from:"Tim Tyler"

RE: [WIRELESS-LAN] Apple product antenna strength vs other?

2021-06-08 Thread Tim Tyler

David, others

  Thanks to all of you that have responded.



I have checked the health and that is good for the Apple devices.  The SNR
values of 20 or even lower are much more concerning for me.  I have seen
others suggest that I need to make sure that neighboring AP’s are on their
own frequency.  I think they are, but I will have to double check.   So it
makes me wonder what else might be broadcasting in the environment that
might be playing a role with interference.   I also need to look at the SNR
of the PC’s to compare.   I have not looked at retry frames.  That is a
really good idea since some are complaining about zoom sessions remaining
reliable over wifi.

   Tim





*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *David Logan
*Sent:* Friday, June 4, 2021 9:50 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Apple product antenna strength vs other?



Tim -



Have you examined the performance data the AP collects about each client
connection which is stored in the Mobility Conductor (fka MM)?



What does the Client Health metric tell you about each device?



Are you aware of the CLI commands you can execute on the MM/AP to look at
VERY detailed client connectivity characteristics?  Don't remember the
exact syntax, but it's in the neighborhood of ap debug client table and ap
debug client stats.  For example, you can pull debug stats on the Apple
devices that will show how many packets Tx/Rx at specific WiFi data rates
that the AP supports.  You can look at retry frames.  etc.



-- David



On Fri, Jun 4, 2021 at 10:18 AM Tim Tyler  wrote:

Wifi experts,



We are running Aruba MM with two controllers on 8.7.3.  Our AP’s are mostly
AP-225’s.

I have had complaints from one of our tech rooms that they were getting a
poor signal.  I finally got around to testing that room out.  The location
of the AP to this room is in an adjacent room.  When I test with Windows
PC’s and Droid phones, the signal and performance is just fine.  When we
tested with Macs and iphones, the signal strength was amazingly weak for
all of them.  We tested with two Macs and two iphones as well as multiple
PC’s and Android phones.  Only the Apple devices had weak signals.  Have
any of you experienced a weaker antenna performance with your Apple devices
on your campuses?



If I put an AP in the room, the Apple devices are fine.  But I am surprised
I would have to do this.  I would not have expected Apple devices to have
weaker antennas.



I did check in Airwave to make sure at least one of the Macs was still
connecting to the same AP.  Any thoughts from anyone?





Tim Tyler

Network Engineer

Beloit College



**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Apple product antenna strength vs other?

2021-06-04 Thread Tim Tyler

Chuck,

We checked bar strength. Macs were in the 2nd out of 3 bars. PC’s were
getting 4 out of 5. I didn’t check the phones. We did bandwidth testing
and Macs were below 10Mb while PC’s were averaging around 150Mb. I did
check Airwave for possible issues. It suggested a poor SNR value for at
least one of the Macs. I didn’t know what to make of that since the PC’s
were not having that issue. Health was not good.

Also, the Macs would drop connections and sometimes have random
difficulty in connecting. No issues with the PC’s or droids.

It was basic testing at this point, but there was no doubt that Macs
struggled performance wise while PC’s didn’t. I do need to go back and
make sure they are all using the same AP. I did check on one Mac, but I
didn’t verify it for all of them.

Tim

*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Enfield, Chuck
*Sent:* Friday, June 4, 2021 9:28 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Apple product antenna strength vs other?

Tim,

If you don’t mind my asking, how are you assessing the performance?

Chuck Enfield

Manager, Wireless & Cellular

Penn State IT

814-863-8715

*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Tyler
*Sent:* Friday, June 4, 2021 10:18 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Apple product antenna strength vs other?

Wifi experts,

We are running Aruba MM with two controllers on 8.7.3. Our AP’s are mostly
AP-225’s.

I have had complaints from one of our tech rooms that they were getting a
poor signal. I finally got around to testing that room out. The location
of the AP to this room is in an adjacent room. When I test with Windows
PC’s and Droid phones, the signal and performance is just fine. When we
tested with Macs and iphones, the signal strength was amazingly weak for
all of them. We tested with two Macs and two iphones as well as multiple
PC’s and Android phones. Only the Apple devices had weak signals. Have
any of you experienced a weaker antenna performance with your Apple devices
on your campuses?

If I put an AP in the room, the Apple devices are fine. But I am surprised
I would have to do this. I would not have expected Apple devices to have
weaker antennas.

I did check in Airwave to make sure at least one of the Macs was still
connecting to the same AP. Any thoughts from anyone?

Tim Tyler

Network Engineer

Beloit College

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ccae104%40PSU.EDU%7Cfc8197cca6b54252bdf508d927639f37%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637584131091387070%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ctebr2J2VXWUkwsOBhqkc8UcQiP6zwZcgH9IP%2BMvvPw%3D&reserved=0>

RE: [WIRELESS-LAN] Apple product antenna strength vs other?

2021-06-04 Thread Tim Tyler

Lee,

Yes, I will have to go back and double verify that all Apples are still
using the same AP.   The Macs only have 3 bars and they were on the 2nd bar
which is not very granular.  But we did do bandwidth testing and the Macs
struggled to connect and had bandwidth below 10Mb while the PC’s were
around 150Mb and performing just fine.  So bandwidth correlated with their
complaints.

   Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
*Sent:* Friday, June 4, 2021 9:26 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Apple product antenna strength vs other?



Are you checking to make sure the Apple clients are connecting to the AP
you expect them to, versus maybe sticking to one further away? I see you
mention you did that for one Mac, but Apple devices can be sticky- I would
check them all and don't fall into the trap of expecting all Apple products
to behave similiarly (especially between iOS and OS X).



Also, are you actually quantifying signal somehow versus simply looking at
the "bars"?



-Lee



*Lee Badman* | Network Architect | CWNE #200

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

*t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu

*SYRACUSE UNIVERSITY*
syr.edu


--

*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tim Tyler 
*Sent:* Friday, June 4, 2021 10:18 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
*Subject:* [WIRELESS-LAN] Apple product antenna strength vs other?



Wifi experts,



We are running Aruba MM with two controllers on 8.7.3.  Our AP’s are mostly
AP-225’s.

