLS to Cisco ACS. Both were > experiencing the problem, but the WebAuth SSID worked fine. The ACS logs > showed “EAP session timed out.” The Windows NPS logs didn’t show any > authentication failures. > > > > After a few hours it fixed itself. I tried a 5508 reboot in one of the > instances, and it didn’t appear to help. None of the certs involved have > expired and there haven’t been any recent configuration changes. > > I was going to upgrade to one of Cisco’s suggested WLC software versions > over Christmas break—maybe this weekend would be better. > > > > Thanks > > John > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Multi Vendor environments in WiFi space
Jeff How did you achieve that discount, was it a significant bulk order? We tend to buy large amounts of switches and APs separately, if we can save a lot of money buying them together that would be nice! Oli On 15 October 2015 at 19:15, Jeffrey D. Sessler <j...@scrippscollege.edu> wrote: > I think it's always wise to look at other vendors when you're about to > replace that amount of equipment, but unless you are unhappy, it's unlikely > that the alternative will come out less expensive i.e. hardware purchase, > plus learning/supporting another vendor. > > If you're happy, work with your incumbent vendor to see what they'll do to > keep you in the family. > > For Cisco, right now there is a deal where you can get substantial > additional discounts on wireless if it's paired with switching (which also > gets extra discounts), and these stack on top of the discount you get > normally. Let's just say that 70%-ish off is not difficult. I took > advantage of the discount last year and the cost for a 3702i was pretty > amazing. > > Jeff > > > -Original Message- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oliver, Jeff > Sent: Thursday, October 15, 2015 9:42 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] Multi Vendor environments in WiFi space > > All, > > This is probably an old topic, but I have not seen anything in a while on > it. > > At present we are a Cisco shop with regard to our wireless deployment, and > we are looking at changing out a substantial number (250) of our AP's (1131 > to 3702). These AP's represent about 30% of our deployment so is a > substantial investment, and as such our CIO has asked us to look at other > solutions. > > I am wondering if any of you are running multi vendor environments and if > so, what the UX is like? What are the toolsets like regarding management of > two disparate systems? > > > > Cheers, > Jeff > > --- > > Jeffrey L. Oliver > Sr. Network Analyst > Information Technology Services > The University of Lethbridge > 4401 University Drive, Lethbridge, Alberta, T1K 3M4 > > Tel:403.329.5162 > Mob:403.315.4461 > Fax:403.382.7108 > > URI:jeff.oli...@uleth.ca > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > > ** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] New 3702 APs not playing well with Spanning-Tree Portfast Out-of-Box
We had this behaviour on a batch of 2702s, the firmware that was preloaded had this bug that went away once the associated and upgraded. It's a right pita changing the port config to get them to connect, then reverting it later, but not as bad as the other firmware bug causing APs to use the wrong MAC address until they upgraded. On 11 August 2015 at 13:21, Lee H Badman lhbad...@syr.edu wrote: Wondering if anyone has seen similar with Cisco APs: On switchports that have been fine for other Cisco APs, a run of new 3702s are going into error disable. If you turn on the ability to see why in the switch, the APs – only when new out of box—are sending BPDUs to ports that have Spanning-Tree Portfast on as a rule. If you remove portfast, the new 3702s go off to the WLC just fine, get updated for code, and then work as expected. You can restore spanning-tree portfast, reboot the APs (that are no longer “out of box”) and they behave fine on the portfast-enabled ports. I’ve not seen this behavior with any other Cisco AP, and I don’t think it happened with our earliest 3700s, either. Does this oddity ring familiar with anyone? Thanks- Lee *Lee Badman* | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 *t* 315.443.3003 * f* 315.443.4325 *e* *lhbad...@syr.edu* lhbad...@syr.edu *w* its.syr.edu *SYRACUSE UNIVERSITY *syr.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] eduroam Advertising
discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Peer-to-peer traffic blocking with multiple controllers
