FW: OIT Job Opening: Network Engineer

2021-09-22 Thread Price, Jamie G
To be fair, this is more of a network job (not Wireless), but I thought I would 
share with this group.

Cheers-
Jamie



University of Colorado Denver l Anschutz Medical Campus

Office of Information Technology

Network Engineer

Position #653038 - Requisition #22886

The Office of Information Technology has an opening for a full-time University 
Staff (unclassified) Network Engineer position.

Nature of Work

This position will be responsible for a variety of day-to-day tasks such as 
setting up, developing and maintaining computer networks, designing and 
implementing new network solutions and/or improving the efficiency of current 
networks, including moves, adds and changes of any network connection (wired or 
wireless); implementation, organization and identification, analysis, and 
problem solving associated with any network connections; installation, 
configuring and maintaining of network monitoring hardware and software; 
manages and installs network equipment, switches, and routers, analyzes traffic 
and suggests improvements. This position primarily requires to be on-site at 
our Denver Campus with occasional on-site at our Anschutz Medical Campus.  Some 
remote work may be allowed depending on task/duties for that day.

Jobs in this career family develop, maintain, and support computer systems, 
software and networks.  Functions include enterprise operations, distributed 
computing, academic computing, research computing, computer hardware and 
software management, computer networking, telecommunications, systems 
development, database administration, server administration, website 
management, programming, desktop support, and help desk operations.

Professionals at the intermediate level are responsible for exercising 
discretion, analytical skill, personal accountability and responsibility in a 
wide range of areas including academic, administrative, managerial and student 
services functions. Work involves creating, integrating, applying and sharing 
knowledge directly related to a professional field.

At the intermediate level, duties may be more limited in scope and are 
performed with guidance and direction from other professionals.

Examples of Work Performed

  *   This position will work as a network administrator focusing on remote 
locations and the Denver campus
  *   Installs, configures and supports network equipment including routers, 
proxy servers, switches, WAN accelerators, DNS and DHCP
  *   Responsible for delivery of tasks in accordance with accepted project 
plans
  *   Troubleshoots, diagnoses and resolves software, hardware, and other 
network and system problems
  *   Communicates with other departments to report and resolve software, 
hardware, and operations problems
  *   Establishes and maintains network users, user environment, access lists, 
and security
  *   Responsible for remote office support
  *   Responsible for support of remote users
  *   Works with IT Group to design and implement network topologies
  *   Maintains circuit documentation
  *   Data networking layer 2 and layer 3 support
  *   Investigates faults in the network
  *   Updates network equipment to the latest firmware releases.
  *   Reports network status to key stakeholders
  *   Escalates issues to vendors and management
  *   Takes a proactive approach to mentoring other staff members
  *   Special projects as assigned

Salary and Benefits:

The salary range for this position has been established at $54,095 to $80,000 
and is commensurate with skills and experience.  This position is not eligible 
for overtime.

The salary of the finalist(s) selected for this role will be set based on a 
variety of factors, including but not limited to, internal equity, experience, 
education, specialty and training.

The above salary range (or hiring range) represents the University's good faith 
and reasonable estimate of the range of possible compensation at the time of 
posting.

Your total compensation goes beyond the number on your paycheck. The University 
of Colorado provides generous leave, health plans and retirement contributions 
that add to your bottom line.

Benefits: https://www.cu.edu/employee-services/benefits

Total Compensation Calculator: http://www.cu.edu/node/153125

Diversity and Equity:

The University will provide reasonable accommodations to applicants with 
disabilities throughout the employment application process. To request an 
accommodation pursuant to the Americans with Disabilities Act, please contact 
the Human Resources ADA Coordinator at 
hr.adacoordina...@ucdenver.edu.

The University of Colorado Denver | Anschutz Medical Campus is committed to 
recruiting and supporting a diverse student body, faculty and administrative 
staff. The university strives to promote a culture of inclusiveness, respect, 
communication and understanding. We encourage applications from women, ethnic 
minorities, persons with disabilities and all vete

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Price, Jamie G
Anyone have a book or reading recommendations on this topic?

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Elton, Norman N
Sent: Monday, August 9, 2021 6:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

[External Email - Use Caution]
>> Technically, you're not even supposed to use the certificates issued from a 
>> public CA for EAP as it's a violation of multiple policies.

I'm curious what those are. I thought it was fairly standard practice to use 
publicly-signed certificates on the server side, with privately-signed 
certificates on the clients.

Thanks!

Norman

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
Date: Monday, August 9, 2021 at 8:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root
EAP server certs from a PKI you (or a partner like SecureW2) control are the 
best practice.

Technically, you're not even supposed to use the certificates issued from a 
public CA for EAP as it's a violation of multiple policies.

Tim



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Elton, Norman N mailto:wne...@wm.edu>>
Sent: Monday, August 9, 2021 8:18:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

You don't often get email from wne...@wm.edu. Learn why 
this is important

To piggyback on Jonathan's question ... he mentions moving the server-side 
certificates to a private CA. Is this common? We're using SecureW2 to configure 
an EAP-TLS deployment, so it should be trivial to configure the client to trust 
our private CA.



We currently configure clients to trust server certificates coming from 
InCommon. I've had a long-simmering concern that if, for whatever reason, we 
can't use InCommon one day ... that means we have to reconfigure all our 
cliients. One solution, of course, is to trust multiple root public CAs. I 
suppose an alternative is to move to a private CA on the server-side.



Thanks!



Norman





Norman Elton

Director

W&M IT Infrastructure

wne...@wm.edu / 757-221-7790







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Tim Cappalli 
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
Date: Monday, August 9, 2021 at 8:03 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

You should never use different EAP server certificates across a RADIUS cluster. 
Use the same cert across all nodes (in this case take the other cert with the 
longest expiry and upload it to all the nodes in the CPPM cluster)







From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Jonathan Miller mailto:jmill...@fandm.edu>>
Sent: Monday, August 9, 2021 7:32:19 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root



You don't often get email from jmill...@fandm.edu. 
Learn why this is important

We are currently using publicly signed certificates for our eduroam access on a 
cluster of 2 ClearPass servers.