I have had complaints from one of our tech rooms that they were getting a
poor signal.  I finally got around to testing that room out.  The location
of the AP to this room is in an adjacent room.  When I test with Windows
PC’s and Droid phones, the signal and performance is just fine.  When we
tested with Macs and iphones, the signal strength was amazingly weak for
all of them.  We tested with two Macs and two iphones as well as multiple
PC’s and Android phones.  Only the Apple devices had weak signals.  Have
any of you experienced a weaker antenna performance with your Apple devices
on your campuses?



If I put an AP in the room, the Apple devices are fine.  But I am surprised
I would have to do this.  I would not have expected Apple devices to have
weaker antennas.



I did check in Airwave to make sure at least one of the Macs was still
connecting to the same AP.  Any thoughts from anyone?





Tim Tyler

Network Engineer

Beloit College



**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

[WIRELESS-LAN] Apple product antenna strength vs other?

2021-06-04 Thread Tim Tyler

Wifi experts,



We are running Aruba MM with two controllers on 8.7.3.  Our AP’s are mostly
AP-225’s.

I have had complaints from one of our tech rooms that they were getting a
poor signal.  I finally got around to testing that room out.  The location
of the AP to this room is in an adjacent room.  When I test with Windows
PC’s and Droid phones, the signal and performance is just fine.  When we
tested with Macs and iphones, the signal strength was amazingly weak for
all of them.  We tested with two Macs and two iphones as well as multiple
PC’s and Android phones.  Only the Apple devices had weak signals.  Have
any of you experienced a weaker antenna performance with your Apple devices
on your campuses?



If I put an AP in the room, the Apple devices are fine.  But I am surprised
I would have to do this.  I would not have expected Apple devices to have
weaker antennas.



I did check in Airwave to make sure at least one of the Macs was still
connecting to the same AP.  Any thoughts from anyone?





Tim Tyler

Network Engineer

Beloit College

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Aruba 8.7 issues

2021-05-21 Thread Tim Tyler

Chris,

  Well, I have a mix of problems.  Since I moved to a MM dual controller
scenario, roaming for students stopped working properly at 8.7.1.0.  So I
upgraded to 8.7.1.3 and that seemed to mostly fix it though there are some
delays when going to a new ip address segment.  Those delays didn’t exist
for me in 6.8.x.x but the delays are only 30 to 60 seconds so livable for
the moment.  I didn’t have these delays when I was on a single controller
with the same configuration.   I will fix that this summer when I make the
IP’s follow everyone from zone to zone which should get rid of this roaming
issue.

  But lately I have had a few complaints where they say wireless went away
on them.  I don’t see evidence in Airwave.  I have only been on 8.7.1.3 for
about 2 weeks now so these complaints make me paranoid.  Some of these
complaints are from our own tech team.  When I go in to test, I don’t
observe it.   I am hopefully going to meet with one of them today to see
why they keep having issues with what they think is poor signal quality
when it is perfect for me in the same location.

   Before I moved to Mobility Manager, I had maybe 2 wireless complaints a
semester.  After moving from 6.x.x.x to 8.7.x.x in MM complaints shot
through the roof for me.  Aruba helped fine tune some of this for me and
upgrading to 8.7.1.3 seems a lot more stable, but I am only working on 2
weeks of it so far.   If I had to do over, I would have gone to the latest
8.6 version instead.  If I learn anything more today, I will post again.

  Tim

*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Johnson, Christopher
*Sent:* Friday, May 21, 2021 10:12 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Aruba 8.7 issues

Tim,

I'm curious what kind of issues you're seeing? We predominately have 225s,
205Hs and 205s - so I'm interested a bit more in what you're seeing.

I second the thanks again for all the great feedback/experiences on ArubaOS
Versions everyone is sharing. 😊

Christopher Johnson

Wireless Network Engineer

Office of Technology Solutions | Illinois State University

(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on Facebook and
Twitter

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Rob Harris
Sent: Thursday, May 20, 2021 8:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 8.7 issues

[This message came from an external source. If suspicious, report to
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]

The "conservative" branch is considered stable for everyone. We don't go
beyond conservative in production unless there's a really compelling reason
to.

-Original Message-

From: The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Tim Tyler

Sent: Thursday, May 20, 2021 9:37 AM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Aruba 8.7 issues

James,

  Does Aruba state what is the last stable version?  I am seriously
wondering if going backwards is an option because I am currently seeing
some issues as well, but I just upgraded a little over a week ago to
8.7.1.3.  We use 325's and 225's predominately.  I haven't opened a ticket
yet.  I was hoping to get through the semester first and then address it.
I wonder I others are stable on the latest Aruba version?

Tim

-Original Message-

From: The EDUCAUSE Wireless Issues Community Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] On Behalf Of James Andrewartha

Sent: Tuesday, May 18, 2021 11:40 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Aruba 8.7 issues

On 19/5/21 5:07 am, Johnson, Christopher wrote:

> So how's the ArubaOS 8.7 code train treating everyone these days?

> We're looking at doing some maintenance here shortly and moving from

> 8.5.0.11 to 8.6 code train for some mini OS enhancements - and looking

> at a couple AP-575 APs (which of course requires 8.7 minimum) - from

> this thread I'm getting a strong "Do Not Engage" vibe. But interested

> in everyone's thoughts given the additional few months that have

> passed since then?

We run mostly 515s (~150) with a ~10 503Hs (which are the reason we went
from 8.5.0.11 to 8.7.1.1, now on 8.7.1.3). Since upgrading there's multiple
AP crashes per day on both 515 and 503H platforms. There's not a common
crash signature, but reading between the lines I think there's some sort of
memory leak that is affecting them. TAC have said they have had to go to
Broadcom for a fix. Honestly it's not actually too bad since they reboot
and come back into service automatically. But I still wouldn't

RE: [WIRELESS-LAN] Aruba 8.7 issues

2021-05-20 Thread Tim Tyler

James,
  Does Aruba state what is the last stable version?  I am seriously
wondering if going backwards is an option because I am currently seeing some
issues as well, but I just upgraded a little over a week ago to 8.7.1.3.  We
use 325's and 225's predominately.  I haven't opened a ticket yet.  I was
hoping to get through the semester first and then address it.  I wonder I
others are stable on the latest Aruba version?
 Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Andrewartha
Sent: Tuesday, May 18, 2021 11:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba 8.7 issues

On 19/5/21 5:07 am, Johnson, Christopher wrote:
> So how’s the ArubaOS 8.7 code train treating everyone these days?
> We’re looking at doing some maintenance here shortly and moving from
> 8.5.0.11 to 8.6 code train for some mini OS enhancements – and looking
> at a couple AP-575 APs (which of course requires 8.7 minimum) – from
> this thread I’m getting a strong “Do Not Engage” vibe. But interested
> in everyone’s thoughts given the additional few months that have
> passed since then?