Thanks for the details Matthew, did you find these software based ACLs impact performance at all? What kind of scale of traffic are you seeing at peak? On 8 July 2015 at 14:25, Matthew Newton m...@leicester.ac.uk wrote: On Wed, Jul 08, 2015 at 12:00:27PM +0100, Oliver Elliott wrote: We have a Cisco WiSM2 based wireless system here in Bristol which is steadily growing. Cisco offer a feature on their controllers called Peer to Peer Blocking, which serves to prevent clients talking to each other. Has anyone else run into this problem and discovered an elegant solution for it? Not sure elegant, but we have a standard ACL on our WLAN which blocks traffic between client networks. Given (example) client networks 10.1.1.0/24 and 10.1.2.0/24, the ACL looks something like the following. Essentially it does - allow incoming client traffic to lower part of ranges (gateway, dhcp server, etc, no clients here) - block incoming any traffic to each client pool range - allow incoming any other traffic (e.g. to Internet/campus) - allow outgoing anything (i.e. to the clients) Seems to work; we've had this in place for many years now. And yes, I absolutely hate Cisco WLC ACLs. Apart from a CPU ACL this is about the only one on the controllers, and I avoid touching them at all costs. Why they can't do ACLs like on IOS I have no idea (I know where AireOS came from, but they've had, what, 10 years to fix this total dog's dinner). Cheers, Matthew config acl delete eduroamblock config acl create eduroamblock ! allow from wireless subnet to 10.1.1.0/30 gateway, DNS server etc config acl rule addeduroamblock 1 config acl rule source address eduroamblock 1 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 1 10.1.1.0 255.255.255.252 config acl rule direction eduroamblock 1 in config acl rule action eduroamblock 1 permit show acl detailed eduroamblock ! allow from wireless subnet to 10.1.2.0/30 gateway, DNS server etc config acl rule addeduroamblock 2 config acl rule source address eduroamblock 2 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 2 10.1.2.0 255.255.255.252 config acl rule direction eduroamblock 2 in config acl rule action eduroamblock 2 permit ! ... repeat for other client ranges in the wlan ! deny from wireless subnet to other wireless subnet addresses config acl rule addeduroamblock 7 config acl rule source address eduroamblock 7 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 7 10.1.1.0 255.255.252.0 config acl rule direction eduroamblock 7 in config acl rule action eduroamblock 7 deny ! deny from wireless subnet to other wireless subnet addresses config acl rule addeduroamblock 8 config acl rule source address eduroamblock 8 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 8 10.1.2.0 255.255.252.0 config acl rule direction eduroamblock 8 in config acl rule action eduroamblock 8 deny ! ... repeat again ! allow from wireless subnet to anywhere config acl rule addeduroamblock 13 config acl rule source address eduroamblock 13 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 13 0.0.0.0 0.0.0.0 config acl rule direction eduroamblock 13 in config acl rule action eduroamblock 13 permit ! allow from anywhere to wireless subnet config acl rule addeduroamblock 14 config acl rule source address eduroamblock 14 0.0.0.0 0.0.0.0 config acl rule destination addresseduroamblock 14 0.0.0.0 0.0.0.0 config acl rule direction eduroamblock 14 out config acl rule action eduroamblock 14 permit config acl apply eduroamblock ! apply eduroamblock acl to eduroam interface config interface acl eduroam-if eduroamblock -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Peer-to-peer traffic blocking with multiple controllers
Hi all We have a Cisco WiSM2 based wireless system here in Bristol which is steadily growing. Cisco offer a feature on their controllers called Peer to Peer Blocking, which serves to prevent clients talking to each other. This works great if you only have a single controller, however we have 4 pairs in HA, so a client can readily see clients that happen to be on a different controller. The only solution to this that I can see is to use VACLs/Private VLANs on the host Cisco 6500s, but this may have a drastic CPU and/or performance impact on the router. Has anyone else run into this problem and discovered an elegant solution for it? Oli -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Anyone using Drones in network support?