We are in a situation where one of our certs will be expiring in October of 
this year, while the other is good until June of next year.



The certificate are issued through InCommon, and when I renewed our expiring 
certificate, I noticed that it is showing that is has a root of Sectigo, where 
it was previously Comodo.  The certificate that is not expiring has a root CA 
of Comodo.



This leads me to the following questions:

1.  Is it advisable to run certificates with different Root CAs on different 
members of our ClearPass cluster?  Would we expect to see client issues?

2.  If it's not a problem to do this, can I simply add the Root CA for Sectigo 
to our eduroam CAT configuration, or is there only one Root CA allowed?



Any other advice is appreciated.  I understand that most institutions are 
moving to

RE: [WIRELESS-LAN] Wireless Segmentation and NAC

2021-02-02 Thread Price, Jamie G
Take this for what it’s worth, use/copy/plagiarize or tell me how I could state 
things better. Really trying to explain why home networks are not Enterprise 
networks.

We have a home-like network with Meraki and their partner Splash for dorms. 
There’s more we want to do- but it’s a start.
We were also working on this angle for Mist, but other than a story over vodka, 
we went the Meraki direction. And it’s working pretty well, and we will go 
through iterations. The goal is flexibility across campuses, and not just dorms.

I agree with Lee, you can say no- with a kind explanation.



New Connectivity and Wi-Fi Flexibility in The CU Denver Dorms
Residents can now connect their Alexa & Their Game Console, too.

Wait- What, we have dorms, and they can connect devices to the network like 
Alexa?
CU Denver is in the Dorm Business. The Office of Information Technology (OIT) 
took over the wired network and Wi-Fi from an existing 3rd party provider. This 
meant replacing switches and wireless access points. The dorms now have the new 
Cisco Meraki Wi-Fi platform.

Why Can’t I Have My Alexa or other smart device?
If you live in the dorms, now you can. Nearly everybody has experienced the 
issue of “This Wi-Fi is an Enterprise Network - take your Alexa home” in one 
manner or another. The fundamental issue is how wireless security is 
implemented in home networks vs. Enterprise networks.

On a typical home wireless network, one router/modem operates, and a single 
master password is used by devices wanting to connect. It is also desired that 
these home devices can communicate with each other on this shared network. This 
home network method of password use (known as Pre-Shared Key, or “PSK”) is not 
scalable. Enterprise networks support hundreds and thousands of unique devices, 
and more robust security and authentication methods are required to 
specifically handle Enterprise needs.

·  For Enterprise networks, a device must be able to support a security 
method called WPA2-Enterprise in order to join

·  Most manufacturer’s home devices (such as Alexas, HomePods, or smart 
bulbs) only support PSK as a security method (and they cannot join Enterprise 
networks which require WPA2-Enterprise).

·  Most computers and phones support both WPA2-Enterprise and PSK (allowing 
you to connect to both PSK networks or WPA2-Enterprise networks).


Again- Why Can Dorms have Alexa- but I can’t?

The Office in Information Technology (OIT) created a new Wi-Fi network called 
“ResNet” for the dorms—a new network that gives the look and feel of a home 
wireless network. We partnered with Cisco and a third-party middleware called 
“Splash” that assists with home functionality and onboarding of home devices 
onto this new wireless network. Residents can have their Alexa and their 
Playstation, too. They will continue to have the ability to connect to the 
regular Enterprise grade campus networks, as well as the new ResNet network 
made specifically to allow home-like use.
Can We Push ResNet Across the rest of the CU Denver/Anschutz Network?

It is the desire of OIT to make the network (Wi-Fi and cable) as flexible as 
possible. Our job is providing connectivity. The first step is to upgrade to 
the new Cisco Meraki Wi-Fi platform. This platform was chosen for its 
futuristic capabilities with third-party software designers. COVID has 
considerably slowed down the ability to engage funding. However, we continue to 
work to secure funding to increase flexibility and connectivity of the Wi-Fi 
networks. The dorms are a great first-step in the right direction.

Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Tuesday, February 2, 2021 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Segmentation and NAC

All I would say here is that networks are not obligated to accommodate every 
half-baked, livin-in-1988 device that comes along, either. You can say no to 
the worst offenders, and also work with device manufacturers on occasion to 
help them drag their stuff into this century rather than risk non-acceptance on 
campus.

Not to take anything away from David’s good points.
Lee Badman (mobile)


On Feb 2, 2021, at 11:17 AM, David Logan 
mailto:tarheeldav...@gmail.com>> wrote:

One more consideration for network design (especially L2, L3) and policy 
enforcement architecture, somewhat relevant in this "segment the network?  And 
how?" portion of this thread:  the __performance effects/consequences__ of 
consumer IoT tech operating in the Enterprise setting (what I call BYOT).

Here's a couple of examples:

All BYOT uses a combination of Bcast and Mcast for ease of installation, peer 
product discovery and display/print/communications sharing use cases.   Flatter 
networks with no Bcast/Mcast controls in place will prop

RE: [WIRELESS-LAN] Clover Flex - eduroam

2020-12-10 Thread Price, Jamie G
Hi Aaron,

Reach out to me directly and I'll chat with you about our experience.

Best,
Jamie

"Two Access Points in (the) same area with CCI, have the capacity of one." 
-Keith Parsons 
In other words, two APs in the same area, same channel- have the capacity of 
one.

Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus 
jamie.pr...@cuanschutz.edu
www.cuanschutz.edu 

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Aaron Brunck
Sent: Wednesday, December 9, 2020 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Clover Flex - eduroam

Hello, We are attempting to install a Clover Flex credit card reader on our 
eduroam network but we have been running into issues.  The Clover Flex is 
locked down and will not allow us to install a web browsing app which would 
allow us to install the required certs for our eduroam environment.  
Investigated installing the signed root certificate but did not see a way to do 
this over a wireless hotspot connection.  We have also tried to authenticate 
the Clover Flex with anonymous credentials but it is still unhappy.
Has anyone been able to successfully configure one of these devices for an 
eduroam network? 

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


[WIRELESS-LAN] Request for best Rogue Containment Tools, workflow process & polices

2020-11-21 Thread Price, Jamie G
Message was discarded by filter '\Newsletters\as17_NEWSLETTERS\updates\Normal' 
on line 78

Envelope (RCP file content):
Message-ID: b0114165...@smtp.cranbrook.edu
Return-path: owner-wireless-...@listserv.educause.edu
Received-From-MTA: listserver.educause.edu (unverified [40.122.144.30])
Arrival-Date: 1603384249 (Thu, 22 Oct 2020 12:30:49 -0400)
Origin-IP: 40.122.144.30
X-Modus-BlackList: 40.122.144.30=OK;owner-wireless-...@listserv.educause.edu=OK
X-Modus-RBL: 40.122.144.30=OK
X-Modus-Trusted: 40.122.144.30=NO
X-CustID: 15491
X-Modus-BuildNumber: 6.4.298.22009
DomainKey-Status: 0
Resolved-Return-path: owner-wireless-...@listserv.educause.edu
X-Modus-BATV: OFF
X-Modus-SRSRBL: OK
X-Sender-Origin: EXTERNAL
Header-From: jamie.pr...@cuanschutz.edu

Recipient: jroo...@cranbrook.edu
Original-Address: jroo...@cranbrook.edu
Dsn-Original-Recipient: rfc822;jroo...@cranbrook.edu
Local-Status: Incoming


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
--- Begin Message ---
Hello Wi-Fi World,

Looking for suggestions on:
-Great Rogue tracking tools (I've heard this will get easier once we move to a 
cloud vendor platform)
-Workflows for Rogue hunting
-Any policies you would be willing to share

Thank you all,
Jamie



Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
www.cuanschutz.edu


[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 



What causes bad Wi-Fi?
The plug-and-play auto-optimizations marketed by your favorite Access Point 
(AP) manufacturers aren't all the same. The complexities of an increased shift 
in demand overnight due to a software update, latency-sensitive services like 
voice over Wi-Fi, and real-time location services turn a simple plug-and-play 
solution into a custom deployment that needs proper planning and regular 
maintenance. Bad Wi-Fi can be a result of insufficient coverage, but it can 
also be caused by a range of improper settings and external interferers that 
APs alone may not be able to detect.
Coverage and Capacity - If your network doesn't meet the minimum requirements 
for coverage and capacity, the devices on your network will not be able to 
perform the necessary applications.
Channel Overlap - Channel overlap can wreak havoc on your network. 
Interferences from neighboring APs and networks will cause bad Wi-Fi.
Interference - Both Wi-Fi and non Wi-Fi signals can cause interferences on your 
network. Wireless cameras, microphones, or even microwaves can cause a 
disruption on your network.
https://www.ekahau.com/blog/request-for-sidekick/?utm_campaign=2020.07.GL.EM.Sidekick%20Campaign&utm_source=email&utm_term=Sidekick%20blog%20%26%20approval%20letter&utm_content=2020.07.GL.EM%20Sidekick%20Campaign









**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
--- End Message ---


Request for best Rogue Containment Tools, workflow process & polices

2020-10-22 Thread Price, Jamie G
Hello Wi-Fi World,

Looking for suggestions on:
-Great Rogue tracking tools (I've heard this will get easier once we move to a 
cloud vendor platform)
-Workflows for Rogue hunting
-Any policies you would be willing to share

Thank you all,
Jamie



Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
www.cuanschutz.edu


[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 



What causes bad Wi-Fi?
The plug-and-play auto-optimizations marketed by your favorite Access Point 
(AP) manufacturers aren't all the same. The complexities of an increased shift 
in demand overnight due to a software update, latency-sensitive services like 
voice over Wi-Fi, and real-time location services turn a simple plug-and-play 
solution into a custom deployment that needs proper planning and regular 
maintenance. Bad Wi-Fi can be a result of insufficient coverage, but it can 
also be caused by a range of improper settings and external interferers that 
APs alone may not be able to detect.
Coverage and Capacity - If your network doesn't meet the minimum requirements 
for coverage and capacity, the devices on your network will not be able to 
perform the necessary applications.
Channel Overlap - Channel overlap can wreak havoc on your network. 
Interferences from neighboring APs and networks will cause bad Wi-Fi.
Interference - Both Wi-Fi and non Wi-Fi signals can cause interferences on your 
network. Wireless cameras, microphones, or even microwaves can cause a 
disruption on your network.
https://www.ekahau.com/blog/request-for-sidekick/?utm_campaign=2020.07.GL.EM.Sidekick%20Campaign&utm_source=email&utm_term=Sidekick%20blog%20%26%20approval%20letter&utm_content=2020.07.GL.EM%20Sidekick%20Campaign









**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on CA certificates

2020-09-11 Thread Price, Jamie G
On our Cisco controllers, I see some devices "connected" and they should be 
issued a DHCP address in this network. They are not getting an IP address 
(0.0.0.0). Is this a symptom they are not passing with the cert? Thus failing 
802.1x?

Thank you

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Higgins, Benjamin J
Sent: Friday, September 11, 2020 7:19 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Article: Android 11 
tightens restrictions on CA certificates

Can confirm that this "feature" has prevented SecureW2 from onboarding Android 
11 devices to our network.  While the app appears to *deliver* the certificates 
- they are in the drop down when you edit the WiFi Profile - if you attempt to 
connect to the network is sits and spins.  If you edit the profile again, you 
will find that the SecureW2 delivered certificate is no longer in the drop down 
list.  Only "Use system certificates" or "Do not validate" is there...