We run mostly 515s (~150) with a ~10 503Hs (which are the reason we went
from 8.5.0.11 to 8.7.1.1, now on 8.7.1.3). Since upgrading there's multiple
AP crashes per day on both 515 and 503H platforms. There's not a common
crash signature, but reading between the lines I think there's some sort of
memory leak that is affecting them. TAC have said they have had to go to
Broadcom for a fix. Honestly it's not actually too bad since they reboot and
come back into service automatically. But I still wouldn't recommend it if
you have either model.

Also on 8.7.1.1 I had a weird problem with the 515s where they would
randomly start getting 50% packet loss, which would clear after a reboot. I
haven't seen that since going to 8.7.1.3 40 days ago so I think it's fixed.
This one was more of a problem since clients would try to connect and fail
and not try another AP, so it actually caused ongoing outages.

We also have a 375 and 377 but they've been fine.

Thanks,

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-02-15 Thread Tim Tyler

Yes, they say both directions, but when I read the “source” column, I don’t
see anything but zoom client in that column.  That implies to me 100%
outbound for initiated sessions.

I am concerned about the Mac issue having been brought up here though.

Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hurt,Trenton W.
*Sent:* Monday, February 15, 2021 9:32 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues



It says it right above the table listing all the ports and addresses





Zoom firewall rules

To configure your network firewall, please see the following table. All
rules should be applied both inbound and outbound.



Sent from my mobile device.



Trent Hurt



5028521513



University of Louisville












--

*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tim Tyler 
*Sent:* Monday, February 15, 2021 10:06 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues



*CAUTION:* This email originated from outside of our organization. Do not
click links, open attachments, or respond unless you recognize the sender's
email address and know the contents are safe.

So I looked at that url mentioned in this dialogue and I didn’t see any
requirements for inbound.  All sources from what I observed were rules for
Zoom clients which from a firewall stand point would be outgoing.  I didn’t
see any initiated sessions incoming requirements.

   I am curious.  Is anyone else interpreting this differently?



I should note that I never set any incoming rules last semester and had
minimal complaints on zoom which would seem to affirm that one doesn’t need
an incoming rule.  Am I missing something here?

Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hales, David
*Sent:* Friday, February 12, 2021 4:25 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues



Are the blocks that you’re seeing coming from one of the Zoom subnets in
the listing?
https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.zoom.us%2Fhc%2Fen-us%2Farticles%2F201362683-Network-firewall-or-proxy-server-settings-for-Zoom&data=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7Cadb69f2efe2d4909aca308d8d1c34776%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637489983972731784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=G1hZUMIepf6fF493PZym%2By%2BqtswOmcia78k%2FEiQMRhw%3D&reserved=0>
speicifies that all the subnets should be allowed both inbound and
outbound.  It might not all be bidirectional from the initially contacted
outbound destination.  Some responses might come from other servers in the
Zoom subnets depending on routing and what servers participants connect to
possibly.  That might explain the blocks you’re seeing.  I set up my
firewall with rules to allow inbound and outbound with those outside
subnets and the services they listed just in case some of the connections
aren’t stateful since it might be doing some sort of multi-peering model.



*David Hales*

*Network Systems Administrator*



Information Technology Services

Tennessee Tech University

1010 N. Peachtree Av., CLEM117

Cookeville, TN 38505

*P:* 931-372-3983

*E: *dha...@tntech.edu



*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *John Rodkey
*Sent:* Friday, February 12, 2021 4:21 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues



*External Email Warning*

*This email originated from outside the university. Please use caution when
opening attachments, clicking links, or responding to requests.*
--

These are all outbound 8801 connections?  We don't block outbound, but we
do block inbound, and our firewall is blocking a number on port 8801.

Zoom's Firewall article https://support.zoom.us/hc/en-us/articles/201362683
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.zoom.us%2Fhc%2Fen-us%2Farticles%2F201362683&data=04%7C01%7CTrent.hurt%40LOUISVILLE.EDU%7Cadb69f2efe2d4909aca308d8d1c34776%7Cdd246e4a54344e158ae391ad9797b209%7C0%7C0%7C637489983972731784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=APnjnCur72s2Vtc8x0LktbaY4%2Fj3z5XZ1IzCBrXdd68%3D&reserved=0>
only shows outbound as being required, but the inbound traffic is puzzling.



John Rodkey

Director of Servers and Networks

Westmont Col

RE: [WIRELESS-LAN] Macbook zoom wireless dropout issues

2021-02-15 Thread Tim Tyler

So I looked at that url mentioned in this dialogue and I didn’t see any
requirements for inbound. All sources from what I observed were rules for
Zoom clients which from a firewall stand point would be outgoing. I didn’t
see any initiated sessions incoming requirements.

I am curious. Is anyone else interpreting this differently?

I should note that I never set any incoming rules last semester and had
minimal complaints on zoom which would seem to affirm that one doesn’t need
an incoming rule. Am I missing something here?

Tim

*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hales, David
*Sent:* Friday, February 12, 2021 4:25 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

Are the blocks that you’re seeing coming from one of the Zoom subnets in
the listing?
https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom
speicifies that all the subnets should be allowed both inbound and
outbound. It might not all be bidirectional from the initially contacted
outbound destination. Some responses might come from other servers in the
Zoom subnets depending on routing and what servers participants connect to
possibly. That might explain the blocks you’re seeing. I set up my
firewall with rules to allow inbound and outbound with those outside
subnets and the services they listed just in case some of the connections
aren’t stateful since it might be doing some sort of multi-peering model.

*David Hales*

*Network Systems Administrator*

Information Technology Services

Tennessee Tech University

1010 N. Peachtree Av., CLEM117

Cookeville, TN 38505

*P:* 931-372-3983

*E: *dha...@tntech.edu

*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *John Rodkey
*Sent:* Friday, February 12, 2021 4:21 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Macbook zoom wireless dropout issues

*External Email Warning*

*This email originated from outside the university. Please use caution when
opening attachments, clicking links, or responding to requests.*
--

These are all outbound 8801 connections? We don't block outbound, but we
do block inbound, and our firewall is blocking a number on port 8801.