A drone with a plug a cable in arm would be amazing as well. I eagerly await our drone army. On 26 June 2015 at 16:26, Lee H Badman lhbad...@syr.edu wrote: Hi Scot- I thought of that briefly, would probably come down to exec sponsorship and how it’s use was packaged/promoted. After I hit the “send” button, I realized a lot of different campus departments would probably have a use case if they thought about it. -Lee *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jon Scot Prunckle *Sent:* Friday, June 26, 2015 11:18 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Anyone using Drones in network support? Lee, - Long time listener, first time caller - I like where you're going with this. I doubt we'd get it past our legal department, but it would be a real timesaver...and a lot of fun. Sincerely, J. Scot Prunckle Network Engineer UITS Network and Operations Services University of Wisconsin-Milwaukee Office Mobile: (414) 416-9709 E-mail: prunc...@uwm.edu -- *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of Lee H Badman lhbad...@syr.edu *Sent:* Friday, June 26, 2015 10:11 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Anyone using Drones in network support? Yeah- I know it sounds a bit silly at first pass. At the same time… we have a lot of outside cameras and external AP antennas, along with a dozen wireless bridges. My first thought is physical inspection via high res photography/video from drones like the Phantom 3, whether it be for installed devices or survey work. Second use case- hovering outside of building to try to zero in on rogue signals (would be easy as pie on some buildings, impractical on others) with the right analysis device as a payload. And… it would be a lot of fun, so let’s just get that right out there. Has anyone gone down this road at all? I can’t be the only one with these silly thoughts rattling around in the noggin! -Lee Badman Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] ResHall Wireless
Why not just treat eduroam across the campus in this open way, ie don't restrict it (within reason). Oli On 11 March 2015 at 13:47, Hector J Rios hr...@lsu.edu wrote: I’m wondering how many of you treat the wireless in the ResHalls differently from the wireless on the rest of your campus. In terms of geography, we have 21 ResHalls that are in the perimeter of our campus. Some of these buildings are next to academic or administrative buildings. Eduroam is our main SSID. So, for the longest time it has only made sense to broadcast eduroam everywhere. Now, on the wired side of the house, our ResHalls have a dedicated connection that gives them direct, non-firewall access to the internet (for access to campus resources, a student must VPN). This came about as a request from the students to have more freedom in their residence. Makes sense. But wireless is different as it goes through our campus core, traverses our perimeter firewall, and goes out our main internet connection. I’ve struggled to find an alternative solution to this. We recognize that students in ResHalls are different in the sense that they pay for a place to live and should get an internet service that is similar to their home service. However, any alternatives that we have considered (separate SSID, dynamic VLAN assignment, user groups) just seem to complicate the setup. Any good ideas out there or creative ways in which you have tackled this challenge? Thanks, Hector Rios, CCNP, CCA Assistant Director, Network Engineering Dept. of Networking and Infrastructure Information Technology Services Louisiana State University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] AirWave with Cisco 8510s
I've had a number of issues getting Airwave to work with my wism2s, mostly fixed by tweaking settings in the AMP Setup tab. At the moment I have an ongoing issue where Airwave sees ~25% of my APs as down when they are not. Investigation continues! It will be interesting to see how long it takes for Airwave to officially support 8.0. On 26 February 2015 at 21:27, Williams, Matthew mwill...@kent.edu wrote: I'm working with Aruba TAC to figure it out, but we have a lab 8510 on 8.0.100 and that one won't come up in AirWave either. I'll update the thread once some headway is made. Respectfully, Matthew Williams IT Manager, Wireless Kent State University Office: (330) 672-7246 Mobile: (330) 469-0445 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John Sent: Thursday, February 26, 2015 1:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] AirWave with Cisco 8510s I certainly hope that it is supported by Airwave. We have been using Airwave for years and would like to continue if they will support current Cisco APs 7 controllers. We are planning to move from our WiSM2s to 8510 within a couple of months. I would certainly hate to have to abandon the airwave platform due to lack of support. And, I will also be moving up the from 7.6.120.0 to the latest 8 code about the same time. == -jcw From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Williams, Matthew [ mwill...@kent.edu] Sent: Thursday, February 26, 2015 9:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] AirWave with Cisco 8510s Is anyone using AirWave to monitor Cisco 8510 controllers? We're running a demo of AirWave, but it doesn't appear to like our 8510s running 7.6.130. I've been told anecdotally that it works just fine on 7.6, but we can't get it to behave. Thanks in advance for any insights. Respectfully, Matthew Williams IT Manager, Wireless Kent State University Office: (330) 672-7246 Mobile: (330) 469-0445 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WiSM-2 HA?
