from:"Samuel Clements"

Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives

2021-07-19 Thread Samuel Clements

Great thread everyone - I love watching (and occasionally contributing) to
all of the things that go on in the edu space! For my part, the licensing
restrictions that people face using Ekahau products are also present in
their competitors' products. For example, here is a twitter thread that
highlights netally's TOS that includes very similar language to Ekahau:
https://twitter.com/theITrebel/status/1383187080910499840

Be careful about listening to what's said/advertised publicly compared to
what's documented in the legal terms of service you're accepting when you
click "I Accept" on any software anywhere.

As another brief word of caution - this is a public list and advocating
software piracy and methods for circumventing Terms of Service is likely to
be frowned upon by someone, somewhere. It's worth taking a moment in your
replies to make sure you're not saying anything that could give the
impression of impropriety - both on behalf of you individually, as well as
the organization you work for.
 -Sam

On Mon, Jul 19, 2021 at 1:15 PM Matt Wierzgac 
wrote:

> I don’t think Ekahau sends anything to the end user unless they seek
> support in the case of an issue.  When you send an email to support or call
> them, they always ask what product key your device is using, and if there
> is a different name on file for them vs. what was registered through the
> software, they whine about it and threaten to shut it down.  The only way
> around this is to use a company email address, that has a user name that
> isn’t suspicious of being generic, but the password being generic so all
> users using this account knows it so they can login. Just remember if
> calling upon support for that account, to tell them you are the person with
> the name on the email account.  Not ideal, but I understand why they do
> it.  If only they made a license for more than 1 user that’s slightly
> higher in price to reflect this, but not as high as purchasing an entire
> new Ekahau license that’s $1200+
>
>
>
> Thanks,
>
>
>
> *Matt Wierzgac*
>
> Engineering Manager
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *James Helzerman
> *Sent:* Monday, July 19, 2021 10:16 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives
>
>
>
> Hi, how did they know it was a generic account?  Are they sending back
> information about the device it's on and mapping the login?  Or they just
> using some heuristic that looks to see if it may be a generic account such
> as sending emails to thT user account and getting no response.
>
>
>
> Jimmy
>
>
>
> On Sun, Jul 18, 2021, 10:56 PM Jason Cook 
> wrote:
>
> This frustrated us a bit too. Their licensing seems to be aimed primarily
> at Wifi professionals who use this all the time/profit from it as part of
> their business. Doesn’t really fit our environments at all.
>
>
>
> Over the course of a year lets say at best we’d use this at .5 of an FTE
> (I’m probably overstating that, would prefer to use it more but we just
> don’t have time)
>
> There’s 5 people in our team. We aren’t going to pay for 5 licenses for
> something that is use so little… not at the license cost they have anyway.
>
>
>
> Oh well.. what’s the difference in a generic email versus personal email
> for them anyway..
>
>
>
> --
>
> Jason Cook
>
> Information Technology and Digital Services
>
> The University of Adelaide, AUSTRALIA 5005
>
> ---
>
> This email message is intended only for the addressee(s) and contains
> information which may be confidential and/or copyright.  If you are not the
> intended recipient please do not read, save, forward, disclose, or copy the
> contents of this email. If this email has been sent to you in error, please
> notify the sender by reply email and delete this email and any copies or
> links to this email completely and immediately from your system.  No
> representation is made that this email is free of viruses.  Virus scanning
> is recommended and is the responsibility of the recipient.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Lauing
> *Sent:* Monday, 19 July 2021 11:39 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Ekahau Licensing & Alternatives
>
>
>
> I don't blame them for not wanting multiple users on a single license.
>
>
>
> However, I do blame them for not warning us that we were apparently
> breaking the ToS and decided to kill our license without notice. This left
> me, on a weekend and in a pinch, unable to even open my surveys.
>
>
>
> How were we breaking their ToS? Well, even though I was the only one that
> ever used the product, we licensed it under a "generic" account and not my
> personal one. We do this all the time in the case that someone leaves and
> we don't know which account i

Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-02-12 Thread Samuel Clements

Troubleshooting seemingly disjointed problems and crowdsourcing
recommendations is always a tricky thing for us to navigate. Personally, I
like to look at things like "absolutely everything is okay except for one
single app" with a grain of salt unless I can back it up with
empirical evidence (application inspection, external app health solutions,
etc). Just because Zoom is filtering to the top, you very well could be
having pervasive issues otherwise, but the vocal majority could simply be
expressing Zoom since it can be taxing on a number of network components.
Unless you want to delve off into actual troubleshooting scenarios
(capturing debugs & packets), you're going to be left with "punch list"
troubleshooting - and those come from vendor recommended best practices. In
this case, I'd make sure that you follow the Apple/Cisco document that is
meant to address both manufacturers recommendations:
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practices_for_iOS_devices_and_Mac_computers_on_Cisco_Wireless_LAN.pdf

I'd particularly pay attention to QoS since it's easy to get wrong -
remember, unless you have trust on *every* link (yes, even those fancy 10G
links in your core), you do not have QoS. It's a lengthy doc, but it's
quite comprehensive - and most everything is in there for a reason. Let's
be honest, having a nice reference guide is far better than vendors that
don't qualify interoperability (cue Lee complaining about Wi-Fi Alliance)
or provide design recommendations. In short, I'd recommend you start where
your vendors suggest you start.
  -Sam

On Fri, Feb 12, 2021 at 6:36 AM Lee H Badman <
00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:

> That there are widespread problems with Zoom, and often just Zoom, is not
> hard to appreciate- one random sample:
>
>
> https://www.reddit.com/r/Zoom/comments/g58olb/keep_getting_your_internet_connection_is_unstable/?utm_medium=android_app&utm_source=share
>
> The risk in tweaking controller settings for just Zoom's issues are that
> you can create more problems. Tread lightly here, and know that you are not
> alone.
>
> At the same time, if anyone has discovered a silver bullet, I'd like to
> hear it as well. To me, it seems like the fix should be on the Zoom end,
> but am trying to keep an open mind.
>
> *Lee Badman* | Network Architect | CWNE #200
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
> *SYRACUSE UNIVERSITY*
> syr.edu
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tariq Adnan <
> 01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
> *Sent:* Thursday, February 11, 2021 9:19 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [WIRELESS-LAN] Macbook zoom wireless dropout issues
>
>
> Hello everyone,
>
>
>
> Just checking if you have recently come across any macbook zoom wireless
> dropout (and frozen screen) issues and have taken any step to resolve it.
>
>
>
> So I have come across a Macbook running Catalina 10.15.7 reporting zoom
> dropouts from time to time.
>
>
>
> The AP is 3700 and the controller model is 8540 running code 8.5.161.6.
> The session time out on the SSiD is set to 24 hours. The QOS is default
> “silver”.
>
>
>
> I was running debug on WLC (debug client mac) and AP and there is no
> helpful log generated at the time of issue. The utilization for both radios
> on the AP is close to 1% (not busy) and the noise and interference reported
> by AP is not unusual. The switchport have no errors etc.
>
>
>
> I have searched this forum and few people have reported that the mac’s
> were having issues with specific 5G channels. Some suggested to change few
> things on the mac (turn off unlock with apple watch) etc.
>
>
>
> *So if you have recently dealt with something similar, can you please
> share your thoughts and if you have resolved the issue, how did you do that
> (code upgrade etc.)? *
>
>
>
> *Few things I can try:*
>
> -Set Qos profile to platinum
>
> -Disable Aironet IE
>
> -Configure Idle timeout on the ssid (less than session timeout) :
> currently it is default 5 minutes
>
> -Disable 11ac MU-MIMO on ssid
>
> -upgrade macos to Big Sur
>
>
>
> Thanks,
>
> Tariq
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address an

Re: [WIRELESS-LAN] Wi-Fi 6E Branding Rant

2021-01-20 Thread Samuel Clements

I concur - it's a messy situation, and one that's not made any better by
the likes of AT&T (5Ge anyone?). If I had a nickel for everyone that
thought that 5Ge was 5G and/or that Wi-Fi 6 was 6GHz, I'd have a whole ton
of nickels... I'm not sure that Wi-Fi 7 representing 6GHz would have been
much better - all the 5s and 6s are bound to be confusing - and making the
7 mean 6 would just exacerbate the problem for a non technical crowd
anyway. I mean, these are the same people that can't understand why 802.11
amendments are lower case - and why 802.1X is okay. Technical people gonna
technical...
  -Sam

On Wed, Jan 20, 2021 at 8:40 AM Jennifer Minella  wrote:

> LOL. You’re not wrong… it’s a tough challenge. It **is** still WiFi 6
> (802.11ax) so WiFi 7 would be confusing. I think the best way I’ve seen it
> consistently used with non-Wi-Fi pros is to call it “WiFi 6- Extended”
> meaning it’s extended in to other RF spectrum. That’s not official but I
> think even Chuck uses that moniker for it.
>
>
>
> The more common confusion we run in to is people thinking the “6” in WiFi
> 6E means 6GHz.
>
>
>
> I’m sure other folks here have some additional ideas for keeping it
> straight for non-WiFI peeps. As for us, we just constantly re-iterate what
> 6E is (and isn’t) pretty much every time the phrase comes out of our
> mouths, even if that means multiple times in a webinar, Tech Talk, or
> client meeting.
>
>
>
> You’re in good company with your frustration though 😊
>
> -jj
>
>
>
> ___
>
> *Jennifer Minella*, CISSP, HP MASE
>
> VP of Engineering & Security
>
> Carolina Advanced Digital, Inc.
>
> www.cadinc.com
>
> j...@cadinc.com
>
> 919.460.1313 Main Office
>
> 919.539.2726 Mobile/text
>
> [image: CAD LOGO EMAIL SIG]
>
>
>
> *From:* Green, William C 
> *Sent:* Monday, January 18, 2021 6:52 PM
> *Subject:* Wi-Fi 6E Branding Rant
>
>
>
> 
>
> "Wi-Fi 6E” is not a good branding for what 6GHz provides, in my personal
> opinion.  I hope the Wi-Fi Alliance reconsiders.
>
>
>
> I've been discussing Wi-Fi 6E in my organization for over a year-- and
> nobody can keep that “E” in their heads.  They constantly confuse "Wi-Fi 6"
> as the same as "Wi-Fi 6E" in meetings, products, and strategies.   The
> whole point of the Alliance branding was to make things more understandable
> to non-technical audiences right?  Doesn’t 6 vs 6E fly in the face of
> that?  I’m not good at naming things, so am use to recognizing branding
> failures like this.
>
>
>
> I understand most of the underlying technology is the same-- other than
> 6GHz capability.  Most people don't care about the underlying technology
> unless it accomplishes something they need.  6GHz is a once in a generation
> differentiator that will enable far more than the changes from 802.11ac to
> 802.11ax, which was deserving of a new number.  Not having that capability
> reflected in a more differentiated branding is causing and will continue to
> cause unneeded confusion.
>
>
>
> I understand the Alliance has already placed a lot into marketing of the
> term "Wi-Fi 6E", but that's sunk cost.  Pick a new branding.  Perhaps,
> Wi-Fi 7.  You can leave all 6E materials and just say its the same thing as
> Wi-Fi 7.  Have everything in the futures pipeline do a +1 on their
> PowerPoints.  Will the Alliance incur some ridicule, yes, but less than
> continuing with 6E in my personal opinion.
>
>
>
> Do I think this rant will change anything?  No.  But naming a frustration
> is sometimes useful for dealing with it.  I’m moving on.
>
> 
>
> --
> *William Green*, Director of Networking and Telecommunications
> The University of Texas at Austin | ITS | 512-475-9295 |
> gr...@austin.utexas.edu 
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> Visit https://cadinc.com/blog for tech articles and news.
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] CCKM timestamp tolerance

2018-04-05 Thread Samuel Clements

In my book, CCKM timestamps represent a *very* small attack vector. I would
generally be very comfortable adjusting this timer by 2-3x without
impacting my sleep at night. :)
  -Sam

On Thu, Apr 5, 2018 at 9:08 AM, Joachim Tingvold 
wrote:

> Hi,
>
> We’ve encountered some clients on our wireless network that seems to
> handle roaming worse than other clients. Our WLC (Cisco 8540) responds by
> excluding the client after some failed attempts (which, of course, works as
> it should).
>
> The culprit seems to be that the clients uses old CCKM-data when
> re-associating/roaming;
>
>   “Received Timestamp deviation > 1 sec in REASSOC REQ IE from mobile”
>
> I know this can be tuned (“config wlan security wpa akm cckm
> timestamp-tolerance”), but that also increases the chance of replay attacks
> (the WLC even warns about this). However, I’m not sure if this is a “real”
> security issue in practice? (e.g. raising the tolerance from 1000ms to
> 5000ms).
>
> Since these are the first clients we’ve observed with this issue, I’m more
> inclined to ask the vendor to fix the issue on their end, but I know that
> will be a “fight” (that I’m not sure if I want to have). The “easiest”
> solution is of course just to increase the tolerance (if that helps, that
> is).
>
> What is the BCP on this matter?
>
> --
> Joachim
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Handling Wifi Deauth Attacks

2018-04-03 Thread Samuel Clements

I have filed a complaint with the FCC in the past and it was surprisingly
successful. I would suggest you start with this link:
https://www.fcc.gov/document/warning-wi-fi-blocking-prohibited

Which includes the following tidbit:

*What Should You Do if You Suspect Wi-Fi Blocking? If you have reason to
believe your personal Wi-Fi hot spot has been blocked, you can file a
complaint with the FCC. To do so, you can visit www.fcc.gov/complaints
 or call 1-888-CALL-FCC. If you contact the
FCC, you are encouraged to provide as much detail as possible regarding the
potential Wi-Fi blocking, including the date, time, location, and possible
source.*

Ideally you would be able to provide a packet capture in tandem with your
complaint. In my particular situation, I received a formal letter after my
case was reviewed and found to be a non-issue (mine was an illegal jammer).
After calling to re-open the case, the FCC field team was dispatched and
'mitigated' the issue with much precision. Be forewarned that you're likely
to feel like your being ignored and given the run around - in my case there
was no followup, just an FCC field van show up and then a clean spectrum
shortly thereafter. If you provide the above link in your complaint and
inform them that you believe you're impacted by the clarification provided,
that should shore up your story some.
Good luck, and happy hunting!
  -Sam

On Tue, Apr 3, 2018 at 9:42 AM, Kenny, Eric  wrote:

> While investigating some “wifi is slow” and “wifi is dropping” complaints,
> we noticed deauth/disassociation flooding attacks reported by our wireless
> IDS.  So far I’ve been able to identity a small percentage of these as
> local businesses and other local (non-university affiliated)
> organizations.  What strikes me as odd is that a lot of the MAC OUIs from
> offending devices appear to be consumer grade wireless devices (Belken,
> Netgear, eero, etc.).  I’d love to get a hold of one of these devices and
> look at its settings to see how it’s configured.  I’m not a lawyer, but I
> think this falls under regulation 47 U.S. Code § 333.
>
> Besides filing a complaint with the FCC, I’m wondering if any of you have
> experienced this on your campuses, and if so, how you’ve gone about dealing
> with it.  I’m afraid asking the business nicely would just result in a
> blank stare, as they would not likely understand the nature of the
> complaint, or what their wireless is actually doing.
>
> §333. Willful or malicious interference
> No person shall willfully or maliciously interfere with or cause
> interference to any radio communications of any station licensed or
> authorized by or under this chapter or operated by the United States
> Government.
> (June 19, 1934, ch. 652, title III, §333, as added Pub. L. 101–396, §9,
> Sept. 28, 1990, 104 Stat. 850.)
>
> Thanks,
> ---
> Eric Kenny
> Network Architect
> Harvard University IT
> ---
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Air Time Fairness

2018-02-28 Thread Samuel Clements

One gotcha is the following:

Table 6 Key Features Not Supported in Cisco Aironet 1800i, 1810 OEAP,
1810W, 1815, 1830, 1850, 2800, and 3800 Series APs
Cisco Air Time Fairness (ATF)

Be warned that, if you're using the wave 2 platforms, ATF is not supported
according to the latest WLC version 8.6 release notes at:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn86.html

  -Sam


On Wed, Feb 28, 2018 at 1:15 AM, Jason Cook 
wrote:

> We are Cisco shop on 8.2.164 and would potentially move to 8.5 July. (8510
> in HA, peak 15k clients)
>
>
>
> Open to thoughts from other vendors as well 😊
>
>
>
> Does anyone know of any gotya’s when enabling ATF with Client Fair
> Sharing? Capacity is one that comes to mind with AVC having clearly caused
> plenty of issues under load.
>
> We are starting on our dev controller 5508’s in HA, so can play with it
> easily enough. But AVC in dev was fine also, hard to test capacity there
> since creating the load is a challenge.
>
>
>
>
>
> --
>
> Jason Cook
>
> Information Technology and Digital Services
>
> The University of Adelaide, AUSTRALIA 5005
>
> Ph: +61 8 8313 4800 <+61%208%208313%204800>
>
> e-mail: jason.c...@adelaide.edu.au
>
>
>
> CRICOS Provider Number 00123M
>
> ---
>
> This email message is intended only for the addressee(s) and contains
> information which may be confidential and/or copyright.  If you are not the
> intended recipient please do not read, save, forward, disclose, or copy the
> contents of this email. If this email has been sent to you in error, please
> notify the sender by reply email and delete this email and any copies or
> links to this email completely and immediately from your system.  No
> representation is made that this email is free of viruses.  Virus scanning
> is recommended and is the responsibility of the recipient.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco Channel Width

2018-01-19 Thread Samuel Clements

Don't forget, Apple documentation explicitly states that macOS devices will
prefer 80MHz over 40MHz over 20MHz channel widths:
https://support.apple.com/en-us/HT206207

If you're running DBS, you may have instances where at least one client
type prefers a wider channel than a closer AP strictly due to channel
widths. As with any widget that you're trying to flip, make sure you
understand the client impact first and foremost.
  -Sam

On Fri, Jan 19, 2018 at 9:31 AM, Blake Krone  wrote:

> On the contrary Jeff I bought a 700HP supercar but can’t legally use all
> that speed in the United States, police tend to frown upon that and would
> love to impound my baby. I’m always using all 10 of my cylinders I just
> can’t hit the max speed ;)
>
> The thing to remember is that in Wireless design, especially high density,
> you want to take into consideration what the total aggregate throughput is.
> Sure that potentially amazingly fast speed is super sexy but what’s the
> likelihood of you benefiting from that? Remember back to the days of
> backing up (or just uploading in general) files to an FTP server. What was
> the first step you would perform if you have a lot of little files? You
> bundle them up in a ZIP file, this way you are not starting and stopping a
> bunch of small transfers but are continuously sending one file allowing you
> to reach the higher transfer rates by maxing your link. It seems
> counterintuitive but the small percentage of transfers that will benefit
> from 80MHz doesn’t necessarily always justify the ACI/CCI it introduces in
> most environments. You would be surprised how little client devices
> actually need to do things like Netflix and such.
>
> Whenever I’m doing any sort of stress testing or efficiency testing I
> always look at total aggregate throughput, cause that is what matters. I
> prefer not to drag race a bus.
>
> Here’s a couple of papers I’ve wrote focusing on total aggregate
> throughput and efficiencies instead of max speed:
> https://nsashow.com/AP2700/
> https://nsashow.com/FRA/
>
> At the end of the day you know your environment better than anyone else,
> so the key is to test in your environment and find out what works for you.
> What is the risk analysis of configuring one way vs another way.
>
>
> On Jan 19, 2018, at 9:14 AM, Jeffrey D. Sessler 
> wrote:
>
> Been running that option (Best) for a long time. No downside that I’ve
> found and after a few passes it’s very stable with channel width. Even in
> our dense AP deployment residential areas, most all of our WAPs are running
> at 80Mhz  - our students having mostly 11ac devices. The bandwidth use in
> our residential went way up as a result.
>
> As to clients getting kicked off when the width changes, Cisco’s magic
> sauce tries to prevent this from happening (it’s detailed in the white
> papers). The code also makes decisions based on the client mix it sees e.g.
> if it sees a majority of 802.11n clients around a WAP, it won’t run that AP
> at 80Mhz. If the WAP is mostly 11ac, it will.
>
> Running a static 20Mhz plan, in my opinion, is just tossing away
> performance and client experience. You wouldn’t purchase an 800HP supercar
> only to permanently disable half of its cylinders.
>
> Jeff
>
> *From: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU> on behalf of Les Ridgley 
> *Reply-To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Date: *Thursday, January 18, 2018 at 6:45 PM
> *To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Cisco Channel Width
>
> Hi All,
> For those Cisco shops – has anyone configured the “BEST” parameter for
> channel width that would like to share their experiences or thoughts on the
> benefits or otherwise .
>
> We have been advised to use 20Mhz as a campus wide setting, however DBS
> appears to offer significant benefits that would allow us to make better
> use of our 802.11ac AP’s.  We are currently running two 8540 WLC’s with
> around 2,500 access points with a mix of 3600 – 3700 -3800 and 1810 access
> points.
>
> Thanks in advance,
> Les
> --
> Les Ridgley
> Senior Communications Officer (Network Operations),
>
> IT Services
> Resources Division
> The University of Newcastle
> University Drive, Callaghan NSW 2308
> les.ridg...@newcastle.edu.au,
> Phone +61 2 4921 6598 <+61%202%204921%206598>
> Fax: +61 2 4921 6910 <+61%202%204921%206910>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion l

Re: [WIRELESS-LAN] Cisco AP 'flash' bug

2017-12-12 Thread Samuel Clements

Do you have details on CSCuz47559 in particular? Cisco.com is show that
marked as private still.
  -Sam

On Tue, Dec 12, 2017 at 7:28 AM, Garret Peirce  wrote:

> I should've circled back/followed up as we worked through this.
> We worked w/Cisco earlier this year and they had since developed 8.3.121
> which among others IIRC included resolutions to these relevant issues.
> CSCvb65706 , CSCvc74528, CSCvd07423, CSCuz47559.
>
> Since 8.3.121.1 (and above) , our incident rate has fallen to nearly zero
> across ~9k APs,
> We've also been working on them with CSCvf28459 (related to an nvram
> issue) for which the fix I hear is to be released soon.
>
> On Tue, Dec 12, 2017 at 8:00 AM, Jan Freerk Popma 
> wrote:
>
>> Hi all,
>>
>>
>>
>> We also have this problem for about a year now but exclusively on 3600’s,
>> although 2600 and 3700 are not beyond suspicion, our 702, 1140, 1810,
>> 2700’s seem to be fine.
>>
>> It also looked like we were the only ones with this problem but there are
>> more.
>>
>> So get on to your supplier and Cisco that this is a serious issue and
>> needs fixing.
>>
>>
>>
>> I seems to be at least in all 8.2 and 8.3 releases.
>>
>> We have TAC-case SR 682811103 running for this and we are currently
>> running a 8.2.166.0 based debug version testing out a possible fix.
>>
>>
>>
>> What seems to be the case is that the flash file system gets corrupted.
>>
>> Not surprisingly when the AP needs to reboot it runs into all kind of
>> problems, like a not working boot image, not loading radio firmware or
>> corrupt config. The AP drops to boot rom or gets in to a boot loop.
>>
>> The only remedy is via the console do fsck or format of the flash and to
>> reload either the current image or the recovery image from a tftp server.
>>
>>
>>
>> The problem is not easy to debug as there are no indications of a running
>> AP which is corrupt and the trigger is as yet unknown, it is however
>> detectable remotely.
>>
>> We have developed a script which checks the AP’s and with some hidden
>> features re-installs the image if it is corrupted.
>>
>> Of our 400+ AP3600’s there are about 10 fails a week, leave the check
>> longer and the numbers go up.
>>
>> This script catches most corrupt AP’s before they break on a reboot, it
>> is highly tailored so it won’t easily translate to a different environment
>> and of course it is not a fix.
>>
>>
>>
>> Regards,
>>
>> *Jan Freerk Popma* *|* *ICT Service Center, Networkmanagement **|**
>> University of Twente, Enschede, Netherlands*
>>
>> Building Citadel room 219 | T: +31 53 489 4321 <+31%2053%20489%204321> |
>> j.f.po...@utwente.nl | www.utwente.nl
>>
>>
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Tristan Gulyas
>> *Sent:* dinsdag 12 december 2017 07:18
>>
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Cisco AP 'flash' bug
>>
>>
>>
>> Hi all,
>>
>>
>>
>> I was under the impression that we were the only customer who have been
>> hitting this. 8.3.112.7 engineering release.
>>
>>
>>
>> We've seen it on all platforms - fixed in 702W in our current release (we
>> believe) but we're seeing it on 1532, 3502, 3602, 2702, 3702. Not present
>> on 3800/1562 from what we've seen.
>>
>>
>>
>> One catalyst for this has been AP reboots.  Has anyone else been hit by
>> this bug or been provided with a fix?
>>
>>
>>
>> Cheers,
>>
>> Tristan
>>
>> --
>>
>> *TRISTAN GULYAS*
>>
>> Senior Network Engineer
>>
>>
>>
>> *Technology Services, eSolutions*
>>
>> Monash University
>>
>> 738 Blackburn Road
>> 
>>
>> Clayton 3168
>> 
>>
>> Australia
>> 
>>
>>
>>
>> T: +61 3 9902 9092 <+61%203%209902%209092>
>>
>> E: tristan.gul...@monash.edu
>>
>> monash.edu
>>
>>
>>
>> On 20 Jan 2017, at 7:46 am, McClintic, Thomas <
>> thomas.mcclin...@uth.tmc.edu> wrote:
>>
>>
>>
>> Next time you have this issue, try connecting a console to the AP and run
>> the following:
>>
>>
>>
>> ap: *fsck flash:*
>>
>> Are you sure you want to fsck "flash:" (could take some time) (y/n)?*y*
>>
>> flashfs[0]: …
>>
>> ap:
>>
>>
>> *boot *
>>
>> This works for us on the failed to reload properly APs.
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
>> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> ] *On Behalf Of *Garret Peirce
>> *Sent:* Thursday, January 19, 2017 10:44 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Cisco AP 'flash' bug
>>
>>
>>
>> Ian, thanks for the response.
>>
>> To commiserate it does feel that wireless ecosystem has been affected by
>> a larger bloom of bugs over the last year o

Re: [WIRELESS-LAN] Big flaw in WPA2

2017-10-17 Thread Samuel Clements

By the way, github is maintaining a master list of vendor responses over at:
https://github.com/kristate/krackinfo
 -Sam

On Tue, Oct 17, 2017 at 6:49 AM, Osborne, Bruce W (Network Operations) <
bosbo...@liberty.edu> wrote:

> No, the solution is EAP-TLS with individual device certificates.
>
>
>
>
>
>
>
> *Bruce Osborne*
>
> *Senior Network Engineer*
>
> *Network Operations - Wireless*
>
>  *(434) 592-4229 <(434)%20592-4229>*
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Tim Tyler [mailto:ty...@beloit.edu]
> *Sent:* Monday, October 16, 2017 9:57 AM
> *Subject:* Re: Big flaw in WPA2
>
>
>
> This brings up an issue where I have philosophically wondered if mac
> address authentication isn’t better than 802.11x (wpa2).  The reason isn’t
> because it guards the network better.  But if one does get hacked at the
> point of accessing the network, the consequences are way less.  One isn’t
> giving a way the keys to their other accounts.   I know some institutions
> do use mac address authentication as their primary access method.   It is
> difficult for institutions that can’t afford pricey on-boarding solutions
> to manage certificate lock downs.   Hence, man in the middle attacks become
> prevalent as well.
>
>   We already use mac address authentication for devices that won’t support
> 802.1x.  I keep wondering now if I shouldn’t make that our primary solution
> someday.  I am curious as to what others think.
>
>
>
> Tim
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Turner, Ryan H
> *Sent:* Monday, October 16, 2017 6:51 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Big flaw in WPA2
>
>
>
>
> https://arstechnica.com/information-technology/2017/
> 10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-
> open-to-eavesdropping/
>
>
> Ryan Turner
>
> Manager of Network Operations, ITS
>
> The University of North Carolina at Chapel Hill
>
> +1 919 274 7926 <(919)%20274-7926> Mobile
>
> +1 919 445 0113 <(919)%20445-0113> Office
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Outdoor WiFi infrastructure experiences/strategies?

2017-10-13 Thread Samuel Clements

DISCLAIMER - I'm not a lawyer, nor do I pretend to be. Any legal advice
should be vetted by your own independent legal team.

Don't forget to add regulatory compliance concerns to your list. It's a
common misconception that you can take any off the shelf indoor AP, slap it
in a NEMA enclosure, and put it outside. In Cisco land at least, you must
make sure you're using APs that are validated for use outdoors in your
regulatory domain - if that sort of thing is important to you. If you
install an AP that is FCC validated only for use indoors, in an enclosure
outdoors, you need to be aware of several things - not the least of which
is how you (or your legal team) interprets the FCC position of
'Professional Installer'. In short, if regulatory domain validation is
important to you, make sure you use APs that have been submitted to your
domains regulatory body for validation. If it is not important to you, make
sure you're diligent about what you can and cannot do outdoors in your
regulatory domain and make sure you don't break the law.

Depending on your interpretation of the FCC rules in the states, for
example - one could say that, even if you consider yourself a professional
installer, if you leave a system in place that can exceed regulatory limits
(even if someone else misconfigures it), you may be liable for those fines.
Tread carefully here!
  -Sam

On Fri, Oct 13, 2017 at 1:42 PM, Lee, Steven  wrote:

> We’re beginning to develop a campus wide strategy (vision) to provide
> outdoor WiFi coverage.  Up to this point, deployment has been a piecemeal
> process, where we install an outdoor AP here and there without much thought
> to broader implications or scale.  Aesthetics has not been much of a
> consideration either, but I think it should be moving forward.
>
> We would like to develop a comprehensive strategy that aligns the campus
> master plan, and provides some continuity/standardization for future
> deployments with an eye to collaboration with our campus facilities teams.
> Im thinking along the lines of developing a few ‘cookie cutter’ deployment
> scenarios and communicate the requirements/expectations of what
> infrastructure is needed to the campus planners/designers so they can
> incorporate (or atleast consider) them into their plans.
>
> There is quite a bit to think about here, so in an effort to keep the
> scope in a hopefully reasonable place, I’d love to hear what others are
> doing regarding the infrastructure (not so much the networking and RF at
> this point) and overall campus strategy.
>
>
>- Has anyone already developed a comprehensive campus wide strategy?
>- Did you leverage buildout of cellular micro sites?
>- What kinds of locations/areas do you find that your users get the
>most value/appreciation out of the service?
>- Where do you physically install the AP’s and has that kind of
>deployment been successful?
>   - rooftops with directional antennas?
>   - exterior wall mounts?
>   - building canopies/overhangs?
>   - light poles?
>- Ideas on aesthetics/concealment/physical access?  Ive heard of a
>use-case where the AP has been buried in flower beds also small antennas in
>light pole globes.  How else do you hide the gear?  Any good/bad
>experiences with custom enclosures and/or external antennas?
>- Experiences (suggestions) with providing power for areas out of
>802.3 distance specs? Anyone use the hybrid fiber/copper products that are
>on the market?
>- How do you plan pathway build-outs?   Do you leverage facilities
>and/or landscape construction to install conduit, etc?
>- Any experience with putting hardened equipment (switches/aps) in
>underground enclosures?
>
> I could go on and on with questions but I’m really looking for general
> advice/suggestions/creative ideas/war stories from others who have already
> gone down this road.
>
> To be clear to the vendors on the list, this is NOT a funded initiative
> for a campus wide deployment.  We’re just trying to do some exploratory
> thinking, so please no sales calls.
>
> Thanks everyone,
>
> ste
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Plastered buildings

2017-08-29 Thread Samuel Clements

I agree with the general sentiments here that a proper design is the way to
go. One of the biggest challenges we have, especially in the high density
areas, is that there is such a thing as too many APs. CCI is a huge issue
and you have a massive present right in front of you. Those lath and
plaster buildings do a fantastic job of isolating APs (and subsequently
interference) from each other. Far too often do I see people doing Wi-Fi
designs that don't leverage the 'gift of attenuation' from the environment
(building, obstacles, etc). Yes, you will invariably need more APs for this
building, but as stated previously, this could end up being a flagship
deployment for you due to incredibly awesome isolation and (I bet) a
practically nonexistent noise floor.
  -Sam

On Tue, Aug 29, 2017 at 9:23 AM, Jeffrey D. Sessler  wrote:

> You have to mount them in-room, and likely every or every-other room
> depending on the wall makeup between them.
>
>
>
> My campus is made of nothing but plastered walls with metal mesh,
> compounded by the internal construction which is mainly reinforced
> block/concrete. This was a curse in the early WiFi days when we just wanted
> coverage. We’ve long since moved to dense in-room AP deployment and it’s a
> huge benefit. It’s the best RF gift imaginable, it just forces a
> more-costly design that most desire to use anyway.
>
>
>
> Jeff
>
>
>
> *From: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU> on behalf of John Rodkey 
> *Reply-To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Date: *Monday, August 28, 2017 at 9:20 PM
> *To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Plastered buildings
>
>
>
> How do you deal with buildings that have plaster and fine metal mesh
> enclosing them?  We have placed access points on the exterior of the
> building, but the signal isn't getting through.  The rooms all open onto an
> outside hallway - there is no common internal hallway.
>
>
>
> John Rodkey
>
> Director of Servers and Networks
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco 2802i and 3rd party injectors or switches

2017-08-22 Thread Samuel Clements

Yeah, it's a straight up 'good' injector. We don't usually attach switches
to them - just laptops, but that should be functionally identical to using
a switch. :) We use them for site surveys when we need portable power for
the APs and the ethernet passthrough allows us to hook a laptop up to the
APs ethernet port for config/management.
  -Sam

On Tue, Aug 22, 2017 at 8:47 AM, Jason Watts  wrote:

> Thanks Samuel, there doesn’t appear to be anything special about that
> injector. Mind saying what kind of switch is typically behind it?
>
>
>
> On Aug 22, 2017, at 9:44 AM, Samuel Clements  wrote:
>
> I'm successfully using the Tycon injector supporting full power to both
> the 2800/3800:
> http://tycononline.com/TP-DCDC-1248GD-HP-10-15VDC-In-
> 56VDC-8023afat-Out-35W-DC-to_p_128.html
>
> Maybe not exactly what you were after, but it's certainly 3rd party, and
> it certainly works.
>
> On Tue, Aug 22, 2017 at 8:26 AM, Jason Watts  wrote:
>
>> Has anyone on-list successfully used a 3rd party 802.3at injector to
>> fully power one or more 2802i APs?
>>
>> I’m interested in single-port, multi-port midspan, and switches big and
>> small so long as it is non-Cisco.
>> The word from Cisco seems to be that only the AIR-PWRINJ-6 single-port
>> injector from Cisco is compatible, though I have heard of a “same part
>> number” small-business injector that costs a bit less as working as well.
>>
>> So far I can find no evidence of a 3rd party injector working beyond
>> providing 15.4 watts medium power, hence no radios up.
>>
>> Manufacturer and part numbers are much appreciated.
>>
>> Thanks,
>>
>> *Jason Watts* | Senior Network Administrator
>>
>> *PRATT INSTITUTE*
>> Academic Computing
>>
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/discuss.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cisco 2802i and 3rd party injectors or switches

2017-08-22 Thread Samuel Clements

I'm successfully using the Tycon injector supporting full power to both the
2800/3800:

http://tycononline.com/TP-DCDC-1248GD-HP-10-15VDC-In-56VDC-8023afat-Out-35W-DC-to_p_128.html


Maybe not exactly what you were after, but it's certainly 3rd party, and it
certainly works.

On Tue, Aug 22, 2017 at 8:26 AM, Jason Watts  wrote:

> Has anyone on-list successfully used a 3rd party 802.3at injector to fully
> power one or more 2802i APs?
>
> I’m interested in single-port, multi-port midspan, and switches big and
> small so long as it is non-Cisco.
> The word from Cisco seems to be that only the AIR-PWRINJ-6 single-port
> injector from Cisco is compatible, though I have heard of a “same part
> number” small-business injector that costs a bit less as working as well.
>
> So far I can find no evidence of a 3rd party injector working beyond
> providing 15.4 watts medium power, hence no radios up.
>
> Manufacturer and part numbers are much appreciated.
>
> Thanks,
>
> *Jason Watts* | Senior Network Administrator
>
> *PRATT INSTITUTE*
> Academic Computing
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] New Crazy Wireless Devices

2017-08-02 Thread Samuel Clements

In my environment (Cisco, WLC based, wave 2 APs, local mode) I have
Nintendo Switches that work just fine behind NAT'd addresses (as an FYI).
  -Sam

On Wed, Aug 2, 2017 at 10:07 AM, Peter P Morrissey  wrote:

> Hmm. So I wonder how these things would work on a home network which is
> just about guaranteed to not have a public IP?
>
>
>
> Pete
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Carlton, Rick
> *Sent:* Wednesday, August 2, 2017 10:44 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> We currently have an open SSID, so authentication and network access is
> not the issue.  The challenge is around the use of P2P.  So far, the only
> fix/workaround is to give the device a public IP (which we don’t currently
> support) with open internet access (which security won’t support).
>
> Rick
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Chris Adams (IT)
> *Sent:* Wednesday, August 2, 2017 9:34 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> What challenges have you experienced with the Nintendo Switch? Dot1x
> support?
>
>
>
> Thanks,
>
>
>
> Chris Adams, CISSP
>
>
>
> Assistant CIO, Network & Telecom
>
> Division of Information Technology
>
> University of North Georgia
>
> E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Carlton, Rick
> *Sent:* Wednesday, August 2, 2017 10:23 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> One of the more challenging devices so far is the Nintendo Switch.
>
> Rick
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Paul Reimer
> *Sent:* Wednesday, August 2, 2017 9:19 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> We’ve gotten a request about wifi enabled wall outlets in residence halls
> for controlling connected appliances and metering power usage.
>
>
>
> -Paul Reimer
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Peter P Morrissey
> *Sent:* Wednesday, August 2, 2017 9:37 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> “The most interesting new device to show up so
> far as been a Ring Doorbell system. “
>
>
>
> Never would of thought of that one! I guess knocking is just so 2008.
>
>
>
> Pete
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Michael Davis
> *Sent:* Tuesday, August 1, 2017 8:14 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] New Crazy Wireless Devices
>
>
>
> We're just starting to see some of the early groups start showing up on
> campus.
> The early trends seem to be Amazon Echo/Dots and Google Home systems,
> among
> the ever growing trend of Smart TVs.  The most interesting new device to
> show up so
> far as been a Ring Doorbell system.
>
> thanks
> mike
>
> On 7/31/17 4:39 PM, Peter P Morrissey wrote:
>
> Wondering if anyone has noticed any new trends in popular wireless devices
> that we might expect returning students to want to connect in their
> residences when they return?
>
>
>
> Not being a gamer, this one was new to me. It apparently streams games on
> running on your laptop to your TV over a WiFi connection and also provides
> input for controllers. Seems like something that could use up a bit of
> bandwidth. The good news is that it appears to support 11ac.
>
>
>
> http://store.steampowered.com/app/353380/Steam_Link/
> 
>
>
>
> Pete Morrissey
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss
> .
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> C

Re: [WIRELESS-LAN] Cisco Code Version

2017-07-31 Thread Samuel Clements

From the iPSK config guide at:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf

"IPSK can be configured on any AAA serer that supports Cisco av-pair." 

 -Sam

This email sent from a mobile computing device. Please excuse typos and brevity.

> On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin  wrote:
> 
> I just looked at the IPSK video from CIsco here.
> 
> https://www.youtube.com/watch?v=deEv-aNXfL0
> 
> Not 100% sure ISE is required by the sound of the video.
> 
> They say a radius serve such as ISE, and of course Cisco is going to try and 
> sell you ISE.
> 
> They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=, 
> along with MAC filtering and AAA override.
> 
> You maybe able to pass those Cisco-AV-Pairs with any radius server.
> 
> Kevin McCormick
> Network Administrator
> University Technology - Western Illinois University
> ke-mccorm...@wiu.edu | (309) 298-1335 | Morgan Hall 106b
> Connect with uTech: Website | Facebook | Twitter
> 
> 
>> On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook  
>> wrote:
>> There is a lot of resolved caveats in the 160 release for the 2800/3800 
>> series. We’ve only got a handful of 2800’s operational but a lot to be 
>> installed, have hit 1 issue but haven’t identified it with a known bug yet.
>> 
>>  
>> 
>> Despite showing “users connected” to an AP, new users couldn’t join. I 
>> certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP 
>> with strong signal. Rebooting the AP resolved it, came across it on 2 out of 
>> 16 AP’s last week. Due to impact we couldn’t get right into troubleshooting 
>> or logging a case, but intend to if it returns. Hopefully it’s not on 
>> critically locate AP’s this time
>> 
>>  
>> 
>> At this stage likely we’ll be testing and migrating to 8.2.160 (from 
>> 8.2.151) in the next few weeks
>> 
>>  
>> 
>> Was keen to begin playing with 8.5 with IPSK finally released, but am 
>> disappointed with the requirement of ICE(we don’t use) or at least an 
>> external radius server providing a not so simple implementation we were 
>> hoping for. So that might be on the back burner L
>> 
>>  
>> 
>>  
>> 
>> --
>> 
>> Jason Cook
>> 
>> Technology Services
>> 
>> The University of Adelaide, AUSTRALIA 5005
>> 
>> Ph: +61 8 8313 4800
>> 
>>  
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
>> Sent: Tuesday, 1 August 2017 4:16 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Cisco Code Version
>> 
>>  
>> 
>> I had seen the comments made by the group during the summer related to bugs 
>> and the 2800 APs, so as a precautionary measure we did the upgrade.
>> 
>>  
>> 
>> Bruce Entwistle
>> 
>> Network Manager
>> 
>> University of Redlands
>> 
>>  
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
>> Sent: Monday, July 31, 2017 11:26 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Cisco Code Version
>> 
>>  
>> 
>> Bruce,
>> 
>>  
>> 
>> Was there anything that you were absolutely hitting, or are you doing the 
>> “just in case” thing here?
>> 
>>  
>> 
>> Lee Badman | Network Architect 
>> 
>> Certified Wireless Network Expert (#200)
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> 
>> t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>> 
>> SYRACUSE UNIVERSITY
>> syr.edu
>> 
>>  
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce
>> Sent: Monday, July 31, 2017 2:11 PM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] Cisco Code Version
>> 
>>  
>> 
>> We completed the upgrade from 8.2.151.0 to 8.2.160.0 this morning.  The 
>> primary reason for the upgrade was the identified bugs related to the 2800 
>> APs.
>> 
>>  
>> 
>> Bruce Entwistle
>> 
>> Network Manager
>> 
>> University of Redlands
>> 
>>  
>> 
>>  
>> 
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
>> Sent: Monday, July 31, 2017 10:57 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: [WIRELESS-LAN] Cisco Code Version
>> 
>>  
>> 
>> Hi.  For those with Cisco access points what code version are planning on 
>> running for start of fall semester?
>> 
>>  
>> 
>> At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet.
>> 
>>  
>> 
>> Thanks
>> 
>>  
>> 
>> -Jimmy
>> 
>>  
>> 
>> --
>> 
>> James Helzerman
>> Wireless Network Engineer
>> University of Michigan - ITS
>> 
>> Phone: 734-615-9541
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educa

Re: [WIRELESS-LAN] Cisco 3800 Series APs

2017-07-05 Thread Samuel Clements

As a quick point of reference, the next version of 8.2 code up from the one
you're running (8.2.151.0) implements TKIP on the AP3800s (all wave 2
platforms from Cisco) as well as resolves numerous outstanding issues. Full
release notes are over at:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82mr5.html
  -Sam

On Wed, Jul 5, 2017 at 5:56 PM, Tariq Adnan 
wrote:

> I have deployed few 3800s for testing before rolling them out throughout
> the campus.
>
>
>
> Only issue I saw was that they don’t support “tkip” so have to only enable
> “AES” as WPA2 encryption. I haven’t come across any further issues. I am
> running code 8.2.141.0 on WLCs.
>
>
>
> Cheers
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Bryan Ward
> *Sent:* Thursday, 6 July 2017 2:07 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Cisco 3800 Series APs
>
>
>
> Couldn’t find a recent discussion on the list archives, so I’ll ask my
> question.
>
>
>
> For those of you that have Cisco 3800 series APs in production, how have
> they been working for you recently?
>
> We currently purchase 3700 series APs as our standard for new installs and
> replacement of our 3500 series APs, but are now considering switching to
> the 3800 series.
>
> I heard there were a lot of issues with them at first, but was wondering
> if they’re still troublesome now that they’ve been out in the wild for some
> time.
>
> Also, does anyone currently have issues using Prime to manage them?
>
>
>
> Thanks all,
>
>
>
> --
>
> Bryan Ward
>
> Network Engineer
>
> Dartmouth College Network Services
>
> 603-646-2245 <(603)%20646-2245>
>
> bryan.w...@dartmouth.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss
> .
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] ArubaOS 8.X Experiences

2017-06-08 Thread Samuel Clements

To be fair, I was at the Airheads keynote, in the audience during the
update. It was not 'seamless' when client match moved my client - but it
was as seamless as client match can get. I noticed several roams as my
MacBook was getting shuffled around:
[image: Inline image 1]

While not inherently an issue, forced client roams can indeed cause packet
loss. There are supposedly mechanisms in place to prevent this happening on
voice calls, etc but I did not experience that particular feature first
hand. Also of note was that after my client was moved around, there were
periods of time where I experienced large gaps in connectivity resulting in
chunks of ping timeouts. This was discovered to be due to a bug where
clients were not moved 'back' to their AP and has been reportedly resolved.
Shameless self-plug - Blake Krone and I discuss our experiences over at the
No Strings Attached Show:
http://nostringsattachedshow.com/2017/04/26/e62-aruba-did-what/

-Sam

On Thu, Jun 8, 2017 at 4:05 PM, Jonathan Waldrep  wrote:

> My understanding was that it worked based on the MM's knowledge of which
> APs are neighbors, not based strictly on channels. This may have changed.
>
> For what it's worth, they did a live upgrade during the keynote at
> Airheads. From the client's view, it seemed seamless. It's worth noting
> that a large auditorium is an ideal location for this, due to a lot of
> overlapping coverage. If you have a one-off office with a single AP, there
> will be ~2 minute outage when the AP reboots.
>
> Disclaimer: I haven't gotten any road time with 8.x outside of a lab, yet.
>
> --
> Jonathan Waldrep
> Network Engineer
> Network Infrastructure and Services
> Virginia Tech
>
> On Thu, Jun 8, 2017 at 4:49 PM, Harris, Robert  > wrote:
>
>> What he said, basically it’s a “client aware” option for AP upgrades..
>>
>>
>>
>>
>>
>>
>> *Robert Harris **Manager of Network Services*
>>
>> *Culinary Institute of America*
>>
>> 1946 Campus Drive
>>
>> Hyde Park, NY
>> 845-451-1681 <(845)%20451-1681>
>>
>> www.ciachef.edu
>>
>> *Food is Life*
>>
>> *Create and Savor Yours.™*
>>
>>
>>
>> *Please consider the environment before printing this e-mail.*
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Samuel Clements
>> *Sent:* Thursday, June 8, 2017 4:46 PM
>> *To:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>; Harris, Robert <
>> robert.har...@culinary.edu>
>> *Subject:* Re: [WIRELESS-LAN] ArubaOS 8.X Experiences
>>
>>
>>
>> At AirHeads it was described this way:
>>
>>
>>
>> Code is loaded on one WLC, WLC is rebooted and running new code.
>>
>> Client match is used to encourage clients to leave APs on a selected
>> channel.
>>
>> All APs on that selected channel are elected for update and moved to the
>> WLC with the new code.
>>
>> Moved APs get new code, reboot, come back into service.
>>
>> APs running new code are eligible for taking on new clients and client
>> match should start moving clients to the new code APs.
>>
>> Lather, rinse, repeat until all channels have been rotated through.
>>
>> Once the WLC is unloaded, it gets new code and is rebooted.
>>
>>
>>
>> So, not really 'hitless' as advertised, but yes- far better than taking
>> them all out at once. Assuming of course that client match successfully
>> behaves. ;-)
>>
>>   -Sam
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Jun 8, 2017 at 3:38 PM, Joachim Tingvold 
>> wrote:
>>
>> On 8 Jun 2017, at 19:11, Sweetser, Frank E wrote:
>>
>> […] and from there I'm really looking forward to seeing how well the live
>> upgrades work!
>>
>>
>> Hi,
>>
>> Do you know how that works in detail? All I can find is the sales
>> mumbo-jumbo that over-promises (as usual); "[…] allows customers to upgrade
>> their wireless network in real time without any impact to user
>> connectivity. Upgrade process is simplified, no maintenance downtime […]".
>>
>> Looking at the installation manual of 8.1.0, it doesn't say how it's
>> done, but I managed to find a "dumbed down" non-official explanation that
>> went something along the lines of "[…] move all APs to secondary
>> controller, then upgrade the primary controller. After

Re: [WIRELESS-LAN] ArubaOS 8.X Experiences

2017-06-08 Thread Samuel Clements

At AirHeads it was described this way:

Code is loaded on one WLC, WLC is rebooted and running new code.
Client match is used to encourage clients to leave APs on a selected
channel.
All APs on that selected channel are elected for update and moved to the
WLC with the new code.
Moved APs get new code, reboot, come back into service.
APs running new code are eligible for taking on new clients and client
match should start moving clients to the new code APs.
Lather, rinse, repeat until all channels have been rotated through.
Once the WLC is unloaded, it gets new code and is rebooted.