Zoom's Firewall article https://support.zoom.us/hc/en-us/articles/201362683

only shows outbound as being required, but the inbound traffic is puzzling.

John Rodkey

Director of Servers and Networks

Westmont College

*Verification*: Unsure if this is a legitimate email to an email list? Make
sure it is recorded at *https://my.westmont.edu/it_emails
*

"*God-fearing faith... is neither brash nor foolhardy and does not tempt
God."* - Martin Luther

On Fri, Feb 12, 2021 at 8:54 AM Hales, David wrote:

Zoom starts out trying UDP/8801, then if that fails goes to TCP/8801. Then
if that fails it runs SSL on TCP/443. Then if that fails the user has to
use the web client over http/https. You can find the networks needed in an
automatically updated text list format for linking to dynamic firewall
rules at the follow URLs:

https://assets.zoom.us/docs/ipranges/ZoomMeetings.txt

https://assets.zoom.us/docs/ipranges/Zoom.txt

RE: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] protecting AP's in a gym?

2021-01-29 Thread Tim Tyler

Thanks everyone.  Very helpful.  Oberon seems to be the most popular choice.

Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Shoebottom, Bryan
*Sent:* Friday, January 29, 2021 6:13 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] protecting AP's in
a gym?



We are about to install APs and antennas within an Oberon enclosure,
specifically:

https://oberoninc.com/products/1021-00/



They’re NEMA4 rated and we’re hoping they’ll handle any abuse.



--

Regards,



*Bryan Shoebottom*

*Network & Systems Specialist*



*Network Services & Computer Operations*

1001 Fanshawe College Blvd. London, ON N5Y 5R6

T 519.452.4430 x4904 | F 519.453.3231

bshoebot...@fanshawec.ca



[image: cid:582C4514-D41F-48FA-94E1-89D38DB527CB]



*From:* Enfield, Chuck 
*Sent:* January 28, 2021 12:17 PM
*Subject:* Re: [EXTERNAL] [WIRELESS-LAN] protecting AP's in a gym?



We use an appropriately sized polyethylene or ABS NEMA box.  No need for
fiber reinforcement.  I don’t have sensitive enough equipment to detect any
RF performance difference (signal strength, data rate, retry rate, etc.)
between cover on vs. off tests.  Some of them have been painted with latex
wall paint and that hasn’t hurt performance either.  We’ve been using them
sealed for years and haven’t had a problem with AP reliability or service
life due to heat, but it’s also cheap and easy to drill a few ½” vent holes
in the top and bottom if heat is a concern. (I recommend venting if it’s in
an unconditioned space.)  We’ve purchased them a little larger than
required and haven’t had to replace them when we life-cycled APs, but the
switch to AX models is probably going to finally require new boxes for us.
They’re cheap, flexible, and available off-the-shelf.



That said, I have nothing bad to say about the Oberon products others have
suggested.



Chuck Enfield

Manager, Wireless & Cellular

Penn State IT

814-863-8715



*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Mallon, Jason
*Sent:* Thursday, January 28, 2021 11:26 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] [EXTERNAL] [WIRELESS-LAN] protecting AP's in
a gym?



Hey Tim,

We are using something similar to what is in the link, and from what I can
tell it does a fairly good job.  We have an AP right behind one of the
goals, so I know it has been hit a few times.



https://oberoninc.com/products/1026-20168-c/
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Foberoninc.com%2Fproducts%2F1026-20168-c%2F&data=04%7C01%7Ccae104%40PSU.EDU%7C7708510680064d845b1708d8c3a97616%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637474479886330980%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=ZulUW15Xu7YI%2B9wl5F8XRcpw3Mgr8Gd2PVYf%2F0MvvLk%3D&reserved=0>




Thanks,

*Jason Mallon* | Network Engineer III

[image:
/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/90F25235.tmp]


OIT
The University of Alabama
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ua.edu%2F&data=04%7C01%7Ccae104%40PSU.EDU%7C7708510680064d845b1708d8c3a97616%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637474479886340975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=EkSLokgn6yp3G4lIQ1gtPDm0NMZVUWwZdOU%2BkVZq6w0%3D&reserved=0>
jemal...@ua.edu

[image:
/var/folders/h2/r448cc4j4_v70yns10brx6r0gq/T/com.microsoft.Outlook/Content.MSO/8434B70B.tmp]




*From: *The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Tim Tyler 
*Date: *Thursday, January 28, 2021 at 10:21 AM
*To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
*Subject: *[EXTERNAL] [WIRELESS-LAN] protecting AP's in a gym?

Wireless managers,

  We have some Aruba 325 AP’s in a gym and I am wondering what some of you
use to protect them from physical damage such as a softball ball, etc?  Do
you use some sort of a cage?  If so what?  If it uses metal, does it
interfere with your signal strength?







Tim Tyler

Network Engineer

Beloit College



**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Ccae104%40PSU.EDU%7C7708510680064d845b1708d8c3a97616%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637474479886340975%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI

[WIRELESS-LAN] protecting AP's in a gym?

2021-01-28 Thread Tim Tyler

Wireless managers,

  We have some Aruba 325 AP’s in a gym and I am wondering what some of you
use to protect them from physical damage such as a softball ball, etc?  Do
you use some sort of a cage?  If so what?  If it uses metal, does it
interfere with your signal strength?







Tim Tyler

Network Engineer

Beloit College

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

2020-08-19 Thread Tim Tyler

ver, from what I saw, even
if I disable some of the Public CAs - the wireless supplicant still seems to
trust them.

Christopher Johnson
Wireless Network Engineer
Office of Technology Solutions | Illinois State University
(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on Facebook and
Twitter


-----Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv
 On Behalf Of Tim Tyler
Sent: Wednesday, August 19, 2020 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates
affecting 802.1X?

[This message came from an external source. If suspicious, report to
ab...@ilstu.edu<mailto:ab...@ilstu.edu >]

I was told by Sertigo that all commercial certs would be affected.  We just
bought the last 2 year expirations we could get away with for both 802.1x
and https.