The VSS thing is very nebulous, there was an event the morning I was replacing a pair of wism2s (in order to return a loan pair - long story). This is still with TAC and I have not had an explanation of what happened yet. The symptoms were all HA wisms failing over to the secondary. Separately, While replacing the wism2s, I failed the loan pair to the secondary, then physically replaced the primary. Once I had applied the management IP to the new primary with an otherwise blank config, the secondary seemed to try and fail over and obviously failed. This caused a ~5 minute outage. There was no such behaviour when I replaced the secondary later. Oli On 6 February 2015 at 19:23, Joachim Tingvold joac...@tingvold.com wrote: On 5 Feb 2015, at 9:27, Oliver Elliott wrote: We have some strange issues with the 6500 VSS at the moment so that could relate. If the issues we've seen up to now have been caused by this VSS issue, 8.0.110 seems to have been good so far, still have an ongoing TAC case so we'll see what happens. You had the VSS-issue before you upgraded your WiSM2's to 8.x? What are the symptom(s)/issue(s)? I've got 6 WiSM2's waiting to be paired with their HA's. I heard about the ping-failover-issue with 7.6, and I've been holding off HA until I could upgrade to 8.x. We were on PI1.4 due to 7.6 due to 3702's, so had to wait for PI2.2 before we could upgrade to 8.x. Just finished upgrading to PI2.2, so 8.x and HA is next on our WiSM2 in the lab. -- Joachim ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Mixing ac AP types
Hi John We're doing something similar and haven't seen any issues, and don't expect to. We have a lecture theatre with 3702e APs, then 2702i APs in the foyer. We plan to then use 1702i APs for the sparesely populated areas. The only difference tends to be the number of radios, with the exception of the 1702i which uses software based cleanair with a limited feature-set. Oli On 6 February 2015 at 01:44, James Andrewartha jandrewar...@ccgs.wa.edu.au wrote: On 05/02/15 22:50, Cosgrove, John wrote: I am designing a new wireless placement for a 5 story building and I have been considering mixing 802.11ac AP types. Is the switching existing? If so, 802.3af vs at would also inform the decision. Meaning. Some Cisco 1702’s,2702’s and 3702’s. Placement depending on estimated client densities. Example. Conference rooms may have 3702’s yet open areas with less people population may have a 1702 or 2702. I'm not particularly familiar with the Cisco range, but http://www.cisco.com/c/en/us/td/docs/wireless/technology/apdeploy/8-0/Cisco_Aironet_3700AP.html (which covers [123][67]00[ei]) seems to have a pretty good feature comparison. Lee, note it says A single GbE cable is fine for Wave-1. While it is true 802.11ac (Wave-2) will exceed GbE speeds, there is no need or requirement for cabling greater then GbE for 802.11ac Wave-1. Installers wishing to future proof new installations should consider pulling CAT-6a cables at least 1 and either another CAT6a or a CAT5e cable (this allows you to fall back to 2 GbE ports) for some iterations of Wave-2 and/or support 10GbE should this emerge as the method. 10GbE has some challenges such as PoE standardization. Again, for the foreseeable future, a single GbE is all that is needed. Plus Cisco appear to have announced multi-gigabit switches for Q2: http://www.cisco.com/c/en/us/solutions/enterprise-networks/catalyst-multigigabit-switching/index.html I usually hear from people to “Keep it all consistent and the same” and I remember in the old days if you mixed “G” in with “b-only” ap’s often clients would grab the “G” and never let go no matter how bad the signal got. I am thinking if I at least keep things in the same “family” of technology it should work out. I don't think there would be a problem mixing AP types within the same technology, from the client point of view it'd just be another roaming decision. There is more information about how clients decide to roam now, eg http://support.apple.com/en-au/HT203068 and it seems to be mostly RSSI based. So if you account for the smaller coverage provided by the lower-end models (per the diagrams in the above Cisco document) then there shouldn't