Re: [WIRELESS-LAN] Aruba Controller code recommendations

2016-06-17 Thread Sidharth Nandury 
We are running v6.4.3.7 on the controller while running v8.2.0.2 here at
Denison University. The controller has not had any issues with it and works
great! While there are no compatibility issues with each other, Airwave has
had problems recognizing Cisco equipment gear. We have Cisco 2960X and S
series switches, both 24 and 48 port. Airwave recognizes these switches as
stack switches and instead of the particular model of switches that they
actually are. Also, there was the issue of duplicate devices, where when
scanning the network for devices it would add the device according to the
MAC address of the device and then also the devices according to the MAC
address of the management VLAN of the switch.

The code upgrade form 8.2.0.1 to 8.2.0.2 solved the duplicate device issue,
but we still continue to have problems with recognizing the correct Cisco
models.

We are moving to HP switches for our access layer this summer, we have
rolled out some switches already. Airwave seems to recognize these switches
correctly, give all the correct information but Auditing the device
configuration has not been successful so far. It may be that I am doing
something wrong, but I thought this was worth mentioning.

Thank you.

Regards,
Sid

On Fri, Jun 17, 2016 at 7:24 AM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu> wrote:

> We are running 6.4.3.x with Airwave 8.2.0.x. We see no ArubaOS
> compatibility issues, but are working with Aruba support on some specific
> VisualRF issues within Airwave that appear to be restricted to our
> environment.
>
>
>
> ​
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Entwistle, Bruce [mailto:bruce_entwis...@redlands.edu]
> *Sent:* Thursday, June 16, 2016 3:26 PM
> *Subject:* Re: Aruba Controller code recommendations
>
>
>
> Thank you.  We are primarily looking to upgrade to be compatible with the
> newest version of Airwave.
>
>
>
> Bruce
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *McClintic, Thomas
> *Sent:* Thursday, June 16, 2016 12:10 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Controller code recommendations
>
>
>
> Bruce,
>
>
>
> I was hoping others would reply to get some feedback. Currently running
> 6.4.2.13, 7210 and 215s. Asked my HPE rep and they said we can stay on the
> same version unless we run into an issue that needs addressing?
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Entwistle, Bruce
> *Sent:* Monday, June 13, 2016 12:52 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Aruba Controller code recommendations
>
>
>
> We are looking to upgrade our Aruba 7210 controllers which are currently
> running software version 6.4.2.4.  Looking at the versions currently
> available on the web site I see the latest GA version is 6.4.3.9 and the
> latest ED version is 6.4.4.8.  I was looking to see what others are running
> and what their recommendation would be.  We are currently running AP
> models, 134, 135 and 93H.
>
>
>
> Thank you
>
> Bruce Entwistle
>
> Network Manager
>
> University of Redlands
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/
> .
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>


-- 
Sidharth. S. Nandury
Network Engineer I
Denison University
Fellows 003C
nandu...@denison.edu
740-587-5533

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Atmosphere Conference next week - higher education gathering

2018-03-24 Thread Sidharth Nandury 
I will be there Mon - Fri. Do let me know if there is an informal meet.
Would love to meet and get acquainted with colleagues in the higher
education space.

Regards,
Sid
On Fri, Mar 23, 2018 at 10:24 AM Brian Helman 
wrote:

> Kevin,
>
>
>
> Thanks for finding this.  I actually just heard from Aruba verifying this.
>
>
>
> Everyone:  if the tables are full .. start your own!
>
>
>
> I’m going to x-post this to the NETMAN CG.
>
>
>
> -Brian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Kevin Grover
> *Sent:* Friday, March 23, 2018 10:06 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>
>
> *Subject:* Re: [WIRELESS-LAN] Atmosphere Conference next week - higher
> education gathering
>
>
>
> Looks like they are having the Breakfast/lunch tables again
>
>
>
>
>
> 186769 - Higher Ed- Atmosphere meetup discussion
>
> Join the Higher Education meetup group to discuss the landscape, share
> challenges, and learn best practices that can help you achieve your campus
> goals!
>
>
>
> 1hr 15min Meetup Discussion
>
> Tuesday, Mar 27, 7:00 AM - 8:15 AM – Oceanside A-Higher Ed Table
>
> Tuesday, Mar 27, 11:45 AM - 1:00 PM – Oceanside A-Higher Ed Table
>
>
>
>
>
> Kevin Grover
>
> Utah State University
>
>
>
>
>
>
>
> *From: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Osborne, Bruce W
> (Network Operations)" 
> *Reply-To: *The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Friday, March 23, 2018 at 5:53 AM
> *To: *"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] Atmosphere Conference next week - higher
> education gathering
>
>
>
> I will not be making it this year.
>
>
>
> Last year there were some informal meetups during meals, at designated
> tables. Perhaps that can work, with a little bit of coordination.
>
>
>
> Maybe somebody should spin up a Slack channel to coordinate.
>
>
>
>
>
> *Bruce Osborne*
>
> *Senior Network Engineer*
>
> *Network Operations - Wireless*
>
>  *(434) 592-4229*
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Brian Helman [mailto:bhel...@salemstate.edu
> ]
> *Sent:* Thursday, March 22, 2018 5:09 PM
> *Subject:* Atmosphere Conference next week - higher education gathering
>
>
>
> Several of you replied to me directly about possibly putting together a
> higher education gathering sometime next week at the Atmosphere Conference
> in Las Vegas.  I’ve looked over my schedule as well as the conference’s and
> I don’t see a time where it’s feasible.  I will be at part or all of the
> Monday and Tuesday Innovation Zone receptions.   Given it’s the start of
> the baseball season, there’s a good chance I’ll be in bright orange Mets
> colors, so introduce yourself!
>
>
>
> *More generically speaking, as many of us go to conferences that may not
> be Higher Education-specific, make sure you introduce yourselves to our
> peers, and make sure they are aware of the Educause Constituency Groups
> (especially this one and the NETMAN group).*
>
>
>
> If you are going to Atmosphere and want to try to catch up, feel free to
> direct message me on Twitter (@BrianHelman).
>
>
>
>
>
> -Brian
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss
> .
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss
> .
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss
> .
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/discuss.
>
> --
Sidharth. S. Nandury
Network Engineer
Denison University
nandu...@denison.edu
740-587-5533