So, not really 'hitless' as advertised, but yes- far better than taking
them all out at once. Assuming of course that client match successfully
behaves. ;-)
  -Sam

On Thu, Jun 8, 2017 at 3:38 PM, Joachim Tingvold 
wrote:

> On 8 Jun 2017, at 19:11, Sweetser, Frank E wrote:
>
>> […] and from there I'm really looking forward to seeing how well the live
>> upgrades work!
>>
>
> Hi,
>
> Do you know how that works in detail? All I can find is the sales
> mumbo-jumbo that over-promises (as usual); "[…] allows customers to upgrade
> their wireless network in real time without any impact to user
> connectivity. Upgrade process is simplified, no maintenance downtime […]".
>
> Looking at the installation manual of 8.1.0, it doesn't say how it's done,
> but I managed to find a "dumbed down" non-official explanation that went
> something along the lines of "[…] move all APs to secondary controller,
> then upgrade the primary controller. After primary is upgraded, APs are
> gradually upgraded/moved to the primary controller (i.e. not all at once).
> Once all APs is upgraded, the secondary controller is upgraded, and then
> the redundancy is restored".
>
> How are those APs selected? Just random order? If so, that doesn't really
> mean "no downtime" or "no impact on users", as you could risk neighboring
> APs to be upgraded at the same time, causing smaller or larger blindspots.
> Of course it sounds better than to "take it all down", but, yeah, not
> really ISSU…
>
> --
> Joachim
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] mDNS Containment with Meraki or WLC

2017-06-01 Thread Samuel Clements

Yeah, Cisco has a similar feature in ISE...

Funny how when all of your problems look like nails when all you wield is a
hammer, huh? Perhaps there is a more graceful non-Wi-Fi related way to
handle this. Have you explored VRFs (for true home segregation) along with
the Service Discovery Gateway built into the 'real Cisco' switches? Check
out:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dns/configuration/15-e/dns-15-e-book.pdf
for more info on the SDG. While it will invariably be more configuration
work, you'll end up with actual separation between your facilities and a
much better mDNS implementation (that works wired to wired even!) - which
is going to be important if you're supporting wired devices in home as well.
  -Sam

On Thu, Jun 1, 2017 at 6:41 AM, Osborne, Bruce W (Network Operations) <
bosbo...@liberty.edu> wrote:

> You asked about better ways of containing this. The Aruba AirGroup has
> provided this functionality for years on the Aruba wireless system.
> You will likely find it less expensive than the Cisco alternative too.
>
> Our users connect to our 802.1X secure SSID while the devices connect to
> our device SSID. You can restrict by username, AP, AP Group, firewall User
> Role, or any combination.
>
>
> Bruce Osborne
> Senior Network Engineer
> Network Operations - Wireless
>  (434) 592-4229
> LIBERTY UNIVERSITY
> Training Champions for Christ since 1971
>
> -Original Message-
> From: Christina Klam [mailto:ck...@ias.edu]
> Sent: Wednesday, May 31, 2017 9:36 AM
> Subject: mDNS Containment with Meraki or WLC
>
> All,
>
> We are building housing for our emeritus faculty members.  These will be
> private townhouses on our campus that will be networked by us. We are now
> discussing whether the switches and AP should be Cisco or Meraki (I realize
> Meraki is now Cisco).  The decision point lies in how the two product lines
> handle BonJour/mDNS.
>
> GOAL:   Residents in one townhouse can only connect to the mDNS devices
> located in their homes or devices associated with their userid.  Ideally,
> we want to broadcast the same SSIDs as on campus to reduce confusion.
>
> Proposed Way of Doing This:  One way we are thinking this can be done is
> to use the info already in our self-registeration portal.  In that
> database, we have user name and mac address; so we will know which devices
> belong to whom.  Using this information, we hope to limit mDNS access to
> devices within the private homes to just the devices registered to that
> home.
>
>
> Questions:  Are there better ways of accomplishing the goal? Can this be
> done by either product?  I will be testing mDNS Service Groups on our WLC
> running 8.2.121.0 this week.  Should we just create a SSID per home (thus
> containing the mDNS to each home.  Note:  This doesn't work on the WLCs as
> you are forced to use a single multicast VLAN used by ALL SSIDs) and
> broadcast a shared "guest" SSID among the townhouses so that people can
> visit each other?  How have you addressed this issue on your Residence
> Halls?
>
> Thank you,
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> 609-734-8154
> ck...@ias.edu
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] In room WIFI - second example

2017-02-22 Thread Samuel Clements

I'm personally a huge fan of 'you get what you pay for' but there have been
several new products 'on the low end' of the scale that could be
interesting to explore. While I'm reluctant to turn this into a sales
pitch, I know the 1815i was just announced at Cisco Live EU this week and
it's price point appears to be inline with the general tone of this
conversation. For those that don't need CleanAir, modularity, mgig,
extended operating ranges, dual uplinks, etc and 'just need some wifi' -
for a wave 2 AP with a built in WLC, it seems silly not to mention.
  -Sam

On Wed, Feb 22, 2017 at 8:25 AM, Michael Blaisdell 
wrote:

> This is a good example of what I was thinking.  When it comes to cost the
> Mikrotik boxes are less than the 1 year maintenance cost of the enterprise
> vendor.  So in theory I could replace the entire population of Mikrotiks
> every year and still not incur the initial $250k investment of the
> enterprise solution.
>
>
>
> In my past job, I spent almost 10 years working with literally thousands
> of MikroTik devices. My only concern with your plan to use the HAP AC Lite
> is that the 2.4ghz radio is dual chain, while the 5ghz is single chain. In
> a high density environment, that single chain may cause you issues
> depending on how much attenuation you get from walls on 5ghz.
>
> With the scripting available on the MikroTik devices, automating
> configuration is really easy, all it requires is a web server and a
> database. You have the MikroTik do a web call to the web server with its
> MAC address as a parameter, and you either return a config script that you
> customize based on the database, or return a set of variables from the
> database which the script parses and uses to configure itself. They have
> recently added TR-069 configuration as well.
>
> Also, with as flexible as the MikroTik devices are, you could actually
> broadcast a neutral SSID as well as a room specific SSID, having the
> neutral SSID go back to a core router, and having the MikroTik do a private
> network for the room specific SSID.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/discuss.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] SSID names

2017-02-21 Thread Samuel Clements

As the only ambassador for many of your users to provide any indication of
what they should click on, I'm a huge fan of being as descriptive as
possible with as few characters as possible. Having said that, I had a very
large distributed retail environment one time tell me they wanted to rename
their guest SSID to 'Free Public Wi-Fi'. For a great historical perspective
why that was a bad idea, check out:
https://www.techdirt.com/blog/wireless/articles/20101011/03194311357/the-history-of-the-fake-free-public-wifi-you-always-see-at-airports.shtml

  -Sam

On Tue, Feb 21, 2017 at 2:36 PM, Jim Stasik  wrote:

> Hello, I have been encouraged by one of our governance bodies to consider
> renaming our wireless SSIDs to better match the network names to the
> function of the networks behind them.  I don’t get it, but maybe I am a
> little too close to it.  We don’t have any residential on our campuses so
> have just two primary SSIDs in use on our campus (as well as eduRoam).  One
> is named Public and is our onboarding/guest network.  The other is our
> authenticated/secure network which we call MC3Waves and is for all
> students, staff, faculty and administrators, with 802.1x on the back end to
> steer the end user to the appropriate role.  We have had these network
> around for as long as I can remember (15 years maybe).  I am curious how
> others are naming and separating the SSIDs in their environment?
>
>
>
> Thanks in advance,
>
>
>
> Jim Stasik
>
> Director of Enterprise Infrastructure Services
>
> Montgomery County Community College
>
> jsta...@mc3.edu
>
> 215.641.6678 <(215)%20641-6678>
>
>
>
>
>
> --
>
> Montgomery County Community College is proud to be designated as an
> Achieving the Dream Leader College for its commitment to student access and
> success.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Wifi blocking paint?

2017-02-16 Thread Samuel Clements

Also of concern are the following two items:

1) Have you seen a microwave oven leak? Even the smallest unprotected space
in your barrier can 'leak' energy.
2) Be cautious about un-intentionally blocking cell phone service at the
same time. I think there is a grey area at least in the states about
impeding licensed frequencies without an FCC exemption.

Heck - you may want them to engage the FCC before you do anything and file
for an exemption now that I think on it.
  -Sam

On Thu, Feb 16, 2017 at 4:31 PM, Chuck Enfield  wrote:

> BTW, if the concern is preventing activities in the lab from fouling up
> the institution’s Wi-Fi outside, using AP models with external antennas and
> pads could be sufficient.  You should be able to get 30dB pads for $50-$100
> each.  If the room has bock walls that should be sufficient.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Chuck Enfield
> *Sent:* Thursday, February 16, 2017 4:52 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Wifi blocking paint?
>
>
>
> If the lab needs to be completely isolated you’re going to want to hire a
> consultant to design a shielding system.  If you just need enough
> attenuation to mitigate significant interference, I’ve heard good things
> about the yshield paint.  You can add about 30-40dB of loss to a wall.  If
> you can keep your radios 40-50 feet apart, this should isolate them from
> each other enough that they disappear into the noise floor.
>
>
>
> Keep in mind that it has to be grounded for maximum effect, and if I’m
> skeptical about the efficacy of the paint it’s mostly to do with this.
> Good bonding and grounding is hard, and carbon paint doesn’t strike me as a
> great medium for reliable bonding.  That said, at Wi-Fi wavelengths ground
> quality shouldn’t be too much of a factor in attenuation as long as you
> keep antenna elements far enough from the walls to avoid near field
> effects.  But if the grounding isn’t effective you could end up with
> excessive internal reflection in the lab.  No problem if there’s a normal
> amount of absorptive material in the room, but could be a problem otherwise.
>
>
>
> Just my two cents.
>
>
>
> Chuck
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Sweetser, Frank E
> *Sent:* Thursday, February 16, 2017 3:27 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Wifi blocking paint?
>
>
>
>
>
> Hi all,
>
>
>
> we just got word that a professor here wants to start running a
> certificate program around a wireless lab setup.  To mitigate any potential
> problems from this, we'd like to try to isolate the lab wireless to the one
> room as much possible.  Does anyone have any recommendations for wifi
> blocking paint, or other building material choices and techniques?
>
>
>
> thanks!
>
>
>
> Frank Sweetser
> Director of Network Operations
> Worcester Polytechnic Institute
> "For every problem, there is a solution that is simple, elegant, and
> wrong." - HL Mencken
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Cloud managed infrastructure

2017-01-13 Thread Samuel Clements

Disclaimer, I work for a VAR.

Having said that, my personal opinion is that there is always a specific
time and a place for your control plane and that's really the
consideration. In situations where you have sites that would require low
compute (typically smaller sites) that would be appropriate for Aruba
Instant for example, those would be ripe for considering moving control
plane to the cloud. Of course the big name in that space is Meraki and they
have an awesome page over at http://meraki.com/trust - but there is a ton
of space to consider private cloud options (in Azure/AWS for instance) with
'real Cisco', Aruba, Ruckus, etc - all having virtual WLCs that can play in
those spaces. If your goal is to remove on-premises gear, in those
situations where the architecture makes sense, there are tons of not only
public cloud offerings (that come with their own OpEx considerations) as
well as private cloud options that generally fit in your already preferred
vendor-of-choice. This makes things like code-qualification, support,
purchase discounts, hardware investment all become less of a challenge when
you abstract out the architecture from your existing platforms today. Said
differently, if vendor-lock in is important for your consideration, many of
your existing APs today can be moved to the Cloud - which is of course just
a fancy word for someone else's computer. :)

It's still a touch on the nascent side in my opinion, but it's one that,
for smaller sites, makes sense in a lot of environments.
  -Sam

On Fri, Jan 13, 2017 at 10:57 AM, Dexter Caldwell <
dexter.caldw...@furman.edu> wrote:

> Hi Everyone,
>
> I’d be interested in hearing your thoughts, concerns about
> cloud-managed AP’s, or other infrastructure devices.  Specifically do you
> have security concern?  Have any of you implemented any such solutions and
> which management model do you prefer.
>
>
>
>
>
> Dexter Caldwell
>
> Dir. Systems & Networks
>
> Furman University
>
> dexter.caldw...@furman.edu
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> discuss.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Prime 3.1.4 - 2800/3800 - Maps - b/g clients always show zero

2016-12-22 Thread Samuel Clements

There is a pretty good guide at:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-1/1850_DG/b_Cisco_Aironet_Series_1850_Access_Point_Deployment_Guide.html

Can you confirm your uplinks look like the ones in the example there?
  -Sam

On Thu, Dec 22, 2016 at 2:03 PM, Schwartz, Roger J 
wrote:

> I have a configuration question regarding the 3800 AP series. I am wanting
> to use both Ethernet connections on the AP, when I put both switch ports in
> a port channel, have the port active, the ap leaves the controller. If I
> shut switch port for the APs eth1, the ap joins the controller. We are
> using Cisco C2960x running 15.0(2a)EX5. Any thoughts suggestions on the
> switch config to utilize the ap’s eth1.
>
>
>
> Thanks
>
> Roger
>
>
>
> University of Tennessee Health Science Center
>
>
>
>
>
> *From: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU> on behalf of "Jeffrey D. Sessler" 
> *Reply-To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU>
> *Date: *Wednesday, December 21, 2016 at 6:07 PM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Prime 3.1.4 - 2800/3800 - Maps - b/g clients
> always show zero
>
>
>
> Would someone do a sanity check for me.
>
>
>
> Prime 3.1.4 (with or without device pack 6) with 2800/3800-series WAPs.
>
>
>
> When drilling down into a building, the b/g/n clients are properly
> reported at the building view level. If one drills down to the floor view,
> all 2.4Ghz (XOR) radios show zero (0) clients. I’m sure it’s was like this
> in 3.0 and 3.1 too.
>
>
>
> I’ve opened a TAC case, and I’ve been told I’m first to report it (no bug
> open). If you happen to have Prime and the new 2800/3800’s I’d appreciate a
> double-check. Hopefully it’s not unique to me.
>
>
>
> Best,
>
> jeff
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] High-Density Lecture Halls

2016-11-22 Thread Samuel Clements

For what it's worth, I echo many of the sentiments previously stated. In my
book, your Wi-Fi design should encompass all things Wi-Fi including
capacity, RF aspects, placement/mounting, and capacity planning. If the
manufacturer, capabilities, architecture, and density questions are being
asked *after* your site survey, what assumptions did the designer make?
Wi-Fi design and site surveys are not disconnected functions - they are
tightly integrated and highly dependent functions of a network
implementation and no two vendors infrastructure gear are 100%
interchangeable. In short, all of the things you're asking about should
have been described to you as assumptions for your design or they should
have been asked by the designer doing the site survey prior to them
starting.