be any problems. See also http://community.arubanetworks.com/aruba/attachments/aruba/WLAN-Pro-Conf-EU-2014/1/1/WLANPro_EU_MobileDevices%20v1.0-airheads.pdf for more info on what handover is like now (thanks to powersaving) and how it should be in an ideal world with 802.11k. AP’s are a huge multiplier in a project cost and I was wondering if anyone else looked at approaching it this way. I have a similar challenge in that I'm going to be upgrading some of our n APs to ac this year. In terms of reducing cost, we have a fairly dense deployment and so I'm still wishing for APs with a single 802.11ac 5GHz radio since I turn off a fair few of my 2.4Ghz radios already, and my client base is 80% 5GHz. Since we're a K-12 1:1 iPad school, I can at least predict where the ac clients are going to be as we go through our 3 year refresh cycle. -- James Andrewartha Network Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco WiSM-2 HA?
Hi Danny We have had some issues with HA mode in the past running 7.4.110. ping to the gateway would routinely fail causing a failover, at one point both the primary and secondary failed at once causing an outage. At this point i disabled HA mode and waited for new software. When 7.6 came around I tried to upgrade. I had all kinds of issues with 7.6 unrelated to HA mode and didn't get to run it long enough to even try, having to revert to 7.4.121. I have recently completed upgrading all of them to 8.0.110 and enabling HA mode and this time things have worked out much better. We have since noticed a failed gateway ping on one of our HA pairs, but the new 8.0 logic means that does not cause a failover. We have some strange issues with the 6500 VSS at the moment so that could relate. If the issues we've seen up to now have been caused by this VSS issue, 8.0.110 seems to have been good so far, still have an ongoing TAC case so we'll see what happens. Oli On 4 February 2015 at 21:59, Danny Eaton dannyea...@rice.edu wrote: All, I’ve been working with TAC on issues with one of my two WiSM-2 HA clusters, and today they’ve finally asked me to break my HA, in order to test if the problem still happens – and/or replace the hardware itself. Obviously, I can’t break the HA, because they were ordered as such, and the licensing won’t work if I do. So, I’m running 7.6.130.0 right now. Is anyone else seeing any odd failovers on their WiSM-2’s in an HA cluster environment? Is anyone running the 8.0.110.0 code, and if so, have you had any negative experiences? Feel free to respond on, or off list. Respectfully, Danny Eaton Snr. Network Architect Networking, Telecommunications, Operations Rice University, IT Mudd Bldg, RM #205 Jones College Associate Office - 713-348-5233 Cellular - 832-247-7496 dannyea...@rice.edu Soli Deo Gloria Matt 18:4-6 G.K. Chesterton, “Christianity has not been tried and found wanting. It’s been found hard and left untried.” ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Senior Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 39 (41131) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Airwave Support for Cisco Devices
We've been trialing airwave 8 since Sep on our wism2s. We were planning on running a trial of PI 2.2 along side it, and looks like we now can. So far it's been mostly good on the wisms running 7.4, but we're having problems with stats on the pair running 8.0. It seems to be particularly apparent on 3702 Aps. The traffic reporting seems to be very intermittent, with a certain group sometimes having 400 clients but zero traffic. To be fair 8.0 is not yet officially supported by Airwave buy it is an odd behaviour. If the lag between new products being released and being supported is growing, that is a concern. So far I've been far from impressed by what I've seen of prime, but I'm hoping they've drastically improved it with 2.2. We'll see! Oli Oliver Elliott Senior Network Specialist Information Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) On 18 Dec 2014 00:43, Matt O'Brien mattobr...@boisestate.edu wrote: Seems to be a fresh install, restore backup and rehost license gig. We can jump and not commit on the vm side s! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....