The reason I am told has to do with so many smaller establishments that go
out of business before their cert expires leaving the cert as a security
vulnerability for consumers.  I just wish there was a way to allow for the
longer certs for those of us that have a long history of existence and
stability.  Such a pain.

And I am told they are debating quarterly cert replacements in the future.
That would turn cert management into a much bigger responsibility if that
were to happen.  Hopefully that doesn’t happen.

And yes, if you want to manage EAP with your own self cert, I believe you
can use a longer expiration.
 Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] On Behalf Of Andrew Gallo
Sent: Wednesday, August 19, 2020 8:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] New certificate expiration for certificates
affecting 802.1X?

Does anyone know if the new, shorter certificate expiration for TLS that
Apple announced (and Google is following) will affect 802.1X authentication?

Thanks
--

Andrew Gallo
The George Washington University


**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C174f3ee1f58546491eb208d8444d01da%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63733825739457&sdata=M3cLiVvxdMmZOn9buSdgXiv1IEu6KE9EcQVWkKlVxkk%3D&reserved=0
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7c7bf97bbf244d5a574a08d8445aaf34%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637334503588747580&sdata=JyTqX7fgKwhAuwJh0eisqOhRrCklIcLC4FThQPD86Rc%3D&reserved=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C174f3ee1f58546491eb208d8444d01da%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63733825739457&sdata=M3cLiVvxdMmZOn9buSdgXiv1IEu6KE9EcQVWkKlVxkk%3D&reserved=0
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7c7bf97bbf244d5a574a08d8445aaf34%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637334503588757531&sdata=GX4%2BKY6ffLO8igUIlg3uaPKWWFtqSO6%2BSMKZqu6MhtM%3D&reserved=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C174f3ee1f58546491eb208d8444d01da%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63733825739457&sdata=M3cLiVvxdMmZOn9buSdgXiv1IEu6KE9EcQVWkKlVxkk%3D&reserved=0
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7c7bf97bbf244d5a574a08d8445aaf34%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637334503588767486&sdata=2G0RYvMo1nimVZ91nCqHgLH9mDvH20cMlh0oyL9FDpQ%3D&reserved=0>

**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

2020-08-19 Thread Tim Tyler

I was told by Sertigo that all commercial certs would be affected.  We just
bought the last 2 year expirations we could get away with for both 802.1x
and https.

The reason I am told has to do with so many smaller establishments that go
out of business before their cert expires leaving the cert as a security
vulnerability for consumers.  I just wish there was a way to allow for the
longer certs for those of us that have a long history of existence and
stability.  Such a pain.

And I am told they are debating quarterly cert replacements in the future.
That would turn cert management into a much bigger responsibility if that
were to happen.  Hopefully that doesn’t happen.

And yes, if you want to manage EAP with your own self cert, I believe you
can use a longer expiration.
 Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Community Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Andrew Gallo
Sent: Wednesday, August 19, 2020 8:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] New certificate expiration for certificates
affecting 802.1X?

Does anyone know if the new, shorter certificate expiration for TLS that
Apple announced (and Google is following) will affect 802.1X authentication?

Thanks
-- 

Andrew Gallo
The George Washington University


**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] [External] [WIRELESS-LAN] Google Home Different SSIDs

2019-12-13 Thread Tim Tyler

Yep, that is exactly what we have had to do sometimes.  Get both devices
including the 802.1x device on the same SSID and then after all is working
move the 802.1x back to the preferred SSID.  Sort of a pain.   Many vendors
don’t care about layer 3 solutions.

Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Norton, Thomas (Network
Operations)
*Sent:* Thursday, December 12, 2019 3:09 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] [External] [WIRELESS-LAN] Google Home
Different SSIDs



Hey there,



We do the same thing at LU, but on two separate vlans utilizing Aruba
airgroup. Unfortunately, Google in their wonderless glory made it a
dependency for initial setup, and baked it into the app.



To my knowledge there is no away around it, as it requires seeing the
devices on the same SSID before finalizing configuration.  I would love to
hear if anyone has figured a way around it as well. I attempted to reach
out to our google rep with no avail.



Once configured, you can move the handset to a separate ssid/network.

*T.J. Norton*

*Wireless Network Architect*
*Network Operations*

*Office: (434) 592-6552 <(434)%20592-6552> *



[image: http://www.liberty.edu/media/1616/40themail/wordmark-for-email.jpg]

*Liberty University  |  Training Champions for Christ since 1971*



On Dec 12, 2019, at 2:37 PM, Robert Schneider 
wrote:


--

[ EXTERNAL EMAIL: Do not click any links or open attachments unless you
know the sender and trust the content. ]
--

Hi All,



We keep our smart devices and student networks on two separate SSIDs. The
backend is the same network and hands out the same IPs. Recently, the
Google Home app doesn't seem to want to complete the setup until it sees
that the phone and Google Home Mini are on the same SSID. I can't see that
we're blocking anything, so I'm at a lost of what to do next.



Is anyone else experiencing a similar issue? If not, any tips to get this
to work? We have an Aruba wireless environment.


*Robert Schneider*

Network Engineer
Information Technology | Rollins College
407.628.6380 | rschnei...@rollins.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Joining Sonos to a campus network

2019-11-27 Thread Tim Tyler

Bruce,

It has been awhile, but I recall having done it a couple times.  We used
mac address authentication in our case.   I remember though having Aruba
having to add in some code to the controller to allow it to work after
Sonos had done an upgrade a couple years ago.   I would hope by now that
code is standard.It is tricky.  I think the last step of peering you
just skip.  Once both are connected and see each other, they just peer.
Meaning, don’t wait for the client to say success.  Just start sending
music, etc.  Can’t remember the interface anymore because it’s been two
years.  I do remember it took us forever to get it working.

  This brings up another notion to me.  It was once mentioned on one of the
Educause lists that there really is no consequence to having one large flat
subnet for your wifi.  This goes against my normal Ethernet arp
broadcasting instincts.  But if this is true, it seems many of us would be
better served with a sufficiently large layer 2 subnet and avoid layer 3
issues altogether.   I am thinking of changing our wifi network to get rid
of pooled vlans and just having one flat large vlan next summer.  Seems
like this would get rid of a number of issues for support.   I would be
curious about what others think.  Wifi is not the same as Ethernet and I
don’t think there are really any efficiencies by having multiple vlans in
wifi unlike Ethernet which would reduce arp traffic, security, etc.