Design what you install, install what you design.
  -Sam

On Tue, Nov 22, 2016 at 1:02 PM, Hunter Fuller  wrote:

> Echoing Lee - Your co channel issues are not surprising. Our 300 seat
> lecture hall sees 500 clients during a typical class. We have two 2GHz
> radios and four 5GHz radios active in this environment. Can you turn off /
> remove some radios?
>
> On Tue, Nov 22, 2016 at 09:35 Zoltan Toth  wrote:
>
>> Hello,
>>
>> Thanks for your response.
>>
>>
>> We are currently running our Wi-Fi environment on HP 860 Wi-Fi Controller
>> configured for high availability failover, with approx. 92 access points of
>> the model HP 460 and 466 and 560 spread across the campus. The campus is
>> separated into 3 floors with 3 high density areas namely lecture hall 1
>> with a seating capacity of 250 with about 400 connections (10 model 560
>> APs) and lecture hall 2 with a seating capacity of 197 (6 model 560 APs)
>> and a general hall with seating capacity for 200 (4 model 466APs). We have
>> a 10 GB backbone an all switches and a 500MB internet connection. We are
>> running PRTG to monitor the bandwidth consumption at the backbone and
>> internet level and do not see any bottlenecks.
>>
>>
>> We have conducted a Wi-Fi survey and have their report which mentioned
>> co-channel interference in the 2.4Ghz band. According to the survey the
>> Wi-Fi signal coverage seems to be present in most of the campus areas.
>>
>> In order to minimize the co-channel interference, we have implemented the
>> following:
>>
>> 1- Removed 40 Mhz and 80 MHz bandwidth modes and set everything to 20 Mhz.
>> 2- Removed G on all our access points.
>> 3- Implemented band steering.
>> 4- We are now in the process of manually adjusting the 2.4 Ghz channels
>> on each AP so the neighboring APs do not have the same channel. In some
>> cases, we turn off the 2.4 Ghz completely.
>>
>>
>> Would you please comment on the following?
>>
>> 1- With the current hardware that we have is it advisable to proceed on
>> this route and configure the 2.4 Ghz manually?
>> 2- Should we completely disable 2.4 Ghz support? Is it a norm for high
>> density areas?
>> 3- Should we look to change hardware/ or vendor in order to have a
>> seamless environment. Should we just limit the change to the high density
>> areas or should we just change it overall.
>> 4- Is a single channel solution for the lecture halls advisable? Have you
>> experience a mix of single/multi-channel environment? How do they perform?
>>
>> Zoltan
>> __
>> Zoltan Toth - Manager, IT Infrastructure
>> Canadian Memorial Chiropractic College
>>
>>
>>
>>
>>
>>
>> On 2016-11-18, 11:11 AM, "The EDUCAUSE Wireless Issues Constituent Group
>> Listserv on behalf of Lee H Badman" > on behalf of lhbad...@syr.edu> wrote:
>>
>> >Hi Zoltan,
>> >
>> >I'm assuming you're asking about wireless infrastructure and not client
>> devices? If so, I would say it's more about proper design than any
>> different technology.
>> >
>> >Also assuming that the lecture halls are in the mix with adjacent areas
>> that also part of the overall WLAN environment, you're generally limited to
>> what your current vendor (and code) support as opposed to trying to run
>> islands of different technology from Vendor B in the middle of Vendor A
>> WLAN.
>> >
>> >Which brings us back to design. In a perfect world, you'd have some
>> sense of what type of client devices are likely to be in those rooms, how
>> many active at a time, and what they might be doing. For modern APs, you
>> might service 200-300 "people" with 2-3 APs with captive antennas spaced
>> and oriented properly (depending on room layout), or you may need double
>> that with extremely low power and directional antennas.
>> >
>> >So... the answer is "it depends", as with all things wireless.
>> >
>> >Regards-
>> >
>> >Lee
>> >
>> >Lee Badman | CWNE #200 | Network Architect
>> >
>> >Information Technology Services
>> >206 Machinery Hall
>> >120 Smith Drive
>> >Syracuse, New York 13244
>> >t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w its.syr.edu
>> >SYRACUSE UNIVERSITY
>> >syr.edu
>> >
>> >
>> >-Original Message-
>> >From: The EDUCAUSE Wireless Iss

Re: [WIRELESS-LAN] Recommended USB client adapter for Windows 8/10

2016-09-22 Thread Samuel Clements

For your rolling cart needs, a Cisco AP in WGB mode is an outstanding
wireless client. This is very common especially in healthcare environments
and manufacturing and goes a very long way to having a superb wireless
experience on these devices.
  -Sam

On Thu, Sep 22, 2016 at 3:54 PM, Jason Watts  wrote:

> Hi All,
>
> I’m reaching out to see if anyone in the group has specific
> recommendations for good performing USB adapters for Windows 8/10.
> Preferably I’d like a chipset/driver combo that is known to perform well
> with Cisco hardware and WPA2/802.1x/PEAP connections.
>
> I am trying to eliminate built-in hardware as a cause of some client
> issues and having another device behave similarly or not could help narrow
> the problem to the OS or network.
> A plug-n-play model that requires no driver downloads is a plus.
>
> I’m also just looking for a good Windows compatible client that can accept
> external antennas because we also have a rolling cart need.
>
> Any recommendations on/off list are greatly appreciated.
>
> *Jason Watts* | Senior Network Administrator
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Camouflaging AP's

2016-09-07 Thread Samuel Clements

Using external antenna model of APs and painting the antennas in approved
fashions is usually workable as well. You pay more, but don't we all pay
extra to mitigate aesthetics concerns? :)
  -Sam

On Wed, Sep 7, 2016 at 10:59 AM, Bob Brown  wrote:

> I feel like I’ve seen a collection of clever/crazy camouflages on Reddit
> or a site like that, but not able to put my finger on it right now
>
>
>
>
>
>
>
> *Bob Brown*
>
> Online Executive Editor, News
>
> T: 508.766.5418
>
> LinkedIn  | Twitter:
> @alphadoggs  | Facebook profile
>  |  Instagram
> 
>
>
>
> *NETWORK* *WORLD*
>
> 492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002
>
> NetworkWorld.com  |  idgenterprise.com media
> kit | Conferences & Events 
>
>
>
>
>
>
>
> *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Brian Williams <
> bwilli...@gsu.edu>
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Wednesday, September 7, 2016 at 11:58 AM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU"  EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] Camouflaging AP's
>
>
>
> We ran into the same issue when our new law school building was built.
> They paid a lot of money for ornate ceilings in the moot courtrooms and
> thought the exposed access points were an eye sore.  Aruba sells covers for
> the AP200 series that are designed to be painted (obviously you should
> avoid lead based or metallic based paints).  We only had to use them in a
> few areas but it made the customer happy.
>
>
>
> http://community.arubanetworks.com/t5/Wireless-
> Access/AP-215-CVR-20-picture/td-p/222463
>
>
>
>
> Brian D Williams
> Georgia State University  | II&T - Network Engineering   |
> bwilli...@gsu.edu | innovation.gsu.edu
>
>
> --
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Brian Helman <
> bhel...@salemstate.edu>
> *Sent:* Wednesday, September 7, 2016 11:47 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Camouflaging AP's
>
>
>
> Aside from enclosures, how are people hiding their AP’s in areas where
> aesthetics are very important?   As we bring up new buildings or renovate
> old ones, the typical response from architects to hanging an AP in plain
> sight is .. you want hang that *where*!?
>
>
>
> My current situation is a renovated theatre.  The ceilings will be greyed
> out, so placing a glossy white Aruba AP on there could be an issue.  The
> ceiling is high (accessible via catwalk), so I’m not ruling out something
> as low-rent as black gaffer’s tape, or possibly grey contact paper, but I
> thought I’d throw the question out to the group as I may have units on
> side-walls that I’ll need to somehow mask.
>
>
>
> BTW, loving the tongue-and-cheek answers to recent posts.  It would appear
> we are all a bit punchy at the start of the new academic year!
>
>
>
> -Brian
>
>
>
> 
> *Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(: *978.542.7272
> <978.542.7272>*
>
> *Salem State University, 352 Lafayette St., Salem Massachusetts 01970*
>
> *GPS: 42.502129, -70.894779*
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/
> .
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Disabling LEDs on APs

2016-09-07 Thread Samuel Clements

Dimming the LEDs is an excellent suggestion. I know that you can select
'dim' mode on autonomous code so the feature/hardware is there, but it
seems like for whatever reason it hasn't made it into the controller code.
  -Sam

On Wed, Sep 7, 2016 at 2:37 AM, Jeffrey D. Sessler 
wrote:

> I have an enhancement request in with Cisco to provide the option to dim
> the LED’s vs turn them off. If I could run them at 10-20% of brightness, I
> think people would be ok with them staying on.
>
>
>
> Jeff
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
> *Sent:* Tuesday, September 06, 2016 6:57 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Disabling LEDs on APs
>
>
>
> First-world problems… Curious if others have gone down this road in
> Residence Halls. We’re not really being asked to, but are considering
> wholesale disabling LEDs on our Cisco APs in the dorms as a quality of life
> step. Has this caused anyone any pain when it comes to not being able to
> see the colors on the AP as status indication? Have you actually had
> requests to disable the LEDs? Overall experience with accommodating or
> denying the request?
>
>
>
> Thanks-
>
>
>
> Lee Badman
>
>
>
>
>
> *Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

2016-09-06 Thread Samuel Clements

That's insightful.

"To find out the actual scaling limits of the controllers, contact your
Cisco account team."

So, out of curiosity, have you contacted your Cisco account team? ;-)
  -Sam


On Tue, Sep 6, 2016 at 3:11 PM, Lee H Badman  wrote:

> Hi Sam,
>
>
>
> We are asking for specific bugs. And for what “load” amounts to in AVC
> parlance, and where to monitor that. Client counts? Throughput? Flows?
> CPU/Memory? Buffer counters somewhere?
>
>
>
> We are supposedly bumping into https://bst.cloudapps.cisco.
> com/bugsearch/bug/CSCuz10099/?reffering_site=dumpcr (workaround- just
> don’t use AVC!) and another that pointed to SSL user traffic being
> delayed/dropped.
>
>
>
> -Lee
>
>
>
>
>
> *Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Samuel Clements
> *Sent:* Tuesday, September 06, 2016 4:04 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code
>
>
>
> >TAC has mentioned 8.3.102 as having AVC fixes, but I don’t see anything
> after looking at release notes.
>
>
>
> CSCuz60441 shows up in the bug toolkit as being resolved in 8.3 CCO. Aside
> from that, there doesn't appear to be much on the AVC front resolved in
> this release. Have you asked the TAC engineer for specific bugs that they
> believe you're bumping up against? That should be a fair ask from any
> customer to their manufacturer...
>
>   -Sam
>
>
>
> On Tue, Sep 6, 2016 at 2:31 PM, Lee H Badman  wrote:
>
> Sigh… we continue to have WLC performance issues seemingly related to AVC,
> even after upgrading to 8.2.121. TAC has mentioned 8.3.102 as having AVC
> fixes, but I don’t see anything after looking at release notes. Anyone
> using 8.3.102. or heard any rumblings that are of concern?
>
>
>
>
>
>
>
> *Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)
>
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu
>
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco 8540s, and 8.3.102 Code

2016-09-06 Thread Samuel Clements

>TAC has mentioned 8.3.102 as having AVC fixes, but I don’t see anything
after looking at release notes.

CSCuz60441 shows up in the bug toolkit as being resolved in 8.3 CCO. Aside
from that, there doesn't appear to be much on the AVC front resolved in
this release. Have you asked the TAC engineer for specific bugs that they
believe you're bumping up against? That should be a fair ask from any
customer to their manufacturer...
  -Sam

On Tue, Sep 6, 2016 at 2:31 PM, Lee H Badman  wrote:

> Sigh… we continue to have WLC performance issues seemingly related to AVC,
> even after upgrading to 8.2.121. TAC has mentioned 8.3.102 as having AVC
> fixes, but I don’t see anything after looking at release notes. Anyone
> using 8.3.102. or heard any rumblings that are of concern?
>
>
>
> *Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
> *t* 315.443.3003  * f* 315.443.4325   *e* *lhbad...@syr.edu*
>  *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY *syr.edu
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco Autonomous APs

2016-08-25 Thread Samuel Clements

You are correct, the same autonomous image used for site survey is a fully
blown autonomous implementation for standalone mode, point to point, point
to multipoint, repeater, or spectrum mode. Not *just* site survey.
  -Sam

On Thu, Aug 25, 2016 at 5:15 PM, Hector J Rios  wrote:

> There was a time when certain lightweight APs could be converted to
> autonomous mode, but would be limited to survey mode. I see the latest IOS
> release is 15.3(3)JD. I would like to convert a Cisco 3500 series AP to
> autonomous. Do you know if this software release provides for a full-blown
> autonomous AP operation? Nothing in the release notes indicates that this
> is limited to survey only.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Windows loosing gateway connection on 5520 with 3800's

2016-08-25 Thread Samuel Clements

If you're using:
802.1x AES WPA2 authentication

Do you have a key caching mechanism enabled (such as CCKM or FT)?
  -Sam

On Thu, Aug 25, 2016 at 3:45 PM, Legge, Jeffry  wrote:

>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey D. Sessler
> *Sent:* Thursday, August 25, 2016 2:53 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Windows loosing gateway connection on 5520
> with 3800's
>
>
>
> Do you have other WAPs to test against i.e. is it specific to the 3802’s
> or does it happen on older models too? Seems to be 3802’s on new 5520
> only.
>
> Is this happening when the Win 10 machine roams to another WAP, or does it
> happen when stationary and anchored to one WAP? Not sure but I think it
> is both cases.
>
> Is this an open WLAN or is authentication involved? 802.1x AES WPA2
> authentication
>
> Are the Win 10 clients all the same e.g. Dell with Intel card, or a random
> mix? I do not have enough cases to know. I have seen two that ar Lenevo
> with Windows 10. I sometimes get it with my Lenevo Yoga on Windows 8.1.
>
> Are all Win 10 clients seeing this? If not, Is MAC address randomization
> enabled on the ones that are? Are they running the new Win 10 anniversary
> edition? Don’t know how do I tell.
>
>
>
> Does it only happen only after Anyconnect is used i.e. if you don’t
> startup/connect, does the problem manifest itself? Are you using the latest
> Anyconnect 4.x client? I think it may only occur when anyconnect is
> connected. We are using version 4.2.04039.
>
>
>
> Getting debugs is probably the best.  I’ll get next debugs next time I
> see and active problem or one that is repeatable.
>
>
>
> Jeff
>
>
>
>
>
>
>
> *From: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU> on behalf of "Legge, Jeffry" 
> *Reply-To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Date: *Thursday, August 25, 2016 at 7:12 AM
> *To: *"wireless-lan@listserv.educause.edu"  EDUCAUSE.EDU>
> *Subject: *[WIRELESS-LAN] Windows loosing gateway connection on 5520 with
> 3800's
>
>
>
> I am seeing Windows 10 clients lose their connection to gateway. I have a
> new 5520 controller with 3802’s. The cisco Anyconnect gets error message
> saying it cannot reach policy manager. I ping the gateway and DNS server
> but do not get a response. Is anyone experiencing this problem?
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Windows loosing gateway connection on 5520 with 3800's

2016-08-25 Thread Samuel Clements

Checking to see if you can ping the VIP of the WLC will let you know if's
an RF issue (likely) or something between the AP and the WLC (unlikely). If
it's an 'in air' issue, it could be anything from changing channels,
interference, radio resets, or just plain old Windows being dumb about life
(and anything in between). In short, make sure you're not incurring an
excessive number of channel changes (check Prime for that) and then we'll
likely need additional info.
  -Sam

On Thu, Aug 25, 2016 at 11:11 AM, Legge, Jeffry  wrote:

> Have not been able to get debugs cause I was made aware of the problem
> after the fact. I am on version 8.2.121.0.  It seems to be on Windows 10
> boxes mostly but I have seen it on Windows 8.1. It’s not real often now but
> students to arrive until tomorrow.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Samuel Clements
> *Sent:* Thursday, August 25, 2016 10:16 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Windows loosing gateway connection on 5520
> with 3800's
>
>
>
> What version of code are you using? Can you ping the virtual IP of the WLC
> (192.0.2.1, or whatever it's set to)? How reproducible/common is it? Can
> you get a client debug off of the WLC at the time of failure?
>
>   -Sam
>
>
>
> On Thu, Aug 25, 2016 at 9:12 AM, Legge, Jeffry 
> wrote:
>
> I am seeing Windows 10 clients lose their connection to gateway. I have a
> new 5520 controller with 3802’s. The cisco Anyconnect gets error message
> saying it cannot reach policy manager. I ping the gateway and DNS server
> but do not get a response. Is anyone experiencing this problem?
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Windows loosing gateway connection on 5520 with 3800's

2016-08-25 Thread Samuel Clements

What version of code are you using? Can you ping the virtual IP of the WLC
(192.0.2.1, or whatever it's set to)? How reproducible/common is it? Can
you get a client debug off of the WLC at the time of failure?
  -Sam

On Thu, Aug 25, 2016 at 9:12 AM, Legge, Jeffry  wrote:

> I am seeing Windows 10 clients lose their connection to gateway. I have a
> new 5520 controller with 3802’s. The cisco Anyconnect gets error message
> saying it cannot reach policy manager. I ping the gateway and DNS server
> but do not get a response. Is anyone experiencing this problem?
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco interface groups

2016-08-25 Thread Samuel Clements

Interface groups are one of those very unassuming features that 'just
works'. The WLC treats all interfaces (regular interfaces or groups) the
same and all you need to modify on your aaa return attribute is the name of
the group instead of the name of the VLAN. In fact, if you're currently
returning an interface name 'student' (for example), you could actually
delete that interface on your WLC, rebuild it with something more
appropriate (VLAN42 or whatnot), and build out several new interfaces
(VLAN43, 44, 45, etc) then remake your previously named 'student' interface
as the interface group name. It's quite flexible but I absolutely echo the
sentiments that it's easier to add a group than it is to delete. Not
super-cumbersome, but certainly something to keep in mind.