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Jonathan Waldrep
Sent: Friday, September 11, 2020 8:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [EXT] Re: [WIRELESS-LAN] Article: Android 11 tightens restrictions on 
CA certificates

On 2020-09-10 22:19:21, Johnson, Christopher wrote:
> This popped up in my news feed, that's going to affect the user experience 
> even more for onboarding apps for those with private CAs I'd imagine.
> 
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhttptoolkit.tech%2Fblog%2Fandroid-11-trust-ca-certificates&data=02%7C01%7Cbjhiggins%40WPI.EDU%7C5ac7d0e54c9043231cc208d8564faaa5%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637354247483916966&sdata=OLv50t%2FT%2Fjj9eK1Dhj05DgE2YspIyuAKrdT5HIbpQs8%3D&reserved=0
> 
> "In Android 11, to install a CA certificate, users need to manually:
> 
>   *   Open settings
>   *   Go to 'Security'
>   *   Go to 'Encryption & Credentials'
>   *   Go to 'Install from storage'
>   *   Select 'CA Certificate' from the list of types available
>   *   Accept a large scary warning
>   *   Browse to the certificate file on the device and open it
>   *   Confirm the certificate install
> 
> Applications and automation tools can send you to the general 'Security' 
> settings page, but no further: from there the user must go alone (fiddly if 
> not impossible with test automation tools)

tldr: I don't think this impacts certificates installed for Wi-Fi networks. 
They are handled differently. I would like someone who has experience with 
actually writing an on-boarding app to chime in, though.

Longer dive:
It is worth noting that when you manually install a CA in Android, it asks if 
you want to install it for "VPN and apps" or "Wi-Fi" (at least on Android 9, 
which is what I'm on). This indicates there is something different on the back 
end.

>From the article, it seems to stem from Google locking down the 
>KeyChain.createInstallIntent() API method [1] in the android.security package. 
>Ultimately what we are after is setting up a wireless profile. How does that 
>work? Well, there is an android.net.wifi package [2]. Let's look there.

There is a WifiConfiguration class, but there is a note that it was deprecated 
in API level 29 (Android 10), and to use WifiNetworkSpecifier.Builder instead 
[3]. The article is specifically about Android 11, so we don't care about older 
versions.

In the WifiNetworkSpecifier.Builder class, there is a public method 
setWpa2EnterpriseConfig(WifiEnterpriseConfig enterpriseConfig). So we need a 
WifiEnterpriseConfig class [4].

The WifiEnterpriseConfig class has a method setCaCertificate(X509Certificate 
cert) [5] which, as you may have guessed, is used to "Specify a X.509 
certificate that identifies the server." This takes an X509Certificate class, 
which is part of the java.security.cert package. We should be able to provide 
that irrespective of what Android does.

That is all good in theory, but what does an actual onboarding app do? The only 
open source one I'm aware of is eduroamCAT [6]. It seems to have issues with 
Android 10 [7], so it may not be the best example, but it's what I can find. A 
quick grep of the repository for "createInstallIntent" returns no hits. That's 
a good sign. Similarly, a grep for "setCaCertificate" has a hit in 
src/uk/ac/swansea/eduroamcat/WifiConfigAPI18.java. So it looks like eduroamCAT 
needs updated for API level 29, but it doesn't use the problematic method from 
the article (which was added in API level 14).

[1] 
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.android.com%2Freference%2Fandroid%2Fsecurity%2FKeyChain%23createInstallIntent&data=02%7C01%7Cbjhiggins%40WPI.EDU%7C5ac7d0e54c9043231cc208d8564faaa5%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637354247483916966&sdata=rX0467d89iKWgBXyy05YvtLHWjeGdXayJWCpG25DQug%3D&reserved=0()
[2] 
https://n

DNA Spaces & Wi-Fi

2020-09-09 Thread Price, Jamie G
Anyone dive into DNA for Wi-Fi?

Has it helped with your business challenges?

Thanks in advance,
Jamie


Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
1945 N Wheeling Street, MailStop F408, Aurora CO, US  80045
jamie.pr...@cuanschutz.edu
www.cuanschutz.edu


[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 



What causes bad Wi-Fi?
The plug-and-play auto-optimizations marketed by your favorite Access Point 
(AP) manufacturers aren't all the same. The complexities of an increased shift 
in demand overnight due to a software update, latency-sensitive services like 
voice over Wi-Fi, and real-time location services turn a simple plug-and-play 
solution into a custom deployment that needs proper planning and regular 
maintenance. Bad Wi-Fi can be a result of insufficient coverage, but it can 
also be caused by a range of improper settings and external interferers that 
APs alone may not be able to detect.
Coverage and Capacity - If your network doesn't meet the minimum requirements 
for coverage and capacity, the devices on your network will not be able to 
perform the necessary applications.
Channel Overlap - Channel overlap can wreak havoc on your network. 
Interferences from neighboring APs and networks will cause bad Wi-Fi.
Interference - Both Wi-Fi and non Wi-Fi signals can cause interferences on your 
network. Wireless cameras, microphones, or even microwaves can cause a 
disruption on your network.
https://www.ekahau.com/blog/request-for-sidekick/?utm_campaign=2020.07.GL.EM.Sidekick%20Campaign&utm_source=email&utm_term=Sidekick%20blog%20%26%20approval%20letter&utm_content=2020.07.GL.EM%20Sidekick%20Campaign









**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


IoT and Wireless

2020-08-24 Thread Price, Jamie G
Team,

Hi, I wanted to query the group and ask what IoT means to you and your position 
and school.