**
Participation and subscription information for this EDUCAUSE Constit

WiFi survey tools

2019-09-11 Thread Sidharth Nandury 
Hello All,

We have historically depended on vendors to do wireless surveys for us, and
any signal related issues have been tackled with signal strength
configurations. We are at a stage now, where we believe our WAP placements
will need to be changed. We are trying to build a case to present to our
management, and a wireless survey of these locations is probably needed.

My question is what tools are folks using to do in-house wireless surveys
and/ or troubleshooting low signal wireless tickets? We don't really have a
big budget for the tool and are looking for something that we could
potentially install on a phone/ computer. We came across
https://www.netspotapp.com/ and were wondering if anyone has used this?

Thank you for your time.

Regards,
Sid

-- 
[image: Denison University Logo] 

*Sidharth S. Nandury*
*Network Engineer*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Fellows
003C 
Office: 740-587-5533  |
Mobile: 516-314-4413 
nandu...@denison.edu
https://denison.edu/campus/technology

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Sidharth Nandury 
All,

We have been asked to look into rogue WAP detection and mitigation. We are
an Aruba shop for wireless and are running v6.5.4.12. After doing some
research and looking at Airheads posts, it lead to me a configuration
called "Protect SSID" in the IDS profile. Though I have successfully tested
this in a lab environment and it seems to be "protecting" valid
SSID's (ones that I have configured), I am a little apprehensive about
simply turning this on due to the ramifications that it might cause.

I am wondering if anyone here has used this setting to help with mitigating
rogue SSID broadcasts and protecting your clients connecting to these rogue
WAPs. I would also love to hear about any pitfalls with turning this on,
and any other gotchas that I might need to keep in mind other suggestions
about rogue WAP detection and mitigation, I would love to hear them. Please
feel free to reach me off this list if you wish.

Please let me know if any additional information is needed on my end. Thank
you for your time.

Regards,
Sid

-- 
[image: Denison University Logo] 

*Sidharth S. Nandury*
*Network Engineer*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Fellows
003C 
Office: 740-587-5533 | Mobile: 516-314-4413
nandu...@denison.edu
https://denison.edu/campus/technology

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Sidharth Nandury 
Thank you for the response.

Thomas,
I'm definitely going to share the FCC announcement with my management and
security officer to ensure that they are aware of this. That being said, we
are not trying to prevent anyone from using a hotspot, but like Chuck
mentioned are trying to protect our users from connecting to counterfeit
"well-known" campus SSIDs. My thought is to only add "well-known" SSIDs in
our list of protected networks.

Chuck,
Airwave can be an option for alerting, but as you said, it needs manual
intervention. If our security officer decides to go against implementing
this, my next suggestion would be using Airwave for manual intervention.
Something else I can think of is the polling intervals duration and
immediacy of action. If there is a malicious individual trying to broadcast
a known-network, wouldn't we want to have immediate action to be taken,
rather than having to wait for the airwave polling interval, receive an
email notification, turn around and maybe have some kind of text alert to
immediately alert us to take action? Thoughts?

Regards,
Sid

On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck  wrote:

> Most of the time if somebody is using one of your well-known SSID’s on
> campus it’s either out of ignorance or benign experimentation.  Rouge
> mitigation of those devices is unlikely to attract the attention of the
> FCC, and even if it does, I doubt you’ll get in any trouble for it.  The
> FCC has cracked down on property owners acting like they own the spectrum
> within their facilities.  I suspect an effort to protect users from what
> may reasonably be characterized as “counterfeit” networks would be viewed
> in a different light.  They may still tell you to knock it off, but
> penalties seem really unlikely.
>
>
>
> On the other hand, have you considered an Airwave alert to bring these
> device to your attention and mitigating by manual intervention?  If your
> institution is anything like ours you’ll see very few of these.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Thomas Carter
> *Sent:* Monday, October 28, 2019 11:53 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> The short answer is don’t do this. The longer answer is the FCC frowns on
> rogue mitigation:
>
>
> https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
> <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnakedsecurity.sophos.com%2F2015%2F08%2F19%2Ffcc-fines-company-75-for-disabling-conference-hotspots%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939813699&sdata=%2BmbUkc0lcPxK9dvpWp3rNaLDwSqbE26nHJndDrUpdwk%3D&reserved=0>
>
> Look at the notice from the FCC down about ½ the page.
>
>
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> <https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.austincollege.edu%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939823692&sdata=VfNn41KTdQNM9aSHreit3ld%2FBmhvFsMyyfdMwfcZ008%3D&reserved=0>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sidharth Nandury
> *Sent:* Monday, October 28, 2019 10:34 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> All,
>
>
>
> We have been asked to look into rogue WAP detection and mitigation. We are
> an Aruba shop for wireless and are running v6.5.4.12. After doing some
> research and looking at Airheads posts, it lead to me a configuration
> called "Protect SSID" in the IDS profile. Though I have successfully tested
> this in a lab environment and it seems to be "protecting" valid
> SSID's (ones that I have configured), I am a little apprehensive about
> simply turning this on due to the ramifications that it might cause.
>
>
>
> I am wondering if anyone here has used this setting to help with
> mitigating rogue SSID broadcasts and protecting your clients connecting to
> these rogue WAPs. I would also love to hear about any pitfalls with turning
> this on, and any other gotchas that I might need to keep in mind other
> suggestions about rogue WAP detection and mitigation, I would love to hear
> them. Please feel free to reach me off this list if

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-29 Thread Sidharth Nandury 
Thank you, everyone. This is great information. Looking at Airwave (our
monitoring tool for wireless), and the controller logs, I only have a
couple of rogues on campus based on the parameters we are trying to define
for rogues. I will probably be suggesting a detection and reporting
approach, and manual mitigation if deemed necessary on a case by case
basis. I believe this would keep us away from FCC fines. I am also working
on a write-up for our "official" rogue policy on campus, so, Lee, thank you
for your input. This helps me know whom I should work more closely with.

Thank you once again.

Regards,
Sid

On Tue, Oct 29, 2019 at 7:13 AM Thomas Carter 
wrote:

> I guess I should have clarified – we do rogue detection, but “mitigation”
> is a physical visit by us or someone from Student Life. If it’s a router or
> other device plugged into a port in the room, we disable that port until
> the students communicate with us. It’s just the automatic mitigation that
> isn’t worth it.
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Enfield, Chuck
> *Sent:* Monday, October 28, 2019 12:55 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> My main reason for worrying about people broadcasting our SSIDs is
> usability.
>
>
>
> The $64 question for security is whether or not the Aruba IDS would detect
> a well-executed evil twin attack.  If the twin uses not just your ESSID but
> a valid BSSID from one of your APs in an area where the “spoofed” AP can’t
> detect it, would the IDS figure it out?  If so, then there may be some
> value in enabling automatic mitigation.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sidharth Nandury
> *Sent:* Monday, October 28, 2019 12:56 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> Thank you for the response.
>
>
>
> Thomas,
>
> I'm definitely going to share the FCC announcement with my management and
> security officer to ensure that they are aware of this. That being said, we
> are not trying to prevent anyone from using a hotspot, but like Chuck
> mentioned are trying to protect our users from connecting to counterfeit
> "well-known" campus SSIDs. My thought is to only add "well-known" SSIDs in
> our list of protected networks.
>
>
>
> Chuck,
>
> Airwave can be an option for alerting, but as you said, it needs manual
> intervention. If our security officer decides to go against implementing
> this, my next suggestion would be using Airwave for manual intervention.
> Something else I can think of is the polling intervals duration and
> immediacy of action. If there is a malicious individual trying to broadcast
> a known-network, wouldn't we want to have immediate action to be taken,
> rather than having to wait for the airwave polling interval, receive an
> email notification, turn around and maybe have some kind of text alert to
> immediately alert us to take action? Thoughts?
>
>
>
> Regards,
>
> Sid
>
>
>
> On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck  wrote:
>
> Most of the time if somebody is using one of your well-known SSID’s on
> campus it’s either out of ignorance or benign experimentation.  Rouge
> mitigation of those devices is unlikely to attract the attention of the
> FCC, and even if it does, I doubt you’ll get in any trouble for it.  The
> FCC has cracked down on property owners acting like they own the spectrum
> within their facilities.  I suspect an effort to protect users from what
> may reasonably be characterized as “counterfeit” networks would be viewed
> in a different light.  They may still tell you to knock it off, but
> penalties seem really unlikely.
>
>
>
> On the other hand, have you considered an Airwave alert to bring these
> device to your attention and mitigating by manual intervention?  If your
> institution is anything like ours you’ll see very few of these.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Thomas Carter
> *Sent:* Monday, October 28, 2019 11:53 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> The short

Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-02-12 Thread Sidharth Nandury 
We are an Aruba shop at Denison University and have received reports of
issues on Zoom and Google Meet as well mostly on Mac OS. Looking into the
Zoom dashboard statistics of some of these calls we are seeing the "Max
Loss" percentage go up to 99% frequently and back down to 2-6 % on wireless
when there are no issues. We can generally co-relate this to higher ping
responses. I would also love to what other Universities are doing to look
at this.