  Tim



*From:* The EDUCAUSE Wireless Issues Community Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Entwistle, Bruce
*Sent:* Wednesday, November 27, 2019 10:59 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Joining Sonos to a campus network



I have been working on getting the first one of these connected to our
wireless HP/Aruba network, by creating a new wireless LAN that meets the
Sonos requirements.  So far the efforts have not been successful, so it
there is someone who has figured this out please let me know.



Thank you

Bruce Entwistle

Network Manager

University of Redlands





*From:* The EDUCAUSE Wireless Issues Community Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Paul Reimer
*Sent:* Wednesday, November 27, 2019 8:34 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Joining Sonos to a campus network



EXTERNAL EMAIL: Proceed with caution when clicking on links or opening
attachments.



Hi everyone,



I was wondering how you’re managing actually joining Sonos products to your
network. If you’ve had the pleasure of setting some of these up you may
know why I need to ask.



They don’t really like to individually be directed to join a network and
they don’t really have a UI that just lets you log in a manage a units
network connection.



The best I’ve come up with is a kind of convoluted process that requires
setting them up wired first and then directing the set you want to manage
with a given (newly required) user account to join the network at the same
time.



I think there’s also differences between product lines. So far my
experience is with Play:1’s, Play:5’s, and Connects which our process works
with.



Thanks,



*Paul Reimer*

UW-IT | Network Design and Architecture

Wi-Fi Engineer

4545 15th AVE NE Seattle, WA 98105
Office 206.543.8902 | Mobile 850.408.0747

prei...@uw.edu

[image: uwit_email]



**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community


**
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy
and paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Question regarding the support of WiFi Calling and texting

2017-10-25 Thread Tim Tyler

Thomas,

I can’t point you to a specific document they have, but I can share my
summary ticket with PaloAlto on the matter. Tier one had no idea. It
took Tier two to inform me of the differences in their platforms.
Ultimately, I created an ingress policy for ipsec-esp application-default.
Below is a copy and paste of the summary from PA:

Comment:
Hi TIm

Here is a brief summary of the session that we had

Issue

Calling over wifi failing , the traffic works only when there is an
explicit rule that allows the return traffic

Troubleshooting

We saw that the traffic was identified as ipsec-esp
We were on a 5220 platform
The 5200 series of firewalls has architecture that is similar to 7000
series
As discussed we were made aware of an issue with the ipsec traffic handling
on the 7000 series firewall, after internal investigation it was noted that
this was expected behavior on the platform as the offload processor needs
to do initial flow lookup, with IP addresses and SPI in the packet as the
key.
The offload processor cannot distinguish PANOS terminated ESP/AH sessions
vs. pass through. So PANOS has to create sessions with specific SPI values
unlike other platforms adn hence the requirement for a policy to allow the
return traffic

Let me know if you have any further questions or concerns on this

Tim

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *McClintic, Thomas
*Sent:* Wednesday, October 25, 2017 10:11 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Question regarding the support of WiFi
Calling and texting

Tim,

Do you have anything with a link to this information from Palo Alto’s
perspective? Ie. which protocols and such.

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Tuesday, October 24, 2017 11:08 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Question regarding the support of WiFi
Calling and texting

Vikki,

What are you using for a firewall? We had to open up a couple ingress
protocols after we upgraded our PA firewall. These protocols need to talk
to servers on the Internet. PA’s latest models will block the handshaking
unless ingress is open. We found this to be predominately true for Apple
phones, but seldom for Androids. It also depending on the service. We
have no complaints now.

Tim

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Vikki Cutrone
*Sent:* Tuesday, October 24, 2017 10:40 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Question regarding the support of WiFi
Calling and texting

We are running Eduroam as our SSID, my Android phone can use eduroam to
make WiFi calls or Texts, some users on campus, primary Apple devices
cannot. I was wondering if campuses are maintaining a best effort
posture/policy regarding BYOD's ?

Thanks

On Tue, Oct 24, 2017 at 11:33 AM, Yahya M. Jaber
wrote:

Can you give us an example on the issues reported?, so I can understand
your issue more.

Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.

Sent from an Android

On Oct 24, 2017 17:25, Vikki Cutrone wrote:

I am the Network Administrator at Vassar College and I was wondering what
position institutions were taking regarding support and troubleshooting of
clients trying to use the wireless for wifi calling and wifi texting? I am
getting a large amount of requests for this service but with the multitude
of cell phones, operating systems and cell providers it is impossible to
keep up. Any input about your institution's policy or thoughts on a
potential policy would be greatly appreciated.

Thank you in advance!

Vikki Cutrone

Network Administrator

Vassar College, Box 13

124 Raymond Ave
<https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D124-2BRaymond-2BAve-250D-2BPoughkeepsie-2C-2BNY-2B12604-26entry-3Dgmail-26source-3Dg&d=DwMFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=V-B23RpM6-AN3SouKSAIckW0yrCFMe91rn8n1_wMwSk&s=DgYQwyycgrZ77ZFlzelZE00z6cRj5AThKQQp6jyQ0JI&e=>

Poughkeepsie, NY 12604
<https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D124-2BRaymond-2BAve-250D-2BPoughkeepsie-2C-2BNY-2B12604-26entry-3Dgmail-26source-3Dg&d=DwMFaQ&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=V-B23RpM6-AN3SouKSAIckW0yrCFMe91rn8n1_wMwSk&s=DgYQwyycgrZ77ZFlzelZE00z6cRj5AThKQQp6jyQ0JI&e=>
-0013

845-437-7231

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www

RE: [WIRELESS-LAN] Question regarding the support of WiFi Calling and texting

2017-10-24 Thread Tim Tyler

Vikki,

  What are you using for a firewall?  We had to open up a couple ingress
protocols after we upgraded our PA firewall.  These protocols need to talk
to servers on the Internet. PA’s latest models will block the handshaking
unless ingress is open.  We found this to be predominately true for Apple
phones, but seldom for Androids.   It also depending on the service.  We
have no complaints now.



Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Vikki Cutrone
*Sent:* Tuesday, October 24, 2017 10:40 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Question regarding the support of WiFi
Calling and texting



We are running Eduroam as our SSID,  my Android phone can use eduroam to
make WiFi calls or Texts, some users on campus, primary Apple devices
cannot.  I was wondering if campuses are maintaining a best effort
posture/policy  regarding BYOD's ?