I experienced multiple issues on 7.6.120, including controller crashes. I would suggest using either 7.6.130 (I have no experience with this) or preferably 8.0. We have reverted to 7.4.121 on the production wisms to keep service going, and have just set up a separate pair on 8.0 to support new x700 series APs. Oli On 4 September 2014 13:53, Cosgrove, John jcosgr...@hmc.psu.edu wrote: I am testing 7.6.120.0 on a 5508 test controller with only 8 AP’s. Have noticed AP’s crashing periodically. I did notice my FUS was not up to level on this unit so I will be upgrading that before loading up 7.6.130.0. Looking and comparing release notes has convinced me to focus my attention on the 130 version as there seems to be a lot more fixes rolled up in that one. John Cosgrove Wireless Staff Specialist Penn State Hershey Medical Center *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Danny Eaton *Sent:* Wednesday, September 03, 2014 7:34 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] WiSM-2 and 7.6.120.0 Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) until this past two weeks. We had “something” happen on Friday. We did do a “therapeutic reboot” on Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it repeated. While investigating, we discovered the primary in one of the clusters apparently failed and went into maintenance mode. However, the active “secondary” still showed standby hot, so we did a failover – which caused an outage (uh oh). While consoled in, we got the maintenance moded primary back up, and was bringing the secondary back up, when we found this: pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for size(2048), failureType = (4) this entry's previous access was by: file(capwap_ac_sm.c), line(7393) (pmallocProcessMemoryCorruption): pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION) (pmallocProcessMemoryCorruption): thread ID(349256224) (pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = (349256224)) (pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c) (pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c) pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for size(2048), failureType = (4) this entry's previous access was by: file(capwap_ac_sm.c), line(7393) (pmallocProcessMemoryCorruption): pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION) (pmallocProcessMemoryCorruption): thread ID(349256224) (pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = (349256224)) (pmallocProcessMemoryCorruption): current access file name(rrmSocket_wlc.c) (pmallocProcessMemoryCorruption): previous-access file name(capwap_ac_sm.c) Dumping a core. This can take a few minutes... Controller crashed Queue Woken up jiffies = 4295262648 Obviously, that is bad (and yes, we’re opening a TAC case). tl;dr Has anyone else seen oddities with crashes on 7.6.120.0, and if so, did you upgrade? To 7.6.130.0, or 8.0.100.0? I’m running 8.0.100.0 in the lab, but light load. (which is what we did on 7.6.120.0 since May)… Thoughts? Opinions? Respectfully, Danny Eaton Snr. Network Architect Networking, Telecommunications, Operations Rice University, IT Mudd Bldg, RM #205 Jones College Associate Office - 713-348-5233 Cellular - 832-247-7496 dannyea...@rice.edu Soli Deo Gloria Matt 18:4-6 G.K. Chesterton, “Christianity has not been tried and found wanting. It’s been found hard and left untried.” ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco 8.0 code released
Now who's feeling brave enough to run this on production wism2s?! Oli On 18 August 2014 13:18, Trent Hurt trent.h...@louisville.edu wrote: http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Replacing ageing APs