Thank you.

Sid

On Fri, Feb 12, 2021 at 8:30 AM Samuel Clements  wrote:

> Troubleshooting seemingly disjointed problems and crowdsourcing
> recommendations is always a tricky thing for us to navigate. Personally, I
> like to look at things like "absolutely everything is okay except for one
> single app" with a grain of salt unless I can back it up with
> empirical evidence (application inspection, external app health solutions,
> etc). Just because Zoom is filtering to the top, you very well could be
> having pervasive issues otherwise, but the vocal majority could simply be
> expressing Zoom since it can be taxing on a number of network components.
> Unless you want to delve off into actual troubleshooting scenarios
> (capturing debugs & packets), you're going to be left with "punch list"
> troubleshooting - and those come from vendor recommended best practices. In
> this case, I'd make sure that you follow the Apple/Cisco document that is
> meant to address both manufacturers recommendations:
>
> https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practices_for_iOS_devices_and_Mac_computers_on_Cisco_Wireless_LAN.pdf
>
> I'd particularly pay attention to QoS since it's easy to get wrong -
> remember, unless you have trust on *every* link (yes, even those fancy 10G
> links in your core), you do not have QoS. It's a lengthy doc, but it's
> quite comprehensive - and most everything is in there for a reason. Let's
> be honest, having a nice reference guide is far better than vendors that
> don't qualify interoperability (cue Lee complaining about Wi-Fi Alliance)
> or provide design recommendations. In short, I'd recommend you start where
> your vendors suggest you start.
>   -Sam
>
> On Fri, Feb 12, 2021 at 6:36 AM Lee H Badman <
> 00db5b77bd95-dmarc-requ...@listserv.educause.edu> wrote:
>
>> That there are widespread problems with Zoom, and often just Zoom, is not
>> hard to appreciate- one random sample:
>>
>>
>> https://www.reddit.com/r/Zoom/comments/g58olb/keep_getting_your_internet_connection_is_unstable/?utm_medium=android_app&utm_source=share
>>
>> The risk in tweaking controller settings for just Zoom's issues are that
>> you can create more problems. Tread lightly here, and know that you are not
>> alone.
>>
>> At the same time, if anyone has discovered a silver bullet, I'd like to
>> hear it as well. To me, it seems like the fix should be on the Zoom end,
>> but am trying to keep an open mind.
>>
>> *Lee Badman* | Network Architect | CWNE #200
>> Information Technology Services
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>> *t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w*
>> its.syr.edu
>> *SYRACUSE UNIVERSITY*
>> syr.edu
>> --
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tariq Adnan <
>> 01e6b38f57b3-dmarc-requ...@listserv.educause.edu>
>> *Sent:* Thursday, February 11, 2021 9:19 PM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Subject:* [WIRELESS-LAN] Macbook zoom wireless dropout issues
>>
>>
>> Hello everyone,
>>
>>
>>
>> Just checking if you have recently come across any macbook zoom wireless
>> dropout (and frozen screen) issues and have taken any step to resolve it.
>>
>>
>>
>> So I have come across a Macbook running Catalina 10.15.7 reporting zoom
>> dropouts from time to time.
>>
>>
>>
>> The AP is 3700 and the controller model is 8540 running code 8.5.161.6.
>> The session time out on the SSiD is set to 24 hours. The QOS is default
>> “silver”.
>>
>>
>>
>> I was running debug on WLC (debug client mac) and AP and there is no
>> helpful log generated at the time of issue. The utilization for both radios
>> on the AP is close to 1% (not busy) and the noise and interference reported
>> by AP is not unusual. The switchport have no errors etc.
>>
>>
>>
>> I have searched this forum and few people have reported that the mac’s
>> were having issues with specific 5G channels. Some suggested to change few
>> things on the mac (turn off unlock with apple watch) etc.
>>
>>
>>
>> *So if you have recently dealt with something similar, can you please
>> share your thoughts and if you have resolved the issue, how did you do that
>> (code upgrade etc.)? *
>>
>>
>>
>> *Few things I can try:*
>>
>> -Set Qos profile to platinum
>>
>> -Disable Aironet IE
>>
>> -Configure Idle timeout on the ssid (less than session timeout) :
>> currently

Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-02-15 Thread Sidharth Nandury 
t;>
>> Zoom uses a fallback to TCP/443 SSL connectivity when it can’t get
>> through on its default UDP port (8801) or TCP port (8801).  I’m starting to
>> suspect that the SSL fallback might have some significant issues and am
>> going to investigate allowing the UDP connections through our firewalls for
>> Zoom sessions.  I’d be curious to see if any of the other folks getting big
>> spikes of Zoom complaints could provide further corroboration for this
>> theory?
>>
>>
>>
>> *David Hales*
>>
>> *Network Systems Administrator*
>>
>>
>>
>> Information Technology Services
>>
>> Tennessee Tech University
>>
>> 1010 N. Peachtree Av., CLEM117
>>
>> Cookeville, TN 38505
>>
>> *P:* 931-372-3983
>>
>> *E: *dha...@tntech.edu
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Lee H Badman
>> *Sent:* Friday, February 12, 2021 9:00 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>>
>>
>>
>> *External Email Warning*
>>
>> *This email originated from outside the university. Please use caution
>> when opening attachments, clicking links, or responding to requests.*
>> --
>>
>> The by-product? “The campus network sucks. I’m using my hotspot…” let the
>> fun begin.
>>
>>
>>
>> *Lee Badman* | Network Architect (CWNE#200)
>>
>> Information Technology Services
>> (NDD Group)
>> 206 Machinery Hall
>> 120 Smith Drive
>> Syracuse, New York 13244
>>
>> *t* 315.443.3003  * e* lhbad...@syr.edu *w* its.syr.edu
>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fits.syr.edu%2F&data=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7Cadb69f2efe2d4909aca308d8d1c34776%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637489983972771754%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KxKHjQupmU21biTg7RfpWLispKVRjnraJ9gKPXigB24%3D&reserved=0>
>>
>> Campus Wireless Policy:
>> https://answers.syr.edu/display/network/Wireless+Network+and+Systems
>> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.syr.edu%2Fdisplay%2Fnetwork%2FWireless%2BNetwork%2Band%2BSystems&data=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7Cadb69f2efe2d4909aca308d8d1c34776%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637489983972781757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BQJ1BDLeT4MsGSrMA3W5E4ruDnftE21%2FLSr%2B5eoVzvc%3D&reserved=0>
>>
>> *SYRACUSE UNIVERSITY*
>> syr.edu
>> <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsyr.edu%2F&data=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7Cadb69f2efe2d4909aca308d8d1c34776%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637489983972781757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=leOPaNcS3%2BeCWTntj%2FVqkUW7xkGavDNWEoQw9k45avM%3D&reserved=0>
>>
>>
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Ian Lyons
>> *Sent:* Friday, February 12, 2021 9:54 AM
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>>
>>
>>
>> We had a huge upswell of Mac users not being able to connect and the
>> newest OS was at fault. Older macs further away...no issues. Mac's with new
>> OS right under an AP... couldnt connect reliably, huge CPU spikes and or
>> crappy wifi.
>>
>>
>>
>> Ahh, I love Apple.
>>
>>
>>
>> But yeah, in this instance, dont discount the OS.
>>
>>
>>
>> Ian
>>
>>
>>
>> Cheers
>>
>> Ian J Lyons
>>
>> Network Architect - Rollins College
>>
>> 401.413.1661 Cell
>>
>> 407.628.6396 Desk
>>
>>
>>
>>
>>
>>
>> --
>>
>> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Julian Y Koh <
>> kohs...@northwestern.edu>
>> *Sent:* Friday, February 12, 2021 9:35
>> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
>> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>>
>>
>>

Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-03-08 Thread Sidharth Nandury 
For anyone who is still dealing with Zoom issues on Mac computers
primarily, here are our findings (still troubleshooting the resolution):

We saw packets from wireless clients primarily being dropped every couple
of minutes, leading to a frozen screen/ delayed audio experience for users.
We confirmed dropped packets by using PingPlotter on the end client while
they were experiencing the issue and running a packet capture at the same
time on the end-client machine. What we found was ARP responses from the
client to search for the gateway were being delayed. The client sends out
an ARP request to find the gateway IP and the response is taking over 2-3
seconds leading to the packet being dropped. We can correlate the times of
the dropped packets to the ARP requests.

We have cases opened with our vendors to troubleshoot further. My question
to the wise people here is if anyone has seen this happen or gone further
than we have to resolve this issue?

Thank you.

Sid

On Tue, Feb 16, 2021 at 10:18 AM Hales, David  wrote:

> Checking your session logs after a Zoom call would probably help quite a
> bit.  See if your sessions are staying UDP or if they’re switching to TLS.
> If most of them are staying UDP then you’ve probably got your rules set up
> right.
>
>
>
> *David M. Hales | *
> *Network Systems Administrator, Information Technology Services *
> *Tennessee Tech University *Clement Hall 117
> Cookeville, TN 38505-0001
> ph: 931-372-3983 | fax: 931-372-6130
> http://www.tntech.edu/its
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sidharth Nandury
> *Sent:* Monday, February 15, 2021 3:09 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>
>
>
> *External Email Warning*
>
> *This email originated from outside the university. Please use caution
> when opening attachments, clicking links, or responding to requests.*
> --
>
> We did recently introduce NAT to our wireless subnets this semester and
> are trying to figure out whether the NAT and larger subnets are causing
> issues.
>
>
>
> Sid
>
>
>
> On Mon, Feb 15, 2021 at 3:38 PM James Helzerman  wrote:
>
> Someone mentioned NAT here and got me thinking if this affects NAT vs
> public address more than the other?
>
>
>
> For those having issues, are you NAT'ing on campus?  I dont recall seeing
> or hearing of many issues with Apple and zoom on our campus.  Of course it
> could be that they are not reported either so take my previous statement
> with a grain of salt.  We use public addresses.
>
>
>
> -Jimmy
>
>
>
> On Mon, Feb 15, 2021 at 1:39 PM Tim Tyler  wrote:
>
> Yes, they say both directions, but when I read the “source” column, I
> don’t see anything but zoom client in that column.  That implies to me 100%
> outbound for initiated sessions.
>
> I am concerned about the Mac issue having been brought up here
> though.
>
> Tim
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hurt,Trenton W.
> *Sent:* Monday, February 15, 2021 9:32 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>
>
>
> It says it right above the table listing all the ports and addresses
>
>
>
>
> Zoom firewall rules
>
> To configure your network firewall, please see the following table. All
> rules should be applied both inbound and outbound.
>
>
>
> Sent from my mobile device.
>
>
>
> Trent Hurt
>
>
>
> 5028521513
>
>
>
> University of Louisville
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tim Tyler <
> ty...@beloit.edu>
> *Sent:* Monday, February 15, 2021 10:06 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues
>
>
>
> *CAUTION:* This email originated from outside of our organization. Do not
> click links, open attachments, or respond unless you recognize the sender's
> email address and know the contents are safe.
>
> So I looked at that url mentioned in this dialogue and I didn’t see any
> requirements for inbound.  All sources from what I observed were rules for
> Zoom clients which from a firewall stand point would be outgoing.  I didn’t
> see any initiated sessions incoming requirements.
>
>I am curious.  Is anyone else interpreting this