Thanks



On Tue, Oct 24, 2017 at 11:33 AM, Yahya M. Jaber 
wrote:

Can you give us an example on the issues reported?, so I can understand
your issue more.





Yahya Jaber.
CCIE Wireless.
055-869-7555
ITNC Engineering.
KAUST.



Sent from an Android



On Oct 24, 2017 17:25, Vikki Cutrone  wrote:

I am the Network Administrator at Vassar College and I was wondering what
position  institutions were taking regarding support and troubleshooting of
clients trying to use the wireless for wifi calling and wifi texting?  I am
getting a large amount of requests for this service but with the multitude
of  cell phones, operating systems and cell providers it is impossible to
keep up.  Any input about your institution's policy or thoughts on a
potential policy would be greatly appreciated.



Thank you in advance!



-- 

Vikki Cutrone

Network Administrator

Vassar College, Box 13

124 Raymond Ave


Poughkeepsie, NY 12604

-0013



845-437-7231

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.




--

This message and its contents including attachments are intended solely for
the original recipient. If you are not the intended recipient or have
received this message in error, please notify me immediately and delete
this message from your computer system. Any unauthorized use or
distribution is prohibited. Please consider the environment before printing
this email.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.





-- 

Vikki Cutrone

Network Administrator

Vassar College, Box 13

124 Raymond Ave

Poughkeepsie, NY 12604-0013



845-437-7231

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-16 Thread Tim Tyler

This brings up an issue where I have philosophically wondered if mac
address authentication isn’t better than 802.11x (wpa2). The reason isn’t
because it guards the network better. But if one does get hacked at the
point of accessing the network, the consequences are way less. One isn’t
giving a way the keys to their other accounts. I know some institutions
do use mac address authentication as their primary access method. It is
difficult for institutions that can’t afford pricey on-boarding solutions
to manage certificate lock downs. Hence, man in the middle attacks become
prevalent as well.

We already use mac address authentication for devices that won’t support
802.1x. I keep wondering now if I shouldn’t make that our primary solution
someday. I am curious as to what others think.

Tim

*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Turner, Ryan H
*Sent:* Monday, October 16, 2017 6:51 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Big flaw in WPA2

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Ryan Turner

Manager of Network Operations, ITS

The University of North Carolina at Chapel Hill

+1 919 274 7926 Mobile

+1 919 445 0113 Office

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Backup power

2017-07-20 Thread Tim Tyler

It is a mixed bag for us.  We have over 80 closets on our campus.   If we
think a location has reliable power, we don’t bother and we just replace a
switch if something happens.  We did identify 5 residential buildings that
have unreliable power so we put UPS’s in them.   The other buildings
literally can stay up all 365 days.  Of course we always use USP’s in our
main computing centers and distribution points.   If by some chance a
switch were to actually get damaged, it is likely the vendor would replace
it for free anyways.   We keep a few spares to handle one or two buildings
quickly if ever necessary.   The economics of not having UPS’s everywhere
can sure buy a lot of switches and other things.  We are not Google or
Amazon so 100% reliability is not worth the cost to us at the edge.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Sandra Bury
*Sent:* Thursday, July 20, 2017 10:02 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Backup power



Good morning -



I would be interested to know how many of you include UPS purchases for
switches in each network closet in your campus deployments. If you do not
build in backup power, do you put your switches on a maintenance contract,
or do you pay to replace them when they fail outside of warranty?



Thanks very much.



Sandy


*Sandra H. Bury*

Executive Director, Computing Services

Information Resources and Technology

Bradley University

309-677-2808

sa...@bradley.edu





** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment

2017-07-11 Thread Tim Tyler

I think this is an excellent topic that has made me wonder.  Given that so
many users don’t secure their radius client profile, I have often thought
mac address authentication might be a better option, but it would require a
convenient registration method.  If someone uses a man in the middle attack
against a mac address, the consequences are minimal.  If someone does it
against usernames and password, they likely will have access to their other
accounts as well.  If people can on-board a full PEAP with certificate lock
down solution, then it is the best.  But if many of your clients are not
getting the cert loaded and the client dependent on it, then it makes me
wonder if mac address authentication isn’t better in the bigger picture of
things.

  I am still using PEAP, but I am constantly thinking about mac address
authentication.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Waldrep
*Sent:* Tuesday, July 11, 2017 9:58 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] EAP-PEAP risk/benefit assessment



We acknowledged that many users are going to connect without using an
on-boarding tool, and almost no one is going to secure their wireless
profile manually. This leaves these users (on *all* platforms) open to a
radius impersonation attack. Given this, we require a different password
for network access.



It's worth making a note of our security and business models (slightly over
simplified, but sufficient for this topic). We treat ourselves as an ISP to
our users. Everyone gets online with the same level of access. Our systems
are secured at the server level. Guests self-register to access the network
for a limited time.



All this means that getting someone's network credentials means very
little. If someone were doing something especially nefarious, using someone
else's credentials would make it more difficult for us to find them.
However, the attacker doesn't gain access to the compromised user's
financial records, email, or anything else.


--

Jonathan Waldrep

Network Engineer

Network Infrastructure and Services

Virginia Tech



On Mon, Jul 10, 2017 at 8:24 PM, Mike King  wrote:

Marcelo,



If windows 7 is just 4%, what is your highest percentage?  Windows 10, or
something else?



On Mon, Jul 10, 2017 at 5:36 PM, Marcelo Maraboli 
wrote:

Hello David

we did this last month and "secured" PEAP by minimizing the risk in Windows
7 clients.

We used this guide and it worked very well.
http://www.defenceindepth.net/2010/05/attacking-and-securing-peap.html

We did not use "step 4" because it didn't leave the user ID in our AAA,
they were all "anonymous".

We also studied every operating system that connected to our WIFI and
found out that Windows-7 is just 4%, so we hope this problem will die on
it's own.  Windows 10 can use PAP-TTLS, even though that is another deal.


hope it helps.


best regards,



On 7/10/17 3:55 PM, LaPorte, David wrote:

I was wondering if anyone has done a risk/benefit assessment of using
EAP-PEAP in your environment.  If so, would you be willing to share?
We have a solid understanding of the security/usability tradeoffs that
come with PEAP, but were hoping to not re-invent the wheel :)



Thanks,

Dave



David LaPorte

david_lapo...@harvard.edu













**

Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.