I would like to be able to take this approach, but the current distribution of several age of AP in each building is going to make it tricky. The way I see see it, given our starting point, the best plan is as follows: 1. Replace the existing 1131s (Annoying due to the different mounting). 2. Move towards homogeneous, properly surveyed installs per building. 3. Start a regular replacement programme based on AP model, and hopefully given step 2, by building. This allows us to partition off whole buildings if we ever get to a point where we cannot support both the oldest and newest APs at once. Thankfully any new building that has come online in the past few years has been done this way, we just need to sort out the hundreds of other buildings to match! Oli On 7 August 2014 22:19, Jeffrey Sessler j...@scrippscollege.edu wrote: We have an established life-cycle for all of our technology, and for wireless, it's every five years. This year we are bulk-replacing all of our 1252 and 1142 n APs for the 3700 series ac models. I tend to favor bulk-replacement since it's much easier to support a single model of AP vs seven different models. Jeff On Thursday, August 07, 2014 at 1:00 AM, in message cadbpxnzqnr5srr5rpzgpvsj1ni5w+vtsxxfsoxv2543192h...@mail.gmail.com, Oliver Elliott oliver.elli...@bristol.ac.uk wrote: Hi all I've been looking into EOLs and end of software support for some of our older APs and was wondering what other institutions do to keep their estate up to date. Up to now we've had very sparse funding for wireless as it was always viewed as an add on service. A recent outage (caused by buggy 7.6.120 code) has shown just how important Wifi has become. Up to now APs have been largely installed on an ad-hoc basis with funding from departments or projects but this doesn't tend to account for EOL replacement. We're looking to apply for a formal replacement project based on either rolling yearly replacement budget or a big bang approach every few years. So, how do you guys handle this problem? Oli -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Replacing ageing APs
Hi all I've been looking into EOLs and end of software support for some of our older APs and was wondering what other institutions do to keep their estate up to date. Up to now we've had very sparse funding for wireless as it was always viewed as an add on service. A recent outage (caused by buggy 7.6.120 code) has shown just how important Wifi has become. Up to now APs have been largely installed on an ad-hoc basis with funding from departments or projects but this doesn't tend to account for EOL replacement. We're looking to apply for a formal replacement project based on either rolling yearly replacement budget or a big bang approach every few years. So, how do you guys handle this problem? Oli -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco Controller Code
I had a hell of a time upgrading from 7.4.110 to 7.6.120 on WiSM2s: 1. Crashing due to web auth, resolved in 7.6.122.6 (aka MR3). 2. Any newly provisioned AP would have its radios immediately disabled, the only apparent workaround was to manually shut/no shut the radio interfaces on the AP itself. 3. A certain mix of non-cisco PoE cable length caused APs to only request 5W of power and leave their radios disabled, taking out large sections of wireless coverage. To top it all, when I reverted to 7.4.121 after 36 hours of the above, the entire campus radios were disabled in a similar way to fault 2. above, eventually resolved this though. We'll be waiting for 8.0 now to support our [23]700s, and even then only after it's been released for a few months. Getting a bit fed up of beta testing Ciscos WLC code on our production network. Oli On 1 August 2014 01:19, Jason Cook jason.c...@adelaide.edu.au wrote: As a few others have mentioned, if you are running webauth get a recommended MR from TAC otherwise you’ll get crashes This seems a somewhat reasonable page as well. https://supportforums.cisco.com/document/7721/wireless-lan-alerts We had 3 AP’s fail upon pre-download of the image(came from 7.5), so yes they died during pre-download not during the actual upgrade. 