Websites inaccessible from wireless network - Aruba

2021-09-07 Thread Sidharth Nandury 
Hi All,

Since last Monday we have seen a couple of different websites being blocked
on our Aruba wireless controllers. Spotify has been one of the sites, as
well as all websites hosted on IP 23.185.0.1 (which is our main institution
website - denison.edu). We can confirm that this is being blocked as we see
the "D" (Deny) Flag on the wireless controller. Below is an example of
traffic being blocked to Spotify. Is anyone suing Aruba AOS 8 controllers
seeing this?

(wlc-Thor) #show datapath session | include 35.186.224.25

Source IP or MAC  Destination IP  Prot SPort DPort Cntr Prio ToS Age
Destination TAge PacketsBytes  Flags   CPU ID

- ---  - -   --- ---
---  -- -- --- ---

10.143.203.26 35.186.224.25   652082 4430/0 00   0
tunnel 640  10  0  *FDYCA *  21

10.143.195.85 35.186.224.25   659767 4430/0 00   0
tunnel 5357 00  0*  FDYCA*   27

10.143.225.17835.186.224.25   652292 4430/0 00   0
tunnel 6753 10  0 * FDYCA *  19

10.143.195.85 35.186.224.25   659766 4430/0 00   0
tunnel 5357 10  0  *FDYCA *  27


(wlc-Thor) #show datapath session | include 23.185.0.1
10.143.228.16 23.185.0.1  659500 4430/0 00   0
tunnel 16789 a0  0  *FDYCA*   18
10.143.244.15123.185.0.1  658758 4430/0 00   0
tunnel 553  10  0  *FDYCA*   23
10.143.228.24723.185.0.1  659063 4430/0 00   0
tunnel 13188 a6  384*FDYCA*   27
10.143.228.24723.185.0.1  659062 4430/0 00   0
tunnel 13188 a6  384*FDYCA*   27
10.143.196.26 23.185.0.1  650851 4430/0 00   0
tunnel 5631 10  0  *FDYCA*   17
10.143.196.26 23.185.0.1  650852 4430/0 00   0
tunnel 5631 10  0  *FDYCA*   17
10.143.196.26 23.185.0.1  650853 4430/0 00   0
tunnel 5631 10  0  *FDYCA*   17


We have two 7240xm controllers running AOS v8.6.9 in a cluster with a
Mobility Conductor as a VM. We have a ticket open with TAC and have
escalated it up to ERT, but wanted to also reach out to others.


Thank you.

Sid


-- 

[image: Denison University] 

*Sidharth S. Nandury*
(He, Him, His)
*Infrastructure and Operations Manager*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Burton
Hall 
Office: 740-587-5533 <1-740-587-5533> | Mobile: 516-314-4413
<1-516-314-4413>
nand...@denison.edu
https://denison.edu/campus/technology/service-desk

NOTICE: This email message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely for
the use of the addressee. If the reader of this message is not the intended
recipient, you are hereby notified that any reading, dissemination,
distribution, copying, or other use of this message or its attachments is
strictly prohibited. If you have received this message in error, please
notify the sender immediately by phone or by email, and delete this message
and all copies and backups thereof.

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

2021-09-07 Thread Sidharth Nandury 
So. sigh!

It seems like an end client either statically or for some unknown reason
got assigned the IP address for these websites. The role that the client
was assigned had a policy to "deny" traffic to the internet (as per
design). The part that we did not know was that when a client is going to a
particular destination, the controllers look at the user table to see if
there is an IP and a route available before even going to the role-based
ACLs.

Once we blacklisted the client or deleted the client from the user-table,
the websites were accessible again.