I have some ideas, but if you wouldn’t mind a list of 5-10, general statements 
on your vision of IoT, or initiatives you’re currently working on or thinking 
of- would love to hear them.

For instance, we now have COVID check-in stations. Wi-Fi must go where it never 
has been before for personnel, student and client intake forms.

Anyone integrating their lighting?
Anyone implementing wayfinding?


  *   What should a person in my position be doing/considering, if they aren’t? 
Totally boss me. 😉

Thanks,
Jamie


Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
jamie.pr...@cuanschutz.edu
www.cuanschutz.edu


[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 



What causes bad Wi-Fi?
The plug-and-play auto-optimizations marketed by your favorite Access Point 
(AP) manufacturers aren’t all the same. The complexities of an increased shift 
in demand overnight due to a software update, latency-sensitive services like 
voice over Wi-Fi, and real-time location services turn a simple plug-and-play 
solution into a custom deployment that needs proper planning and regular 
maintenance. Bad Wi-Fi can be a result of insufficient coverage, but it can 
also be caused by a range of improper settings and external interferers that 
APs alone may not be able to detect.
Coverage and Capacity – If your network doesn’t meet the minimum requirements 
for coverage and capacity, the devices on your network will not be able to 
perform the necessary applications.
Channel Overlap – Channel overlap can wreak havoc on your network. 
Interferences from neighboring APs and networks will cause bad Wi-Fi.
Interference – Both Wi-Fi and non Wi-Fi signals can cause interferences on your 
network. Wireless cameras, microphones, or even microwaves can cause a 
disruption on your network.
https://www.ekahau.com/blog/request-for-sidekick/?utm_campaign=2020.07.GL.EM.Sidekick%20Campaign&utm_source=email&utm_term=Sidekick%20blog%20%26%20approval%20letter&utm_content=2020.07.GL.EM%20Sidekick%20Campaign









**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


RE: [WIRELESS-LAN] Meraki at large universities

2020-05-12 Thread Price, Jamie G
Lee- or anyone 😊

Have you dug much into the APIs and any automation? I found that for our stuff, 
the GUI is more practical at this time. I have not dug into code yet on GETHUB.

Thanks,
Jamie

Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus



-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Lee H Badman
Sent: Tuesday, May 12, 2020 8:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Meraki at large universities

Throwing my .02 in. We have long used Meraki as our branch Wi-Fi solution in 
around 10 sites, and in recent years full-stack branch networking. We use 
802.1X-based auth, guest Wi-Fi, pretty much everything. We have as many as 35 
APs in a single building/complex, and as many as 4 APs in a bigger conference 
space. Our reliability has been generally superb, with the rare exception every 
couple of years.

No complaints.

-Lee Badman


-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Angelo Santabarbara
Sent: Tuesday, May 12, 2020 9:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Meraki at large universities

Take this with a grain of salt as perhaps they've solved some of their problems 
we experienced with our deployment about 5 years ago.  We switched from Cisco 
to Meraki in 2013.  We had about half the campus (~450 AP's) moved over when we 
stopped the process in 2015 due to poor performance and poor client roaming.  
We did a lot of troubleshooting with them, but in our dorm environments it just 
worked very poorly.  We also had strange network behaviors elsewhere on campus 
especially after certain firmware updates that we had to have Meraki roll back. 
Also settings set in the dashboard often didn't take immediate effect so plan 
on setting, waiting a little bit, and then testing.  We do use FortiNAC (aka 
Bradford Network Sentry), but that wasn't the problem.  Ultimately we moved to 
Ruckus and ripped all the Meraki back out and have been very happy with that 
solution.  Meraki does have a nice dashboard, but some configuration is not 
possible without contacting Meraki directly.

Angelo D. Santabarbara
Director Networks & Systems | Siena College
518-782-6996

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


Meraki APIs and Postman

2020-04-14 Thread Price, Jamie G
Hello All,

New to working with Meraki APIs. Looking to use the provided API to upload a 
floor plan.
I have downloaded Postman, and have completed simple tasks of downloading my 
customer ID, and I have my private API key.

Anyone who has worked with these items willing to chat and point me in the 
right direction?
Happy to document and post to Educause with a solution later- prefer that 
someone reach out to me with my email directly at 
jamie.pr...@cuanschutz.edu

Thanks in advance,
Jamie


Jamie Price
Wireless Network Engineer
Office of Information Technology
University of Colorado Denver | Anschutz Medical Campus
1945 N Wheeling Street, MailStop F408, Aurora CO, US  80045
jamie.pr...@cuanschutz.edu
www.cuanschutz.edu

[CU Anschutz Website]

[CU Anschutz Facebook]  [CU Anschutz 
Instagram]    [CU Anschutz Linkedin] 

   [CU Anschutz Twitter] 

[cid:image006.jpg@01D6126E.358C0680]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

2020-01-09 Thread Price, Jamie G
Hi Blake and Wi-Fi Pros,

Here’s a sample of our decision matrix. We also included relationship with 
vendors (both the parent company and resellers). Also, what kind of Python 
support and scripting, what can we do out of box or with some programming-- and 
partners already established with the solution that could add on a wanted 
solution (maybe we want to buy a solution APIs/Programming that would do 
automatic classroom attendance).

Happy to chat up our decision criteria with folks, feel free to email me direct 
at jamie.pr...@cuanschutz.edu<mailto:jamie.pr...@cuanschutz.edu>.






Social Media Login for Guest (user data
  would require 3rd party project)
Additional licenses
Additional licenses
Base platform
Base platform
Bluetooth Asset light asset tracking
Hard, additional products needed
Hard, additional products needed

Easy
Easy
Ease of IoT Onboarding




Ease of Partner for IoT consumer devices




Student Dorm Hospitality AP




Analytics




Student Success Software and Partnership




Ease of Problem Resolution




Management Server and Reporting




Wayfinding






From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Blake Brown
Sent: Thursday, January 9, 2020 12:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

We are also looking at replacing our existing Cisco deployment and have 
narrowed it down to either Mist or Meraki, we are currently doing in house 
trials with both. I would be interested in receiving any additional feedback on 
both of these vendors, on or off this particular email thread, if you’re 
willing to share. More info about the RADIUS bug on the Mist could prove to be 
very beneficial in our decision making.