Go Blue!
  -Sam

On Thu, Aug 25, 2016 at 5:50 AM, James Helzerman  wrote:

> Hi.  For those using interface groups on Cisco WLC, could you share any
> experiences good or bad that you have had?  We are exploring the use of aaa
> override and return the interface group name rather than vlan.
>
> Thanks
>
> Jimmy
>
> James Helzerman
> Wireless Network Engineer
> University of Michigan
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLC code for Cisco 3802i

2016-08-22 Thread Samuel Clements

8.2.121.0 includes a small number of bug fixes that aren't in 8.3. You're
better off there unless you need a feature of 8.3.
  -Sam

On Mon, Aug 22, 2016 at 12:27 PM, Christina Klam  wrote:

> All,
>
> We have to upgrade the code on our 5508 to accommodate the 3802i that we
> just got in.  What are people's experiences with either 8.2.121.0 or
> 8.3.102.0?
>
> Thank you,
> --
> Christina Klam
> Network Engineer
> Institute for Advanced Study
> Email:  ck...@ias.edu
>
> Einstein Drive  Telephone: 609-734-8154
> Princeton, NJ 08540 Fax:  609-951-4418
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Non penetrating roof mounted WiFi antenna

2016-08-09 Thread Samuel Clements

And of course you'll want to make sure you can support the weight of the AP
along with it. Those outdoor units can be hefty. That is unless you're
using extension cables to hang the AP inside with the antenna outside. In
which case, proper sealing of all of your connectors, lightning arresting,
power protection, etc are all good 'non mount' gotchas you're going to want
to consider.
  -Sam

On Mon, Aug 8, 2016 at 7:06 PM, DAVID BEYERLE  wrote:

> Ken,
>
> First calculate the wind pressure from the antenna using something like
> http://www.wikihow.com/Calculate-Wind-Load.  A wind load of ~25 lb for
> that antenna should be *very* conservative.  Then sum the reactions
> (torques) at the base of the roof mount...the antenna imparts an
> overturning moment of ~250 ft-lb at the mast base, and so you ballast the
> mount to compensate for this.  The base of the frame is ~3' square, so the
> center of mass of cinder blocks which you'll use for ballast will be ~1.3'
> from the base of the mast, suggesting 180 lb of ballast should be enough.
> Many installations use considerably less ballast and get away with it.  I
> happen to not like my masts to move (much).
>
> The "gotcha" you should be aware of this that your roof must be able to
> support a ~200 lb load over an area of ~6 sq ft.  Of course, if it supports
> you, it likely will support the loading of this assemblage as well.
>
> Best,
> Dave
>
> David Beyerle, P.E.
> Communications Engineer, IEEE WCP
> Penn State University
> 117 University Support Bldg 2
> University Park PA  16802
> da...@psu.edu
> 814 863-9432 
>
> --
> *From: *"Mattson, III, Ken V" 
> *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Sent: *Monday, August 8, 2016 6:30:21 PM
> *Subject: *[WIRELESS-LAN] Non penetrating roof mounted WiFi antenna
>
> Has anyone roof mounted an AIR-ANT2588P3M-N antenna? Do you have pictures
> of the installation that you could share?  How high did you mount it? How
> much weight did you put on the base? We plan on putting it as high at 8-10
> ft. on something like this:
>
> http://www.cableandwireshop.com/non-penetrating-roof-
> mount-with-166-x-120-mast.html
>
>
>
> Any gotchas we should be aware of?
>
>
>
> Thanks for any assistance,
>
>
>
> Kenneth V. Mattson III
> Director - Network and Data
> DoIT
> Creighton University
> 402-280-2743
> 402-981-1140
>
> A password is like a toothbrush:
> Choose a good one, change it regularly and don't share it.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] 802.11b data rates disabled?

2016-06-23 Thread Samuel Clements

Timely blog post on this subject over at:
https://robrobstation.com/2016/06/22/setting-minimum-data-rates-read-this-first/
  -Sam

On Wed, Jun 22, 2016 at 11:49 PM, Trenton Hurt  wrote:

> It's 2.4 b/g/n for actually network connectivity but it doesn't require
> the legacy data rates to connect.   This is the wifi chipset in it
>
>
> http://pdf.datasheetarchive.com/indexerfiles/Datasheets-EC3/DSAQ00337826.pdf
>
>
>
> The thing to watch out for on the wii u is that the console and controller
> use miracast on a random 5GHz channel.   It does display mirroring of the
> game to the controller and causes very high channel utilization on that
> channel will console is in use.  Upwards of 60%
>
>
> On Wednesday, June 22, 2016, Adam Forsyth  wrote:
>
>> Wii is the most mentioned issue that people are mentioning that they
>> encountered with turning off B rates (and that's the one I've feared and
>> has made me hesitant to do this on our network).  Using a wired port
>> instead is sometimes mentioned as a work around but that doesn't work for
>> us in two of our residence halls that are wireless only and don't have
>> wired ports.  For those that have wireless only residence halls and have
>> disabled B rates, do you just say Wii's are not supported and there is no
>> work around?
>>
>> Also, I don't think they have sold many of them, but does any one know if
>> the Wii U solved this problem of B rates being required or if it has the
>> same problem?
>>
>> On Tue, Jun 21, 2016 at 9:17 AM, Kanan E Simpson 
>> wrote:
>>
>>> Yes, I know. We still had some students using the Wii to stream Netflix.
>>> Maybe this fall, they will have new updated devices. :)
>>>
>>>
>>> Kanan Simpson, CWNA, JNCIA
>>> Network Services Specialist
>>> Information Technology Division
>>> Valdosta State University
>>>
>>>
>>> -Original Message-
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
>>> (Network Services)
>>> Sent: Tuesday, June 21, 2016 8:03 AM
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] 802.11b data rates disabled?
>>>
>>> Really?
>>>
>>> Nintendo dropped Wii & DS support & closed the online store in 2014.
>>>
>>> 
>>>
>>> Bruce Osborne
>>> Wireless Engineer
>>> IT Network Services - Wireless
>>>
>>> (434) 592-4229
>>>
>>> LIBERTY UNIVERSITY
>>> Training Champions for Christ since 1971
>>>
>>>
>>> -Original Message-
>>> From: Kanan E Simpson [mailto:kesim...@valdosta.edu]
>>> Sent: Monday, June 20, 2016 12:03 PM
>>> Subject: Re: 802.11b data rates disabled?
>>>
>>> We disabled the 11b rates last summer. For the most part, we didn't have
>>> too many complaints. The complaints that we received was from the students
>>> that own the legacy Wii. All though the devices support 11g, it must see
>>> the SSID broadcasted at a 11b (1mbps) rate in order to connect.  This was
>>> the only complaint. We no longer support the original Wii.
>>>
>>> We also have institutional devices at that are older and only support
>>> 11b. For these devices, we simply left the 11b rates on for the APs in the
>>> area they connect. Thankfully, it's only one building.
>>>
>>>
>>> Thanks,
>>>
>>> Kanan Simpson, CWNA, JNCIA
>>> Network Services Specialist
>>> Information Technology Division
>>> Valdosta State University
>>>
>>> -Original Message-
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
>>> Sent: Monday, June 20, 2016 11:50 AM
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: [WIRELESS-LAN] 802.11b data rates disabled?
>>>
>>> Do you have all of the 802.11b data rates disabled?  If so, how long
>>> have they been disabled?  Did you have many complaints when you disabled
>>> them?  Were there any particular devices that could not connect as a result?
>>>
>>> I'm hoping this information will help us move towards disabling these
>>> old rates.
>>> Thank you for your feedback.
>>>
>>> --
>>> Todd M. Hall
>>> Sr. Network Analyst
>>> Information Technology Services
>>> Mississippi State University
>>> t...@msstate.edu
>>> 662-325-9311 (phone)
>>>
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>>>
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>>>
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>>>
>>>
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>>>
>>>
>>
>>
>> --
>> *Adam Forsyth*
>> Director of Network and Systems
>> Luther College In

Re: [WIRELESS-LAN] 802.11b data rates disabled?

2016-06-20 Thread Samuel Clements

I think we've arrived at a point where most 802.11b devices are flat out
deprecated. I also believe that you're going to run into far more 802.11g
devices that don't like 1 & 2 being disabled (most notably the Nintendo
Wii) than you are people that actually expect an 802.11b device to still
function. Between that, and the significant positive impact to CU that
you'll undoubtedly get, it's a very timely conversation to be having.
Unfortunately, you can't rely on your NMS platforms reporting of 802.11b
devices since many .11g clients will stick further out than what's
reasonable using CCK modulation (and showing .11b clients). In all
instances in recent memory (say, 2 years), I've had the number of
complaints by disabling .11b data rates be so low as to be background
noise. Couple the ethernet adapter for the Wii into the equation, and the
problems are practically nonexistent except in the most corner of cases.
  -Sam

On Mon, Jun 20, 2016 at 10:49 AM, Todd M. Hall  wrote:

> Do you have all of the 802.11b data rates disabled?  If so, how long have
> they been disabled?  Did you have many complaints when you disabled them?
> Were there any particular devices that could not connect as a result?
>
> I'm hoping this information will help us move towards disabling these old
> rates. Thank you for your feedback.
>
> --
> Todd M. Hall
> Sr. Network Analyst
> Information Technology Services
> Mississippi State University
> t...@msstate.edu
> 662-325-9311 (phone)
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wi-Fiber experince

2016-06-16 Thread Samuel Clements

802.11bh ?

This email sent from a mobile computing device. Please excuse typos and brevity.

> On Jun 16, 2016, at 8:25 PM, Jeremy Gibbs  wrote:
> 
> Yup, googled it and came up with Wisconsin Sheep and Wool Festival.  I don't 
> think that's right.. 
> 
> 
> --
> 
> Jeremy L. Gibbs
> Sr. Network Engineer
> Utica College IITS
> 
> T: (315) 223-2383
> F: (315) 792-3814
> E: jlgi...@utica.edu
> http://www.utica.edu
> 
>> On Thu, Jun 16, 2016 at 6:36 PM, Jason Watts  wrote:
>> That doesn't appear to be a real website
>> 
>>> On 6/16/2016 4:19 PM, Davidoff, Michel wrote:
>>> I would like to know if you have heard or if you are using products from 
>>> wi-fiber.com for inside or outside deployment.
>>> 
>>>  
>>> 
>>>  
>>> 
>>>  
>>> 
>>> Michel Davidoff
>>> 
>>> Director CyberInfrastructure
>>> 
>>> California State University, Chancellor's Office
>>> 
>>> Tel  562 951 8419
>>> 
>>> Cell 707 481 1084
>>> 
>>>  
>>> 
>>> We all work better when we work together!
>>> 
>>>  
>>> 
>>>  
>>> 
>>> ** Participation and subscription information for this EDUCAUSE 
>>> Constituent Group discussion list can be found at 
>>> http://www.educause.edu/groups/.
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found at 
>> http://www.educause.edu/groups/.
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC code recommendations

2016-06-02 Thread Samuel Clements

You should consider the 8.1 train dead (or rapidly dying). It was always
meant to be a short lived train. You would want to focus on the latest 8.0
build if you're primary focus is a long lived and if you are unable to
stomach the rapid code churn of the bleeding edge - and of course have no
new hardware or software feature requirements.
  -Sam

On Thu, Jun 2, 2016 at 10:26 AM, Entwistle, Bruce <
bruce_entwis...@redlands.edu> wrote:

> With the school year ending we are looking to begin summer upgrade
> projects.   One of those projects is the upgrade of our 5508 controllers
> which are currently running version 7.6.130.33.  I see back in March there
> was a discussion regarding recommended versions of Cisco WLC code and some
> of the recommendation included; 8.0.121.0 and 8.1.131.X, I was looking to
> see if time has changed these recommendations or are these still the most
> stable releases.  Our APs consist of models, 3500, 3600, and 702W.
>
>
>
> Thank you
>
> Bruce Entwistle
>
> Network Manager
>
> University of Redlands
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Beacon Intervals

2016-05-27 Thread Samuel Clements

>A standard should not be an excuse to do something stupid.

Well stated sir! This of course will become a far more challenging
conversation when XOR radios start to trickle into our environments.
Balancing capacity increase with support for 2.4GHz will make our lives...
interesting. :)
  -Sam

On Fri, May 27, 2016 at 11:20 AM, Chuck Enfield  wrote:

> Agreed.  An AP per classroom is our “standard” because it usually makes
> sense from a cost vs. performance perspective.  That said, when we’re
> dealing with small rooms separated by drywall partitions we sometimes cover
> more than one classroom with an AP. In some unusual circumstances more APs
> will actually hamper performance, and cost more too.  A standard should not
> be an excuse to do something stupid.
>
>
>
> Chuck Enfield
>
> Manager, Wireless Systems & Engineering
>
> Telecommunications & Networking Services
>
> The Pennsylvania State University
>
> 110H, USB2, UP, PA 16802
>
> ph: 814.863.8715
>
> fx: 814.865.3988
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *McClintic, Thomas
> *Sent:* Friday, May 27, 2016 11:59 AM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Beacon Intervals
>
>
>
> This is a great article and contains very good information.
>
>
>
> However, I follow the same belief as Jeff. This is mostly from a growth
> and future perspective of 802.11ac, etc. In order to take as much advantage
> as possible of ac (256 QAM an MU-MIMO); an AP per classroom looks more like
> a requirement.
>
>
>
> Turning off 2.4 every other room and ensuring your power levels/data rates
> help promote a healthy environment and needs to be considered.
>
>
>
> From a cost perspective, if I can provide a consistent high throughput to
> each classroom; I can remove port and cabling requirements which actually
> help lower my overall cost to provide connectivity to them.
>
>
>
> Good discussion and no simple answer or cookie cutter solution seems to be
> available.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Samuel Clements
> *Sent:* Friday, May 27, 2016 9:26 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Beacon Intervals
>
>
>
> Sure, but there is a great writeup on that exact topic that does a good
> job in my stead:
>
>
> http://www.wlanpros.com/wp-content/uploads/2014/04/Why-One-AP-Per-Classroom-Approach-is-Wrong-.v3.pdf
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.wlanpros.com_wp-2Dcontent_uploads_2014_04_Why-2DOne-2DAP-2DPer-2DClassroom-2DApproach-2Dis-2DWrong-2D.v3.pdf&d=CwMFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=ncBtrtKYxauw_dR51VE698DYNU514ximcFqdJN_kPUg&s=VqXKIljFA578kWnmynVg8hlmnDK5pJA22Y5z74kNUk4&e=>
>
>
>
> In short, that may be a design you end up with, but assuming it's correct
> to begin with is a premise that should not be used. Proper WiFi design
> (including disabling radios or converting them to 5GHz radios if you have
> hardware that can do that) is of paramount importance in any environment
> that believes their network is of any measurable importance. Remember that
> disabling lower data rates & changing beacon intervals can *mitigate* poor
> design - but there is always a trade off (client compatibility being
> chiefest). I don't necessarily disagree that in some environments, one AP
> per classroom is what you would net, but I've seen far too many
> environments where they over bought and a 1.5 classroom per AP (or some
> other measure) would have supported the load just fine. I hate to see
> people waste money when it could have gone to some other area of technology
> to further the end goal - education.
>
>   -Sam
>
>
>
> On Fri, May 27, 2016 at 9:18 AM, Jeffrey D. Sessler <
> j...@scrippscollege.edu> wrote:
>
> Sam, would you please explain your position on one AP per classroom being
> a mis-design? Do you have data on this you could share?
>
>
>
> In my environment, I’ve found that in order to properly deploy 5 Ghz and
> .11ac, it’s pretty much inevitable that we’ll get to one AP per room,
> especially if one desires consistent and universal coverage. Data from
> existing spaces clearly show gaps in 5GHz coverage when using an
> every-other room scheme.
>
>
>
> Now if you are talking about 2.4 GHz I may agree with you, but even there,
> with removal of lower data rates, and a low-power microcell design, the
> da

Re: [WIRELESS-LAN] Beacon Intervals

2016-05-27 Thread Samuel Clements

Sure, but there is a great writeup on that exact topic that does a good job
in my stead:
http://www.wlanpros.com/wp-content/uploads/2014/04/Why-One-AP-Per-Classroom-Approach-is-Wrong-.v3.pdf