1 came back but 2 now need replacement. Seems the same as what Kitri mentioned but our attempts to recover didn’t work so well. We followed a different process though. Had to reboot our 3602i AP’s with 11ac modules a second time after upgrade from 120.0 to the MR 122.6 release as 11ac clients couldn’t get DHCP. So if you ignore controller crashes, AP failures and extra AP reboots … it’s been smooth…….. There’s also a field upgrade image to go with the 7.6 code Yes we’ll follow the amen to a good stable code. They promise a lot for code 8 but I won’t hold my breathe yet. -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Kitri Waterman *Sent:* Friday, 1 August 2014 2:17 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Cisco Controller Code We've run into an issue with some older APs (3500 and below) where they've gotten stuck trying to predownload a new image. The solution was deleting the recovery image from the AP and then initiating the predownload again. And another amen to the frustration with finding good stable code! Kitri Waterman - University of Oregon On 7/31/14, 7:47 AM, Tom Klimek wrote: We need to upgrade our 5508 controller code to support the 2702i AP's(Currently at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience with this version ? Any issues? recommendations? Thanks, Tom Klimek University of Notre Dame ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Cisco Controller Code
The other thing I should mention is that I was unable to predownload directly from 7.4.110 to 7.6.120, they would all fail. I had to upgrade to intermediate version 7.4.121 to enable predownloading to work. Oli On 1 August 2014 09:47, Oliver Elliott oliver.elli...@bristol.ac.uk wrote: I had a hell of a time upgrading from 7.4.110 to 7.6.120 on WiSM2s: 1. Crashing due to web auth, resolved in 7.6.122.6 (aka MR3). 2. Any newly provisioned AP would have its radios immediately disabled, the only apparent workaround was to manually shut/no shut the radio interfaces on the AP itself. 3. A certain mix of non-cisco PoE cable length caused APs to only request 5W of power and leave their radios disabled, taking out large sections of wireless coverage. To top it all, when I reverted to 7.4.121 after 36 hours of the above, the entire campus radios were disabled in a similar way to fault 2. above, eventually resolved this though. We'll be waiting for 8.0 now to support our [23]700s, and even then only after it's been released for a few months. Getting a bit fed up of beta testing Ciscos WLC code on our production network. Oli On 1 August 2014 01:19, Jason Cook jason.c...@adelaide.edu.au wrote: As a few others have mentioned, if you are running webauth get a recommended MR from TAC otherwise you’ll get crashes This seems a somewhat reasonable page as well. https://supportforums.cisco.com/document/7721/wireless-lan-alerts We had 3 AP’s fail upon pre-download of the image(came from 7.5), so yes they died during pre-download not during the actual upgrade. 1 came back but 2 now need replacement. Seems the same as what Kitri mentioned but our attempts to recover didn’t work so well. We followed a different process though. Had to reboot our 3602i AP’s with 11ac modules a second time after upgrade from 120.0 to the MR 122.6 release as 11ac clients couldn’t get DHCP. So if you ignore controller crashes, AP failures and extra AP reboots … it’s been smooth…….. There’s also a field upgrade image to go with the 7.6 code Yes we’ll follow the amen to a good stable code. They promise a lot for code 8 but I won’t hold my breathe yet. -- Jason Cook The University of Adelaide, AUSTRALIA 5005 Ph: +61 8 8313 4800 e-mail: jason.c...@adelaide.edu.aumailto:jason.c...@adelaide.edu.au *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Kitri Waterman *Sent:* Friday, 1 August 2014 2:17 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Cisco Controller Code We've run into an issue with some older APs (3500 and below) where they've gotten stuck trying to predownload a new image. The solution was deleting the recovery image from the AP and then initiating the predownload again. And another amen to the frustration with finding good stable code! Kitri Waterman - University of Oregon On 7/31/14, 7:47 AM, Tom Klimek wrote: We need to upgrade our 5508 controller code to support the 2702i AP's(Currently at 7.3.101.0). We have a lot of 2600, 3500 series AP's and some legacy 1142 and 1131's. We are thinking about moving to 7.6.120.0. Has anyone had experience with this version ? Any issues? recommendations? Thanks, Tom Klimek University of Notre Dame ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) -- Oliver Elliott Network Specialist IT Services University of Bristol e: oliver.elli...@bristol.ac.uk t: 0117 92 (87861) ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.