Thanks,
Blake


From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Price, Jamie G" 
mailto:jamie.pr...@cuanschutz.edu>>
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Thursday, January 9, 2020 at 10:44 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

External Email
We looked at MIST and Meraki, both great products. We feel our management went 
with ABC so Meraki it is.

In a nutshell (and I can expand upon the “whys”) you get so many more features, 
flexibilities, with an included management platform with either one of these 
vendors. Controllers are expensive bricks. The only real reason to stay with 
controllers is if you do not want a cloud base platform.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Elton
Sent: Thursday, January 9, 2020 11:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

The wireless-lan mailing list is always interesting, but this is by far the 
best thread yet :)

We are a longtime Aerohive customer, and are aware of Extreme’s plans. Happy to 
talk about my feelings regarding Aerohive off-list. Whomever explained that 
startups are responsive at first, and start to lose their luster as they grow 
... spot on.

We are testing Meraki, Juniper/Mist, and Arista/Mojo. As always, some of the 
shine wears off once you get into the product. I’ve found some surprising 
RADIUS bug on Mist. Their initial support is responsive, but the resolution is 
... forthcoming. We are a big Juniper shop, so are excited about their ability 
to monitor & manage (one day) our EX switches.

If you start and eval, make sure you open tickets and explore how their support 
operation responds to requests (and bugs!).

Norman



On Thu, Jan 9, 2020 at 12:47 PM Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:
At this time, this doesn’t appear to bother anything other than the 515s.  We 
have 315s on the same code and have not gotten reports.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Chu
Sent: Thursday, January 9, 2020 12:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

We have been running v8.5.0.4 (clustered controllers off of a mobility master) 
with a little over 4100 AP305’s and AP325’s for a couple of months and things 
have been stable here.  Prior to this, v8.3.0.8 was causing us a few issues.

Norman Chu
Systems Administrator, Network Infrastructure Team
IT Services
T:  514-398-7299
norman@mcgill.ca<mailto:norman@mcgill.ca>  |   
www.mcgill.ca/it<http://www.mcgill.ca/it

RE: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

2020-01-09 Thread Price, Jamie G
We looked at MIST and Meraki, both great products. We feel our management went 
with ABC so Meraki it is.

In a nutshell (and I can expand upon the “whys”) you get so many more features, 
flexibilities, with an included management platform with either one of these 
vendors. Controllers are expensive bricks. The only real reason to stay with 
controllers is if you do not want a cloud base platform.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Norman Elton
Sent: Thursday, January 9, 2020 11:16 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

The wireless-lan mailing list is always interesting, but this is by far the 
best thread yet :)

We are a longtime Aerohive customer, and are aware of Extreme’s plans. Happy to 
talk about my feelings regarding Aerohive off-list. Whomever explained that 
startups are responsive at first, and start to lose their luster as they grow 
... spot on.

We are testing Meraki, Juniper/Mist, and Arista/Mojo. As always, some of the 
shine wears off once you get into the product. I’ve found some surprising 
RADIUS bug on Mist. Their initial support is responsive, but the resolution is 
... forthcoming. We are a big Juniper shop, so are excited about their ability 
to monitor & manage (one day) our EX switches.

If you start and eval, make sure you open tickets and explore how their support 
operation responds to requests (and bugs!).

Norman



On Thu, Jan 9, 2020 at 12:47 PM Turner, Ryan H 
mailto:rhtur...@email.unc.edu>> wrote:
At this time, this doesn’t appear to bother anything other than the 515s.  We 
have 315s on the same code and have not gotten reports.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Norman Chu
Sent: Thursday, January 9, 2020 12:08 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

We have been running v8.5.0.4 (clustered controllers off of a mobility master) 
with a little over 4100 AP305’s and AP325’s for a couple of months and things 
have been stable here.  Prior to this, v8.3.0.8 was causing us a few issues.

Norman Chu
Systems Administrator, Network Infrastructure Team
IT Services
T:  514-398-7299
norman@mcgill.ca  |   
www.mcgill.ca/it
805 rue Sherbrooke 
Ouest,
 Burnside Hall, Montréal, QC. H3A-0B9  Canada
[1501096696117_IITSlogo4email-cleaner-350.png]

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Michael Hulko
Sent: January 9, 2020 11:58 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

May not be completely related, but we have had issues with newer AX chipsets 
that utilize NDIS 6.3 code set.  Some of the advanced features had to be turned 
off as a work around such as packet coalescing etc.

ALthough we have no 515’s in our environment, we are progressing to 8.6 (as per 
our SE) in the coming weeks and this does not make me comfortable.  Any issues 
with the 300 series APs and 8.5x? May rethink and downgrade to 8.3x as it also 
seems to only support the AP103Hs as well.

M

On Jan 9, 2020, at 11:44 AM, Lee H Badman 
<00db5b77bd95-dmarc-requ...@listserv.educause.edu>
 wrote:

No insult meant to anyone’s intelligence, but are you also looking at client 
device drivers etc in the context of these issues? Depending on which client 
NIC is in play, the device makers haven’t been doing us any favors of late. Is 
very possible for example that hundreds of AD-managed laptops may all have same 
bum driver.