In short, that may be a design you end up with, but assuming it's correct
to begin with is a premise that should not be used. Proper WiFi design
(including disabling radios or converting them to 5GHz radios if you have
hardware that can do that) is of paramount importance in any environment
that believes their network is of any measurable importance. Remember that
disabling lower data rates & changing beacon intervals can *mitigate* poor
design - but there is always a trade off (client compatibility being
chiefest). I don't necessarily disagree that in some environments, one AP
per classroom is what you would net, but I've seen far too many
environments where they over bought and a 1.5 classroom per AP (or some
other measure) would have supported the load just fine. I hate to see
people waste money when it could have gone to some other area of technology
to further the end goal - education.
  -Sam

On Fri, May 27, 2016 at 9:18 AM, Jeffrey D. Sessler  wrote:

> Sam, would you please explain your position on one AP per classroom being
> a mis-design? Do you have data on this you could share?
>
>
>
> In my environment, I’ve found that in order to properly deploy 5 Ghz and
> .11ac, it’s pretty much inevitable that we’ll get to one AP per room,
> especially if one desires consistent and universal coverage. Data from
> existing spaces clearly show gaps in 5GHz coverage when using an
> every-other room scheme.
>
>
>
> Now if you are talking about 2.4 GHz I may agree with you, but even there,
> with removal of lower data rates, and a low-power microcell design, the
> data suggests it’s working very well.
>
>
>
> Jeff
>
>
>
> *From: *"wireless-lan@listserv.educause.edu" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Samuel Clements <
> scleme...@gmail.com>
> *Reply-To: *"wireless-lan@listserv.educause.edu" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Thursday, May 26, 2016 at 6:38 PM
> *To: *"wireless-lan@listserv.educause.edu" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] Beacon Intervals
>
>
>
> Remember folks, there is such a thing as too much RF and in the edu space,
> this occurs quite commonly due to the One AP per Classroom mis-design
> advice that was making the rounds some time ago...
>
>   -Sam
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Beacon Intervals

2016-05-26 Thread Samuel Clements

Also don't forget that many clients use beacons to determine if the network
they're connected to still exists. I've seen plenty of cases where a client
that misses a number of beacons starts to wig out (that's the technical
term). Increasing your beacon interval is just asking for trouble in my
opinion. Having said that, management overhead (especially at low data
rates) can certainly contribute to high Channel Utilization. If you've
already trimmed your low data rates, it could be an interesting exercise to
go through for additional information. I wouldn't advocate leaving your
beacon interval deviated from stock, but if you increased your interval
(say, three fold) and your Channel Utilization issues go away, it *could*
be extrapolated that you have three times too many APs (assuming an
otherwise healthy design/network with a low number of SSIDs).

Remember folks, there is such a thing as too much RF and in the edu space,
this occurs quite commonly due to the One AP per Classroom mis-design
advice that was making the rounds some time ago...
  -Sam

On Thu, May 26, 2016 at 7:40 PM, Britton Anderson 
wrote:

> Hey Craig,
>
> It really depends on how dense your environment is. Keep in mind, the
> longer your beacon interval, the slower the roaming time clients take
> between APs. In my mind, the overhead that beacons introduce is far less of
> an issue than mobile clients dropping connections when they're roaming
> through the network. Especially considering the vast majority of cell
> carriers using WiFi calling now.
>
> --Britton
>
>
>
> Britton Anderson  |  Senior Network
> Communications Specialist |  University of Alaska
>  |  907.450.8250
>
> On Thu, May 26, 2016 at 4:16 PM, Craig Simons  wrote:
>
>> Hello Group,
>>
>> On most vendor products that I’ve seen, the beacon intervals for SSIDs by
>> default are set to ~100ms. Has anyone gone to the lengths of increasing
>> this default in an effort to combat overhead?
>>
>> - Craig
>>
>>
>>
>> SFU SIMON FRASER UNIVERSITY
>> Network Services
>>
>> Craig Simons
>> Network Operations Manager
>>
>> Phone: 778-782-8036
>> Cell: 604-649-7977
>> Email: craigsim...@sfu.ca
>> Twitter: simonscraig 
>>
>>
>>
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Beam teleconference Robot roaming issues

2016-04-14 Thread Samuel Clements

Can you use an AP in autonomous WGB mode to get CCKM support?
 -Sam

This email sent from a mobile computing device. Please excuse typos and brevity.

> On Apr 14, 2016, at 6:41 PM, Peter Arbouin  wrote:
> 
> Hi,
>  
> Just wondering if anyone has had any experience with beam robots? Our 
> robotics research group has purchased one and we are experiencing dropouts 
> when the robot roams from access point to access point.
> We are running Cisco 3702i aps and Wism2’s. We found it does not support CCX, 
> so is doing a full 802.1x auth each time it roams between access points. We 
> have also tried a PSK network which is slightly better, but still have 
> dropouts when roaming.
>  
> Being real time video it is has really brought to our attention the roam 
> times involved.
>  
> Any suggestions greatly appreciated.
>  
> Thanks,
> Peter.
>  
> Peter Arbouin | Network Engineer
> IT Networks | Information Technology Services
> Queensland University of Technology 
> Level 3 | 88 Musk Avenue | Kelvin Grove Campus
> Mob: 0402476892 | Ph: +61 7 3138 1030
> Email: p.arbo...@qut.edu.au
> 
> CRICOS No. 00213J
>  
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco Meraki High Density

2016-04-01 Thread Samuel Clements

Interestingly enough, Meraki just published a High Density Deployment Guide
that could be of interest on the subject. :)
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/High_Density_Wi-Fi_Deployment_Guide
  -Sam

On Fri, Apr 1, 2016 at 8:28 AM, Rick.Decaro  wrote:

> Anyone out there using Cisco Meraki having good luck with high density
> areas like classrooms or lecture halls?If so, could you share your
> setup in those areas?
>
>
>
> *Rick DeCaro*
> Director, Information Technology | Logan University
> 1851 Schoettler Road | Chesterfield, MO 63017
> Phone: (636) 230-1911 | www.logan.edu
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Who wifi vendors does everyone use?

2016-03-30 Thread Samuel Clements

It would be awesome to gather not only vendor data per facility, but number
of APs and number of clients as well. More sites using fewer APs compared
to fewer sites using more APs would be an interesting metric to see as well
- especially when viewed with total number of users (heck, square footage
as well!).

Having said that, the point of a straw poll is to avoid those kind of
insights so it's admittedly a bit of a pipe dream. :)
  -Sam

On Wed, Mar 30, 2016 at 12:04 PM, Pete Hoffswell <
0012b553021b-dmarc-requ...@listserv.educause.edu> wrote:

> You may find this link interesting, showing marketshare for WLAN vendors
> over time.
>
>
> http://www.statista.com/statistics/219473/global-market-share-of-enterprise-wlan-vendors/
>
> Q4 2015:
> #1: Cisco 45.04%
> #2: Aruba 15.88%
> #3: Ruckus 6.71%
> #4: Huawei: 4.12%
> #5: Ubiquiti: 2.7%
> Other: 25.56%
>
> I suppose in higher ed, it might line up similarly, but adding Aerohive in
> the mix.
>
>
> -
> Pete Hoffswell - Network Manager
> pete.hoffsw...@davenport.edu
> http://www.davenport.edu
>
>
> On Wed, Mar 30, 2016 at 12:57 PM, Seward, Bill 
> wrote:
>
>> Pfeiffer is an Aruba shop.
>>
>>
>>
>> *Bill Seward*   |   *Director of Information Technology*
>>
>>
>>
>> Office of Information Technology
>>
>> P.O. Box 960   |   48380 US Hwy 52
>>
>> Misenheimer, NC  28109
>>
>> Office  704-463-3066   |   Fax  704-463-1363
>>
>> *pfeiffer.edu* *   |   *
>> *facebook.com/PfeifferUniversity*
>> *   |   **@Pfeiffer1885*
>> 
>>
>> *instagram/PfeifferUniversity  *
>> * |   *
>> *youtube.com/PfeifferUniversity*
>> 
>>
>>
>>
>> For assistance with an IT-related issue, call Tech Support at
>> 704-463-3002 or email us at techsupp...@pfeiffer.edu
>>
>> [image: advancement:public:GARY:stationary:Pfeiffer BB color logo email
>> sig logo.jpg] 
>>
>>
>>
>> *This email, including attachments, is intended for the person(s) or
>> company named and may contain legally privileged information. Unauthorized
>> disclosure, copying or use of this information is prohibited. If you are
>> not an intended recipient, you may not review, copy or distribute this
>> message. If you received this communication in error, please notify the
>> sender immediately by email and delete the original message.*
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Schuette, David
>> *Sent:* Wednesday, March 30, 2016 11:08 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* [WIRELESS-LAN] Who wifi vendors does everyone use?
>>
>>
>>
>> MSU Denver is an Aerohive shop
>>
>>
>>
>>
>>
>>
>>
>> Sent from my Verizon Wireless 4G LTE smartphone
>>
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC5508

2016-03-24 Thread Samuel Clements

To follow up on Jakes comment, you're asking for a 'stable release' that
supports 'bleeding edge hardware'. If you're expecting to run the latest
and greatest APs, you should expect some code churn for the first 6 months
or so post-FCS to allow for show stopping bugs. If you look at the feature
navigator, it spells it out in much nicer terms:
http://tools.cisco.com/ITDIT/CFN/jsp/reldesignation.jsp

But in general, you're either running 'super-stable stale release' or
'feature release'. That doesn't mean that there is no such thing as a
stable release with new features, you just have to be aware of the risks
with any manufacturers new hardware and the software required to go along
(read: this isn't a Cisco problem, but an industry issue with everyone
Apple/Intel/Aruba/Ruckus/Broadcom/QCA/etc).
  -Sam

On Thu, Mar 24, 2016 at 8:10 AM, Jake Snyder  wrote:

> When 2800/3800 start shipping, there will be a release to support them.
> My guess would be an 8.3 release.
>
> Thanks
> Jake Snyder
>
>
> Sent from my iPhone
>
> On Mar 24, 2016, at 6:19 AM, Mathieu Sturm  > wrote:
>
> What is the preferred/stable release for a Cisco WLC 5508?
>
> I’m planning on updating this summer.
>
>
>
> AP’s 2800,1810 and 3800 series support is required.
>
>
>
> Sturm Mathieu
> Hoofdmedewerker Netwerkbeheer
> --
> 
>
> Hogeschool Gent
> Directie Financiën en ICT
> Valentin Vaerwyckweg 1
> 9000 Gent
> HoGent.be 
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco One

2016-03-07 Thread Samuel Clements

That is very cool - I didn't know you could do that! So, if I had 100x 7005
controllers and I wanted to collapse their capacity into a single 7240
controller, I can do that? Is there a 'license reclamation' command or
something that I do on the 100 units to decommission them or something?
I see there is a command for re-hosting licenses in an RMA situation, but
it's unclear that this is supported between platforms of differing
capacities... Has anyone done this that can share their experiences?
  -Sam

On Mon, Mar 7, 2016 at 6:47 AM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu> wrote:

> Let me just mention that with Aruba, licenses transfer to new hardware
> without any issue No need to repurchase or “negotiate a transfer”.
>
>
>
> 
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Samuel Clements [mailto:scleme...@gmail.com]
> *Sent:* Sunday, March 6, 2016 11:42 AM
> *Subject:* Re: Cisco One
>
>
>
> Full disclosure, I work for a VAR that sells Cisco gear. Having said that,
> Jake is spot on. If you're doing an Apples to Oranges cost comparison (WLC
> AP licenses vs Cisco One), the numbers don't work out. If you use (or are
> planning to use) Prime Infrastructure, MSE, WLC, and ISE, the cost between
> buying all of these things a la carte vs Cisco One is basically a wash. The
> return on your investment is when you buy your next WLC, you pay for the
> hardware only and it becomes very attractive at that point. Your VAR should
> be able to help you navigate those different costing comparisons.
>
>   HTH!  -Sam
>
>
>
> On Sun, Mar 6, 2016 at 10:22 AM, Jake Snyder  wrote:
>
> There are cost savings to be had.  There is currently a promo when moving
> to new 5520 or 8540 hardware that is very compelling.
>
>
>
> That said, brownfield where you are just migrating from standard licensing
> to C1 on the existing hardware doesn't make a lot of sense unless you want
> to add features.  ISE, MSE/CMX, Prime Assurance...
>
>
>
> Ultimately it's going to depend on where you are in the lifecycle
> process.  You should totally ping your Cisco Partner and have them run the
> numbers for you, so you can see what the right thing to do is.
>
>
>
> Thanks
>
> Jake Snyder
>
>
>
>
>
> Sent from my iPhone
>
>
> On Mar 6, 2016, at 8:00 AM, Tom Klimek >
> wrote:
>
> I've recently been asked if we could benefit from Cisco One for wireless
> licensing. I am not very familiar with the product so I thought I would ask
> the Educause community for any input and see if it is very widely used and
> valued.
>
>
>
> One scenario I was presented with is that perpetual licensing would save
> us from re-purchasing Access Point licensing when we upgrade to newer
> (hardware) controllers. When we upgraded from 5508's to 8510's we managed
> to negotiate a transfer of our existing licenses at no cost but that is not
> a guarantee for the next upgrade.
>
>
>
> Appreciate any feedback.
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco One

2016-03-06 Thread Samuel Clements

Full disclosure, I work for a VAR that sells Cisco gear. Having said that,
Jake is spot on. If you're doing an Apples to Oranges cost comparison (WLC
AP licenses vs Cisco One), the numbers don't work out. If you use (or are
planning to use) Prime Infrastructure, MSE, WLC, and ISE, the cost between
buying all of these things a la carte vs Cisco One is basically a wash. The
return on your investment is when you buy your next WLC, you pay for the
hardware only and it becomes very attractive at that point. Your VAR should
be able to help you navigate those different costing comparisons.
  HTH!  -Sam

On Sun, Mar 6, 2016 at 10:22 AM, Jake Snyder  wrote:

> There are cost savings to be had.  There is currently a promo when moving
> to new 5520 or 8540 hardware that is very compelling.
>
> That said, brownfield where you are just migrating from standard licensing
> to C1 on the existing hardware doesn't make a lot of sense unless you want
> to add features.  ISE, MSE/CMX, Prime Assurance...
>
> Ultimately it's going to depend on where you are in the lifecycle
> process.  You should totally ping your Cisco Partner and have them run the
> numbers for you, so you can see what the right thing to do is.
>
> Thanks
> Jake Snyder
>
>
> Sent from my iPhone
>
> On Mar 6, 2016, at 8:00 AM, Tom Klimek >
> wrote:
>
> I've recently been asked if we could benefit from Cisco One for wireless
> licensing. I am not very familiar with the product so I thought I would ask
> the Educause community for any input and see if it is very widely used and
> valued.
>
> One scenario I was presented with is that perpetual licensing would save
> us from re-purchasing Access Point licensing when we upgrade to newer
> (hardware) controllers. When we upgraded from 5508's to 8510's we managed
> to negotiate a transfer of our existing licenses at no cost but that is not
> a guarantee for the next upgrade.
>
> Appreciate any feedback.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wireless LAN Professionals Conference in Phoenix

2016-02-18 Thread Samuel Clements

I'll be there and would love to meet all of you!

I'll be doing a podcast on Tuesday and Wednesday evening and I'll be
presenting a session on Thursday - looking forward to seeing everyone!

  -Sam

On Thu, Feb 18, 2016 at 12:11 PM, Brad Weldon  wrote:

> I'll be there for the conference. My first time for WLPC.
>
> - - - - -
> Brad Weldon
> Network Engineer
> George Fox University
> - - - - -
>
> On Wed, Feb 17, 2016 at 7:27 PM, Norman Elton  wrote:
>
>> Anyone going to the WLPC in Phoenix this year?
>>
>> http://wlanpros.com/WLPC2016
>>
>> I'd be happy to line up a higher ed get-together if anyone else is going.
>>
>> Norman Elton
>> College of William & Mary
>>
>> **
>> Participation and subscription information for this EDUCAUSE Constituent
>> Group discussion list can be found at http://www.educause.edu/groups/.
>>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] high density wireless improvement features

2016-02-16 Thread Samuel Clements

ing
new features, we get many of those benefits without a hardware refresh.