Sid

On Tue, Sep 7, 2021 at 11:29 AM Norman Mourtada 
wrote:

> With 8.6.0.9, no issues.
>
>
>
> (Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
>
> 35.186.224.25 172.16.122.193  6443   58612  0/0 024  3
> tunnel 2306 a5   69 11747  17
>
> 172.16.126.14335.186.224.25   665364 4430/0 024  0
> tunnel 1718 1a   29 3592   TC  26
>
> 172.18.91.115 35.186.224.25   656982 4430/0 00   0
> tunnel 1102 505  14524120  C   29
>
> 172.16.174.33 35.186.224.25   654373 4430/0 024  0
> tunnel 2773 6da  9576   1018764TC  21
>
> 35.186.224.25 172.16.166.198  6443   60052  0/0 024  1
> tunnel 133  de   371269692 31
>
> 172.16.172.51 35.186.224.25   663940 4430/0 024  3
> tunnel 862  5c   17 2849   TC  30
>
> 172.19.90.133 35.186.224.25   654371 4430/0 024  0
> tunnel 1509 890  16133426  TC  18
>
> 172.19.91.45  35.186.224.25   662292 4430/0 024  2
> tunnel 1630 4d   14 2502   TC  27
>
> 35.186.224.25 172.16.166.198  6443   60050  0/0 024  14
> tunnel 133  de   24 8727   31
>
> 172.16.176.74 35.186.224.25   658973 4430/0 024  2
> tunnel 1964 236  35 5322   TC  16
>
> 172.16.176.19335.186.224.25   661015 4430/0 024  1
> tunnel 2160 10   44 15853  FTC 20
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Oachs
> *Sent:* Tuesday, September 7, 2021 10:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from
> wireless network - Aruba
>
>
>
> CAUTION: This email originated from outside of the University. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> Not seeing that issue here.  We are on 8.7.1.4
>
>
>
> (aruba-controller-1) #show datapath session | include 35.186.224.25
> 35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
> tunnel 6347 3cc  30750335  15
> 138.236.82.47 35.186.224.25   657491 4430/0 00   4
> tunnel 5540 382  179117595 C   30
> 35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
> tunnel 972  e20916359  23
> 35.186.224.25 138.236.82.47   6443   57491  0/0 01   4
> tunnel 5540 382  18945940  30
> 138.236.104.6735.186.224.25   664918 4430/0 00   1
> tunnel 6347 3cd  34538357  C   29
> 35.186.224.25 138.236.232.120 6443   61505  0/0 01   0
> tunnel 7052 c15149165  22
> 138.236.250.8535.186.224.25   654833 4430/0 00   1
> tunnel 2686 1a   57 16206  C   27
> 35.186.224.25 138.236.251.120 6443   51735  0/0 01   1
> tunnel 7060 829 3140   F   13
> 138.236.250.8535.186.224.25   654834 4430/0 00   2
> tunnel 2686 18   152179792 C   27
>
>
>
> --Dan
>
>
>
> On Tue, Sep 7, 2021 at 9:40 AM Sidharth Nandury 
> wrote:
>
> Hi All,
>
>
>
> Since last Monday we have seen a couple of different websites being
> blocked on our Aruba wireless controllers. Spotify has been one of the
> sites, as well as all websites hosted on IP 23.185.0.1 (which is our main
> institution website - denison.edu). We can confirm that this is being
> blocked as we see the "D" (Deny) Flag on the wireless controller. Below is
> an example of traffic being blocked to Spotify. Is anyone suing Aruba AOS 8
> controllers seeing this?
>
>
>
> (wlc-Thor) #show datapath session | in

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from wireless network - Aruba