Just asking…

Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith 
Drive
Syracuse, New York 
13244
t 315.443.3003   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of David Morton
Sent: Thursday, January 9, 2020 11:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Ryan, we have been experiencing some of the very same issues. Since installing 
515s and resulting 8.5.x code in our offices (always our first step to any 
migrat

RE: [WIRELESS-LAN] WiFi survey tools

2019-09-11 Thread Price, Jamie G
I second GT Hill, but you really need Ekahau to be effective. It’s not cheap- 
but down/spotty/unreliable networks aren’t either.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of GT Hill
Sent: Wednesday, September 11, 2019 1:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi survey tools

It would be hard for me to comment on that software as I haven't used it.

Avoiding expensive hardware / software for site surveys is possible but the 
trade off is time. A site survey can be done with a map, AP on a stick (tripod) 
and signal strength meter on a handheld devices such as some Android phones.

What that doesn't solve for is the design aspect. How many APs are needed for 
dense areas? What if something changes? What are the goals of the installation? 
 Doing a proper design without good software is VERY time consuming but again, 
it's possible.

Another consideration is the skill level of your people. Hope that doesn't come 
off as bad, but designing a Wi-Fi network is more complicated than just making 
sure you have the right signal in all desired areas.

Getting the longest life out of a Wi-Fi network is more about design than the 
hardware standard used (11n, 11ac 11ax / Wi-Fi 6 etc.) - In my opinion.

That's a long way to say... don't skimp too much here. If you want to DIY, good 
software / hardware and training for your people is the investment. Or, good 
Wi-Fi design knowledge / training and the longer process of a manual site 
survey. Again, manual is fine if time isn't an issue.

I'm happy to answer any other questions. Thanks!

GT Hill
CWNE #21

On Wed, Sep 11, 2019 at 9:37 AM Sidharth Nandury 
mailto:nandu...@denison.edu>> wrote:
Hello All,

We have historically depended on vendors to do wireless surveys for us, and any 
signal related issues have been tackled with signal strength configurations. We 
are at a stage now, where we believe our WAP placements will need to be 
changed. We are trying to build a case to present to our management, and a 
wireless survey of these locations is probably needed.

My question is what tools are folks using to do in-house wireless surveys and/ 
or troubleshooting low signal wireless tickets? We don't really have a big 
budget for the tool and are looking for something that we could potentially 
install on a phone/ computer. We came across https://www.netspotapp.com/ and 
were wondering if anyone has used this?

Thank you for your time.

Regards,
Sid

--
[Denison University Logo]

Sidharth S. Nandury
Network Engineer
Information Technology Services

100 West College Street, Granville, OH 43023 | 
Fellows 003C
Office: 740-587-5533 | Mobile: 
516-314-4413
nandu...@denison.edu
https://denison.edu/campus/technology

Please consider the environment before printing this email.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


RE: [WIRELESS-LAN] 8.3.133.0 Code with IPv6 Bug

2018-08-28 Thread Price, Jamie G
Hi Christina,

What we see with our IPv6 wireless:

1.   SLAAC hands out addresses, you can join.

2.   While running  pings PCs and older MACS the pings will dropout and 
only High Sierra will come back after about 4-6 pings with a new address.

We ran some captures over the air and full communication appears to stop from 
the AP (not being a client based issue). We have a case open with TAC and we 
are pretty sure we hit a bug. We are looking forward to stable 8.5 code.

Best of luck with the issue!
-Jamie

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Brady J. Ballstadt
Sent: Tuesday, August 28, 2018 3:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11R

We are on 8.3.143.0 on a pair of 8510s.  Had some weird behavior at the start 
that has seemed to work itself out.  Currently investigating some roaming 
issues that may or not be an issue with the code.

Brady Ballstadt
UITS

Get Outlook for iOS<https://aka.ms/o0ukef>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Christina Klam mailto:ck...@ias.edu>>
Sent: Tuesday, August 28, 2018 4:02:00 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 802.11R

Another question, has anyone installed 8.3.143.0 yet?  It seems to have a 
number of fixes for 2800/3800.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu<mailto:ck...@ias.edu>

- Original Message -
From: "C. Klam" mailto:ck...@ias.edu>>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Tuesday, August 28, 2018 4:45:56 PM
Subject: Re: [WIRELESS-LAN] 802.11R

Jamie,

Can you describe more the IPV6 issue with 8.3.133.0?  For about a year we have 
been running that code.  And strangely enough, we have had issues with iOS not 
staying connected when roaming.  As all modern systems try IPv6 before IPv4, if 
there is an issue with IPv6, this would explain the delay.

Christina Klam
Network Engineer
Institute for Advanced Study
+1 609-734-8154
ck...@ias.edu<mailto:ck...@ias.edu>

- Original Message -
From: "Price, Jamie G" 
mailto:jamie.pr...@ucdenver.edu>>
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Sent: Tuesday, August 28, 2018 4:34:18 PM
Subject: Re: [WIRELESS-LAN] 802.11R

We are running 2 sets of 8510's and 1 set of 5520's on 8.3.133.0.

We are running 802.11k/v/r and it has made a tremendous difference in our 
roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with 
IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a 
production network- but it will be once we can find code without this bug. 
Otherwise 8.3.133.0 has been great.

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu<mailto:jamie.pr...@ucdenver.edu>
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Joseph Bernard
Sent: Tuesday, August 28, 2018 1:27 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] 802.11R

Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today's class changes.  While this isn't answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is "config radius ext-source-ports enable".

On 8540's, you should see this if it's on:

(Cisco Controller) >show radius queue

Max Radius Queues Per Server. 16
...[snip]...


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3cmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>>
 on behalf of "Phillips, Rick" 
mailto:rick.phill...@uky.edu<mailto:rick.phill...@uky.edu%3cmailto:rick.phill...@uky.edu>>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU%3cmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>>
Date: Tuesday, August 28, 2018 at 3:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU><mailto:WIRELESS-LAN

RE: [WIRELESS-LAN] 802.11R

2018-08-28 Thread Price, Jamie G
We are running 2 sets of 8510’s and 1 set of 5520’s on 8.3.133.0.