Anyway, sorry for the novel all - it's a topic that I'm certainly
passionate about and I hope that there is a nugget or two of good data in
here if you've read all the way to the bottom. :)
  -Sam

On Mon, Feb 15, 2016 at 10:23 PM, Tariq Adnan  wrote:

> Thank you everyone for your valuable tips. I’ve been trialling some
> changes/features over the past few weeks. Once all done, I will share my
> findings. May be it could help someone with HD design.
>
> *Sam*: regarding point 2, I aim to disable few 2.4G radios. As per your
> experience, should I be following some pattern ? Or disable every 4th one,
> for instance ? Highly appreciate your help, I can see you love HD wireless
> :)
>
> FYI: Cisco is going to introduce Next Gen AP’s which will automatically
> adjust bandwidth (20, 40MHz etc.), automatically disable 2.4G radio or
> convert it to 5G radio or put it in monitoring mode.
>
>
> Cheers,
>
> --
>
>
> Tariq Adnan
>
>
> From: , "Bruce W (Network Services)" 
> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Date: Friday, 15 January 2016 6:26 am
> To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> Subject: Re: [WIRELESS-LAN] high density wireless improvement features
>
> Aruba also does a **very** good job on their LPV (Large Public Venue)
> deployments too. I believe they are also usually lower cost than Cisco.
>
>
>
> 
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Infrastructure & Media Solutions*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Frans Panken [mailto:frans.pan...@surfnet.nl
> ]
> *Sent:* Wednesday, January 13, 2016 12:27 PM
> *Subject:* Re: high density wireless improvement features
>
>
>
> In addition to what Sam shared (thanks!), I think Aruba did a very good
> job with their very detailed description of very high density design that
> is well applicable for other vendors:
> http://community.arubanetworks.com/t5/Validated-Reference-Design/Very-High-Density-802-11ac-Networks-Validated-Reference-Design/ta-p/230891
> -Frans
>
> Op 13/01/16 om 17:14 schreef Samuel Clements:
>
> Hi all! I'm new to the list (well, I've been lurking for a while), but
> this seems to be a good time to say hi! High Density being near and dear to
> my heart - I'd give the following guidance:
>
>
>
> 1) Don't underestimate your gear if you have good equipment. It's not a
> stretch for a Cisco 2700/3700 to support 100+ active association (shameless
> self-plug: http://nsashow.com/AP2700/).
>
> 2) There is such a thing as too much RF. If you're not disabling all but 3
> 2.4GHz radios in a single room, you're not disabling enough of them. If you
> see two APs on the same channel (as a general rule) and they're both above
> -80dBm, you're not adding any capacity to your RF. In fact, you're hurting
> yourself.
>
> 3) Use narrow channels in 5GHz (20MHz), always. There is an overwhelming
> need for density of users (aggregate throughput), not individual
> throughput. This is one of the best ways to leverage the finite amount of
> air we have to use.
>
> 4) Use all channels in 5GHz including 2e/DFS channels. The more channels
> the better. If you're using a sane RRM product (Cisco does this for sure),
> RRM will try to avoid stacking 2e channels next to each other. In the event
> you have a client that doesn't support a channel you're using, this
> improves the likely hood that they can still function on a further AP.
>
> 5) Once you hit a number of APs that matches the number of 5GHz channels
> you have deployed, be very cautious about channel overlap (this is the same
> as rule 2, just in 5GHz and further away).
>
> 6) Design for RRM and enable RRM (sorry Lee!). If you know how RRM works
> (there are many and numerous white papers and Cisco Live sessions on the
> specifics of how AP layout impacts RRM), you can safely run it without
> shooting yourself in the foot. I can't speak to ARM since there doesn't
> seem to be a good guide on how it actually works. 99% of the time, RRM
> works every time. The great thing about Cisco RRM is that you can watch the
> CLI of the process and it will tell you exactly what it's doing and why
> it's doing it. Use min and max thresholds if you can't get it to do what
> you'd like.
>
> 7) Use RF Groups to segregate your high

Re: [WIRELESS-LAN] high density wireless improvement features

2016-01-14 Thread Samuel Clements

The default (without using the Express setup wizard, just a plain out of
the box WLC config) is 'auto'. RX-SOP is not new and is linked to the Clear
Channel Assessment component of 802.11. All of our devices on all of our
infrastructures (regardless of manufacturer) use both RX-SOP and CCA to
access and function on the medium (air). What we're talking about is the
ability to uncouple the two and to tell RX-SOP to happen much later than it
otherwise would have. Hence, the default being 'auto', or 'coupled with
CCA'.
  -Sam

On Thu, Jan 14, 2016 at 12:43 AM, Bruce Curtis 
wrote:

> Thanks.  Another thing I haven’t found is what is the default for radios.
> Is the default Low or Medium for 2600s and 3600s?
>
>
> > On Jan 13, 2016, at 6:47 PM, Samuel Clements 
> wrote:
> >
> > "Also Optimized Roaming allows us to set a numerical value, we are not
> limited to just High, Medium and Low."
> >
> > For the record, RX-SOP also allows a numeric value - but that's not a
> reason to prefer it over OR. Two entirely different functions.
> >
> > RX-SOP numeric values can be set using the following:
> > config 802.11b rx-sop threshold -79
> >
> > as confirmed by the relevant show command:
> > (Cisco Controller) >show 802.11b extended
> >
> > Default 802.11bg band Radio Extended Configurations:
> > Beacon period: 100, range: 0 (AUTO);
> > Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
> > RX SOP threshold: -79; CCA threshold: 0 (AUTO);
> >
> > -Sam
> >
> >
> > On Wed, Jan 13, 2016 at 5:24 PM, Bruce Curtis 
> wrote:
> >
> >
> > > On Jan 13, 2016, at 7:55 AM, Lee H Badman  wrote:
> > >
> > > We’ve had problems with load balancing and band select in the past,
> significant enough that we’re not running them now and generally do OK
> without. Absolutely override RRM in these scenarios.
> >
> >   We used Band Select for several years and were overall satisfied with
> the improvement in percentage of clients connected to 5 GHz.  However last
> semester that could have been related to Band Select.  We were seeing some
> clients that were far from an AP have trouble connecting at 2.4 GHz because
> we had the Band Select threshold high enough to cause Band Select to delay
> the clients from connecting.  We lowered the threshold but then other 2.4
> GHz only clients that could reach two APs were connecting to the further
> away AP.
> >
> >   We didn’t see an easy way to a Goldilocks setting and were not even
> sure there was a Goldilocks setting.
> >
> >   Our percentage of clients on 5 GHz was between 50 % and 60%.  We
> disabled Band Select and the percentage only dropped slightly to a bit
> above 50 %.  So since the clients were doing such a better job of
> preferring 5 GHz compared to when we enable Band Select originally we just
> left it off.  While useful originally it now seems like just an extra
> complication when troubleshooting.
> >
> >
> >
> >
> > > Would be curious to hear your approach to RX-SOP, as I’ve seen fairly
> conflicting info on it.
> >
> >   Here at NDSU we just exchanged some email internally about RX-SOP.
> >
> > After reading about both I actually prefer the Optimized Roaming but
> unfortunately that is only a Global setting and can’t be set in an RF
> profile.
> >
> > Also Optimized Roaming allows us to set a numerical value, we are not
> limited to just High, Medium and Low.
> >
> > My one concern with Rx SoP is that we would be changing traffic from
> known 802.11 traffic to noise.  It’s sort of like having traffic on channel
> 3 rather than channel 1,6 or 11.  If two APs are close on the same channel
> they listen to each other and don’t step on each other’s traffic.  It’s not
> good because then all clients on both APs are sharing a single channel.
> But on the other hand noise is unpredictable and will cause packet loss and
> retransmissions, that is why it is better to use non-overlapping channels
> on 2.4GHz.
> >
> >  This link has some more info about Rx SoP.
> >
> >
> http://www.revolutionwifi.net/revolutionwifi/2014/08/optimized-roaming-rssi-low-check-rx-sop.html
> >
> > One thing it mentions is that Rx SoP has been around since version 7.2
> or so.  That should mean that Cisco has had time to shake out some of the
> bugs.  It also has a nice example at the bottom with a diagram.  Looking at
> the diagram I think we need to consider how beam steering affects the
> situation also.  Beam steering should make it less likely that traffic from
> AP 1 to Client 1 will be strong enough to interfere with Clie

Re: [WIRELESS-LAN] high density wireless improvement features

2016-01-13 Thread Samuel Clements

"Also Optimized Roaming allows us to set a numerical value, we are not
limited to just High, Medium and Low."

For the record, RX-SOP also allows a numeric value - but that's not a
reason to prefer it over OR. Two entirely different functions.

RX-SOP numeric values can be set using the following:
*config 802.11b rx-sop threshold -79*

as confirmed by the relevant show command:
(Cisco Controller) >show 802.11b extended

Default 802.11bg band Radio Extended Configurations:
Beacon period: 100, range: 0 (AUTO);
Multicast buffer: 0 (AUTO), rate: 0 (AUTO);
*RX SOP threshold: -79; CCA threshold: 0 (AUTO);*

-Sam


On Wed, Jan 13, 2016 at 5:24 PM, Bruce Curtis  wrote:

>
>
> > On Jan 13, 2016, at 7:55 AM, Lee H Badman  wrote:
> >
> > We’ve had problems with load balancing and band select in the past,
> significant enough that we’re not running them now and generally do OK
> without. Absolutely override RRM in these scenarios.
>
>   We used Band Select for several years and were overall satisfied with
> the improvement in percentage of clients connected to 5 GHz.  However last
> semester that could have been related to Band Select.  We were seeing some
> clients that were far from an AP have trouble connecting at 2.4 GHz because
> we had the Band Select threshold high enough to cause Band Select to delay
> the clients from connecting.  We lowered the threshold but then other 2.4
> GHz only clients that could reach two APs were connecting to the further
> away AP.
>
>   We didn’t see an easy way to a Goldilocks setting and were not even sure
> there was a Goldilocks setting.
>
>   Our percentage of clients on 5 GHz was between 50 % and 60%.  We
> disabled Band Select and the percentage only dropped slightly to a bit
> above 50 %.  So since the clients were doing such a better job of
> preferring 5 GHz compared to when we enable Band Select originally we just
> left it off.  While useful originally it now seems like just an extra
> complication when troubleshooting.
>
>
>
>
> > Would be curious to hear your approach to RX-SOP, as I’ve seen fairly
> conflicting info on it.
>
>   Here at NDSU we just exchanged some email internally about RX-SOP.
>
> After reading about both I actually prefer the Optimized Roaming but
> unfortunately that is only a Global setting and can’t be set in an RF
> profile.
>
> Also Optimized Roaming allows us to set a numerical value, we are not
> limited to just High, Medium and Low.
>
> My one concern with Rx SoP is that we would be changing traffic from known
> 802.11 traffic to noise.  It’s sort of like having traffic on channel 3
> rather than channel 1,6 or 11.  If two APs are close on the same channel
> they listen to each other and don’t step on each other’s traffic.  It’s not
> good because then all clients on both APs are sharing a single channel.
> But on the other hand noise is unpredictable and will cause packet loss and
> retransmissions, that is why it is better to use non-overlapping channels
> on 2.4GHz.
>
>  This link has some more info about Rx SoP.
>
>
> http://www.revolutionwifi.net/revolutionwifi/2014/08/optimized-roaming-rssi-low-check-rx-sop.html
>
> One thing it mentions is that Rx SoP has been around since version 7.2 or
> so.  That should mean that Cisco has had time to shake out some of the
> bugs.  It also has a nice example at the bottom with a diagram.  Looking at
> the diagram I think we need to consider how beam steering affects the
> situation also.  Beam steering should make it less likely that traffic from
> AP 1 to Client 1 will be strong enough to interfere with Client 2 hearing
> traffic from AP 2.  But on the other hand if Client 1 were directly left of
> AP 1 and Client 2 were directly right of AP 2 then beam steering would make
> it more likely that traffic from AP 1 to Client 1 would interfere with
> traffic from AP 2 to Client 2.  So it could increase the variability of
> service clients see and make it more difficult to troubleshoot.  Can’t be
> sure until we test it though.
>
> The link also mentions that Optimized Roaming can be set in an RF
> Profile.  That is not what I saw in the GUI but I have not checked the
> command line yet.
>
> >  -Lee Badman
> > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]On Behalf Of Tariq Adnan
> > Sent: Wednesday, January 13, 2016 12:01 AM
> > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > Subject: [WIRELESS-LAN] high density wireless improvement features
> >
> > Hello everyone,
> >
> > I am working on improving wireless performance in high density areas
> (lecture theaters, auditoriums etc) and doing research on some features. I
> would like to know if you people have made below changes and how was your
> experience with it ? We're using cisco gear (3702i/e APs, WiSM2
> controllers, Prime 3.0).
> >
> > 1-set channel and power manually (not use RRM) : reduce power to limit
> coverage and disable 2.4GHz radios on every 3rd/4th AP.
> > 2-load-balan

Re: [WIRELESS-LAN] high density wireless improvement features

2016-01-13 Thread Samuel Clements

Hi all! I'm new to the list (well, I've been lurking for a while), but this
seems to be a good time to say hi! High Density being near and dear to my
heart - I'd give the following guidance:

1) Don't underestimate your gear if you have good equipment. It's not a
stretch for a Cisco 2700/3700 to support 100+ active association (shameless
self-plug: http://nsashow.com/AP2700/).
2) There is such a thing as too much RF. If you're not disabling all but 3
2.4GHz radios in a single room, you're not disabling enough of them. If you
see two APs on the same channel (as a general rule) and they're both above
-80dBm, you're not adding any capacity to your RF. In fact, you're hurting
yourself.
3) Use narrow channels in 5GHz (20MHz), always. There is an overwhelming
need for density of users (aggregate throughput), not individual
throughput. This is one of the best ways to leverage the finite amount of
air we have to use.
4) Use all channels in 5GHz including 2e/DFS channels. The more channels
the better. If you're using a sane RRM product (Cisco does this for sure),
RRM will try to avoid stacking 2e channels next to each other. In the event
you have a client that doesn't support a channel you're using, this
improves the likely hood that they can still function on a further AP.
5) Once you hit a number of APs that matches the number of 5GHz channels
you have deployed, be very cautious about channel overlap (this is the same
as rule 2, just in 5GHz and further away).
6) Design for RRM and enable RRM (sorry Lee!). If you know how RRM works
(there are many and numerous white papers and Cisco Live sessions on the
specifics of how AP layout impacts RRM), you can safely run it without
shooting yourself in the foot. I can't speak to ARM since there doesn't
seem to be a good guide on how it actually works. 99% of the time, RRM
works every time. The great thing about Cisco RRM is that you can watch the
CLI of the process and it will tell you exactly what it's doing and why
it's doing it. Use min and max thresholds if you can't get it to do what
you'd like.
7) Use RF Groups to segregate your high density areas from other areas of
your campus. This allows you to tweak and tune your HD area without
impacting other users.
8) Use RX-SOP only when you've violated rules 2 and 5 and use it sparingly.
RX-SOP is like a brick wall. Once you hit it, your clients fall off into
never never land.

I hope that helps! There is a ton of guidance that can be given for
designing cells (using directional antennas, stadium antennas with narrow
beams from far away, APs under seats, in walls, etc) but those are covered
in great detail elsewhere and all of the above advice can be taken
regardless of antenna or location of installation.
  -Sam


On Tue, Jan 12, 2016 at 11:00 PM, Tariq Adnan  wrote:

> Hello everyone,
>
>
> I am working on improving wireless performance in high density areas
> (lecture theaters, auditoriums etc) and doing research on some features. I
> would like to know if you people have made below changes and how was your
> experience with it ? We're using cisco gear (3702i/e APs, WiSM2
> controllers, Prime 3.0).
>
>
> 1-set channel and power manually (not use RRM) : reduce power to limit
> coverage and disable 2.4GHz radios on every 3rd/4th AP.
>
> 2-load-balancing
>
> 3-band-select
>
> 4-RX-SOP (already deployed and happy with it, channel utilization is
> dropped)
>
> 5-optimized roaming
>
> 6-please suggest if i am missing something
>
>
> In our setup, same controller is handling APs from HD and non-HD (high
> density) environments. My concern is if i make change which is controller
> wide, for instance optimized roaming, it could improve performance in HD
> areas but what could it do to non-HD areas (APs far away from each other).
>
>
> I am using airmagnet PRO and Prime planning tool for survey and planning
> purposes.
>
>
> Thanks everyone for your precious time [image: 😊]
>
>
> Cheers,
>
> --
>
>
> Tariq Adnan
>
> Network Engineer
>
> NSW, Australia
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

55 matches

Mail list logo