2021-09-07 Thread Sidharth Nandury 
>
>
> Some people who received this message don't often get email from
> fi...@brandeis.edu. Learn why this is important
> <http://aka.ms/LearnAboutSenderIdentification>
>
> *[This message came from an external source. If suspicious, report to
> ab...@ilstu.edu ] *
>
> Check your valid user table config to make sure you only allow the IP
> ranges your DHCP server would give a wireless client.  Otherwise, you can
> end up with user table entries for destination IP's and then those IP's get
> policed by the controller as you were seeing.  Aruba default for that
> config used to allow any any, which is bad...
>
>
>
> Mike
>
>
>
>
>
> On Tue, Sep 7, 2021 at 12:04 PM Sidharth Nandury 
> wrote:
>
> So. sigh!
>
>
>
> It seems like an end client either statically or for some unknown reason
> got assigned the IP address for these websites. The role that the client
> was assigned had a policy to "deny" traffic to the internet (as per
> design). The part that we did not know was that when a client is going to a
> particular destination, the controllers look at the user table to see if
> there is an IP and a route available before even going to the role-based
> ACLs.
>
>
>
> Once we blacklisted the client or deleted the client from the user-table,
> the websites were accessible again.
>
>
>
> Sid
>
>
>
> On Tue, Sep 7, 2021 at 11:29 AM Norman Mourtada 
> wrote:
>
> With 8.6.0.9, no issues.
>
>
>
> (Aruba7220-MC-05) *#show datapath session | include 35.186.224.25
>
> 35.186.224.25 172.16.122.193  6443   58612  0/0 024  3
> tunnel 2306 a5   69 11747  17
>
> 172.16.126.14335.186.224.25   665364 4430/0 024  0
> tunnel 1718 1a   29 3592   TC  26
>
> 172.18.91.115 35.186.224.25   656982 4430/0 00   0
> tunnel 1102 505  14524120  C   29
>
> 172.16.174.33 35.186.224.25   654373 4430/0 024  0
> tunnel 2773 6da  9576   1018764TC  21
>
> 35.186.224.25 172.16.166.198  6443   60052  0/0 024  1
> tunnel 133  de   371269692 31
>
> 172.16.172.51 35.186.224.25   663940 4430/0 024  3
> tunnel 862  5c   17 2849   TC  30
>
> 172.19.90.133 35.186.224.25   654371 4430/0 024  0
> tunnel 1509 890  16133426  TC  18
>
> 172.19.91.45  35.186.224.25   662292 4430/0 024  2
> tunnel 1630 4d   14 2502   TC  27
>
> 35.186.224.25 172.16.166.198  6443   60050  0/0 024  14
> tunnel 133  de   24 8727   31
>
> 172.16.176.74 35.186.224.25   658973 4430/0 024  2
> tunnel 1964 236  35 5322   TC  16
>
> 172.16.176.19335.186.224.25   661015 4430/0 024  1
> tunnel 2160 10   44 15853  FTC 20
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Dan Oachs
> *Sent:* Tuesday, September 7, 2021 10:59 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [EXTERNAL] Re: [WIRELESS-LAN] Websites inaccessible from
> wireless network - Aruba
>
>
>
> CAUTION: This email originated from outside of the University. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe.
>
>
>
> Not seeing that issue here.  We are on 8.7.1.4
>
>
>
> (aruba-controller-1) #show datapath session | include 35.186.224.25
> 35.186.224.25 138.236.104.67  6443   64918  0/0 01   1
> tunnel 6347 3cc  30750335  15
> 138.236.82.47 35.186.224.25   657491 4430/0 00   4
> tunnel 5540 382  179117595 C   30
> 35.186.224.25 138.236.248.10  6443   54342  0/0 01   1
> tunnel 972  e20916359  23
> 35.186.224.25 138.236.82.47   6443   57491  0/0 01   4
> tunnel 5540 382  18945940  30
> 138.236.104.67    35.186.224.25   664918 4430/0 00   1
> tunnel 6347 3cd  34538357  C   29
> 35.186.224.25 138.236.232.120 6443   61505  0/0 01   0
> tunnel 7052 c15149165  22
> 138.236.250.8535.186.224.25   654833 4430/0 00   1
> tunnel 2686 1a   57 16206  C   27
> 35.186.224.25 138.236.251.12

Re: [WIRELESS-LAN] Amazon prime video error (Your device is connected to the internet using a VPN or proxy service)

2021-09-17 Thread Sidharth Nandury 
Interestingly, we had one student report this as of yet. We've seen this
generally with gaming websites such as steam. We've reached out to the
student to test again after Joe mentioned it as "Resolved", but please do
update the list if anyone else has more use cases to know that it is in
fact resolved. If not, we might try to provide the few users a public IP
space as a workaround and test further.

Sid

On Fri, Sep 17, 2021 at 9:24 AM Joe Walker  wrote:

> We recently had this issue as well and funneling through the different
> levels of support on the Amazon Prime TV side just to talk to someone that
> knew what I was talking about was infuriating to say the least. I did
> receive an email this morning from Amazon saying the issue was "resolved"
> but I haven't yet verified.  As far as I can tell there isn't any sort of
> documentation anywhere from Amazon that shows the criteria for what they
> deem to be a VPN or proxy nor is there any documentation on how to
> appeal/remove your IP's from this list.
>
>
>
>
> Joe Walker
>
> Network and Telecommunication Services
>
> Kansas State University
>
> (785)532-4997
>
> f...@ksu.edu
> --
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Muraca, Peppino P. <
> pmur...@stonehill.edu>
> *Sent:* Friday, September 17, 2021 8:17 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject:* [WIRELESS-LAN] Amazon prime video error (Your device is
> connected to the internet using a VPN or proxy service)
>
>
> This email originated from outside of K-State.
>
> Hi everyone, has anyone come across this yet where Prime video will not
> play . this is what is on the screen ( Your device is connected to the
> internet using a VPN or proxy service. Please disable it and try again.) we
> have called Amazon and they told us to contact our ISP . We only see this
> on our wireless networks. Talking with our ISP it seems this is happening
> more and more and what basically has happened is out NAT ip’s for out
> wireless have been black listed and now we have to remove our selves from
> these lists. Has anyone else come across this yet ? if so how successful
> has it been to remove yourself from these lists.
>
>
>
> Thank you
>
> Pino
>
>
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>


-- 

[image: Denison University] 

*Sidharth S. Nandury*
(He, Him, His)
*Infrastructure and Operations Manager*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Burton
Hall 
Office: 740-587-5533 <1-740-587-5533> | Mobile: 516-314-4413
<1-516-314-4413>
nandu...@denison.edu 
https://denison.edu/campus/technology/service-desk

NOTICE: This email message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely for
the use of the addressee. If the reader of this message is not the intended
recipient, you are hereby notified that any reading, dissemination,
distribution, copying, or other use of this message or its attachments is
strictly prohibited. If you have received this message in error, please
notify the sender immediately by phone or by email, and delete this message
and all copies and backups thereof.

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community