We are running 802.11k/v/r and it has made a tremendous difference in our 
roaming (and many less complaints). We have an IPv6 issue with 8.3.133.0 with 
IPv6. On PCs, it times out. On MACs it times out and recovers. This is not a 
production network- but it will be once we can find code without this bug. 
Otherwise 8.3.133.0 has been great.

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Joseph Bernard
Sent: Tuesday, August 28, 2018 1:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.11R

Our CTO just mentioned this today as we have passed the peak wireless stress 
point without issues for today’s class changes.  While this isn’t answering 
your question, I thought I might share what we have.  We have close to 30,000 
wireless devices connected and have our F5 load balancing 6 VMs running 
FreeRADIUS that in turn query our eDirectory backend through LDAP.  One feature 
that you should make sure is enabled is “config radius ext-source-ports enable”.

On 8540’s, you should see this if it’s on:

(Cisco Controller) >show radius queue

Max Radius Queues Per Server. 16
…[snip]…


Thanks,
Joseph B.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of "Phillips, Rick" 
mailto:rick.phill...@uky.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, August 28, 2018 at 3:11 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [WIRELESS-LAN] 802.11R

We recently promoted eduroam to the primary network at the University of 
Kentucky. We utilize Cisco WLC 8540’s (2 HA pairs), Cisco APs (mostly 3702’s) 
and Cisco ISE for portals, authentication and authorization. We were seeing the 
ISE authentication service jump up in latency and we would get calls that users 
could not connect to eduroam. We have determined that our size and number of 
authentications, particularly at each class change event, are such that we 
should be using hardware load balancing. We are in process of setting that up 
but each class transition results in a short period where authentication 
latency can get to be a problem and users have a less than desirable 
experience. During the time we are building this out our engineers are wanting 
to enable 802.11R (Fast Transition) on our controllers. We currently do not 
support this feature on the WLCs. We are running 8.2.166.0 code on our WLCs and 
we have heard other have issues with this code release. While we are not 
experiencing the same results or hitting the same bugs, I am concerned that 
turning on this feature might have ramifications related to the code release we 
are running.

My question to the group is who has used 802.11R and would you be willing to 
shoot me a private message with configuration and/or your results?

Thanks in advance,

Rick

Rick Phillips
Executive Director, Networking & Infrastructure
Information Technology Services
University of Kentucky
301 Rose St. Hardymon Building Rm 102
Lexington, KY 40506-0496
(859) 257-4106 (Office)

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.



RE: [WIRELESS-LAN] Cisco 8540 WLC random reboots

2018-07-09 Thread Price, Jamie G
Hi All,

Is there a general consensus that 8.5.131 is good code?

We are working to solve an issue in short- our IPV6 wireless will drop off 
wireless (we are in testing now). Our next hope is that a code upgrade will fix 
the issue. If this doesn’t work we will circle back with TAC and y’all will 
hear about this in future posts.

Thanks,
Jamie

Jamie Price │Senior Network Engineer
303.724.8970| jamie.pr...@ucdenver.edu
1945 N Wheeling Street, MS F408, Denver, CO, US  80045

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 On Behalf Of Mallon, Jason
Sent: Monday, July 09, 2018 1:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540 WLC random reboots

We actually can’t run that code.  We have 1815w APs in place that require a 
code of 8.4.100, which is now a differed release.

Jason Mallon
Network Engineer II, OIT
The University of Alabama
jemal...@ua.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Bruce Boardman mailto:board...@syr.edu>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Monday, July 9, 2018 at 1:04 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Cisco 8540 WLC random reboots

We are running 8.2.167.3 in HA with no problem of 6ish months. Now I’ve jinxed 
it!

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Alan D Wang
Sent: Monday, July 9, 2018 1:27 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco 8540 WLC random reboots

Do you have the bug ID for the major HA bug?

On Mon, Jul 9, 2018 at 1:17 PM, Rick Coloccia 
mailto:coloc...@geneseo.edu>> wrote:

Hi, yes, it is, but the 8.5.131 code that is out now has a major HA bug that is 
very hard to recover from.

Cisco wireless engineers promised us code by the end of July that will address 
that issue.

On 7/9/2018 1:15 PM, Swartz, Pola wrote:
8.5.131 code is available now.
Smile,
Pola

On Jul 9, 2018, at 11:14 AM, Rick Coloccia 
mailto:coloc...@geneseo.edu>> wrote:

Lots of bugs in 8.5.120, including some giant HA bugs.

The version of 8.5.131 coming later this month is where you'll want to be. 
Specifically, one of the fixes in the version of 8.5 coming later this month 
deals with HA issues.



On 7/9/2018 12:44 PM, Mallon, Jason wrote:
We are currently in the process of migrating to 8540s (8.5.120) from 8510s.  
Here recently we started noticing the HA unit on two of the pairs was in 
maintenance mode.  We rebooted the controllers and they seem to have stayed in 
a continuous boot loop.  We restarted one of the controllers to its emergency 
code (8.2.166) and it rebooted correctly without any issues, disabled SSO mode, 
rebooted back into 8.5.120 with no issues.  We enabled SSO again and 
immediately went back to having boot loop issues.  Is anybody else seeing this 
issue?

Jason Mallon
Network Engineer II, OIT
The University of Alabama
jemal...@ua.edu
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--

Rick Coloccia, Jr.

Network Manager

State University of NY College at Geneseo

1 College 
Circle, 119 
South Hall

Geneseo, NY 14454

V: 585-245-5577

F: 585-245-5579
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--

Rick Coloccia, Jr.

Network Manager

State University of NY College at Geneseo

1 College 
Circle, 119 
South Hall

Geneseo, NY 14454

V: 585-245-5577

F: 585-245-5579
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.



--
Alan Wang
Network Analyst
Binghamton University
aw...@binghamton.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.