-- 
*Marcelo Maraboli Rosselott*
Subdirector de Redes y Seguridad
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] 2.4GHz - educating end users about interference

2017-02-17 Thread Tim Tyler

I agree with this sentiment.  2.4 is a long-run losing battle.  We deployed
5 ghz nearly everywhere to minimize the need for 2.4.  I observe that
2/3rds of all devices automatically use 5 ghz.  So it really isn’t as big
of a problem as it could be.  I expect that number to improve each year.  I
have made attempts to educate students through RA’s, but I am not sure I
will do that each year.  Students really shouldn’t bring in their own
router, but it’s too time consuming to stop it.  I think because we provide
such wide spread access and try to make sure we support everything, this
problem really isn’t as bad as it might be.  Educating students does help,
but I am careful not to spend too much time worrying about it.

  I do still need to improve high density areas.

  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey D. Sessler
*Sent:* Friday, February 17, 2017 9:44 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] 2.4GHz - educating end users about
interference



You are fighting a battle that will never be won, and even a stale-mate is
unlikely.



IMHO, your best bet is to work toward abandoning 2.4. In the early days, we
did try outreach and education, but there are just too many devices today
that use 2.4, and in many cases, users don’t even know it e.g. Apple’s
Airdrop. You can minimize some of this by solving the reasons behind some
of the interference sources i.e. install more WAPs to improve the service,
reducing the rogue problem. Install residential printers to mitigate the
need for student printers.



Most of our residential is now designed around dense 5 GHz, and while 2.4
is available, it’s mostly ignored.



Jeff



*From: *"wireless-lan@listserv.educause.edu" <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of "Gray, Sean" <
sean.gr...@uleth.ca>
*Reply-To: *"wireless-lan@listserv.educause.edu" <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Date: *Thursday, February 16, 2017 at 2:21 PM
*To: *"wireless-lan@listserv.educause.edu" <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
*Subject: *[WIRELESS-LAN] 2.4GHz - educating end users about interference



Hi Fellow Wireless Wizards!



This is my first post to the group, so please be gentle.



Here at the University of Lethbridge we are about to embark on a bit of an
education drive for all of our wireless users with regards to the 2.4GHz
spectrum and their impact on it. Does anybody have good examples of
notices, posters etc. that they would be willing to share, that reference
the evils of rogues and other interference sources citing the negative
impact they have on the wireless network. Like everyone else on this list
we are seeing huge influxes of our friends the wireless printer, Bluetooth
devices and the like…



if only we could just turn 2.4GHz off.



Thanks



Sean





*Sean Gray* | B.Sc (Hons)

Voice, Collaboration & Wireless Network Analyst

ITS, University of Lethbridge





** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Large Wireless Deployment Addressing

2016-12-19 Thread Tim Tyler

Chris,

   We use vlan  pools in our Aruba wireless configurations to accommodate
our students.  Normally, the same ip address will follow a student around
as they roam so that makes roaming easier.   We have had problems with
large events because we simply don’t have enough AP’s in some of the large
environments that we would need.   This means that in a large event, we
over saturate our AP(s).   We may address that in the future, but in the
meantime, it is critical for our support staff to have wireless access at
these events.  So we created an Event ssid and provisioned it for an AP
that we bring to the event and plug in before the event.  Only our support
team is allowed to authenticate to this particular AP.I know this
doesn’t make all of the end users happy, but it makes our support team
happy.  Technically speaking, many devices that connect are automatic and
not intentional.  So the majority of people with a cell phone are probably
automatically connecting even though they have no need.  But they still
saturate.

  The bigger problem for us is to deploy more AP’s in those environments
someday.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Chris Adams (IT)
*Sent:* Monday, December 19, 2016 1:50 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Large Wireless Deployment Addressing



All,



I wanted to poll the group and see what strategies you are using at your
Universities for client addressing on large wireless networks. We are
revisiting how we address and segment our wireless LAN largely due to the
need to accommodate large events and sports arenas. We have operated with
buildings in various wireless “zones” with a VLAN/subnet per zone. Going
forward some of our larger event spaces will need to support 3000+ clients
in the same building.



What has the approach been for handling address allocations at your
institutions? Most research I’ve found suggests either using VLAN pooling
or very large subnets with client isolation. These won’t easily work for
us, at least in academic areas, as we have many faculty using airplay,
doceri, and other client to client applications. Going with large subnets
per building may cause a lot of broadcast traffic volume issues and
potential roaming issues between buildings (sticky clients?).



If it helps, we are an Aerohive shop and using Windows Server 2012 DHCP in
HA configuration.



Thanks,



Chris Adams, CISSP



Director, Network & Telecom Services

Division of Information Technology

University of North Georgia

E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

2016-11-30 Thread Tim Tyler

Thanks!  I seem to have it working now, though I should probably test
another device.   I am not sure what I did.  I enabled the DNLA protocols
but I am not sure if that was necessary in AirGroup.  One of my problems
might have been related to not being logged into a gmail account when
testing.  It seems that the app won’t finish the connection though the
Chromecast device actually connects to the SSID and does allow apps to cast
to it.  So it does seem to work after all.  Thanks!

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 10:31 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Policy based on AirGroup authorizations from ClearPass.



If I have a Chromecast/AppleTV/whatever on subnet A, when that device
authenticates to the network, the controller will send an AirGroup
Authorization Request to ClearPass. ClearPass will return sharing
properties of the device (personal vs shared and who it should be shared
with, ap group restrictions, time restrictions etc). At that point, the
device is placed into the AirGroup table on the controller.



When my client device in subnet B does a discover for services, any service
advertisements that I’m allowed to see (based on the policy from ClearPass)
will be send out onto subnet B by the controller.



Note that policy via ClearPass is not required, but recommended.



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 11:20
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get
randomly assigned to one of the 6 subnets.   How does Airgoup know which
subnets the two pairing devices are in?  I thought it required a broadcast
to find each other.  I would think that would require a broadcast going out
to all 6 vlans.I am not quite sure what you mean by “policy”.

  I should note that all Bonjour devices work fine.  I just can’t get
Chromecast and other peering devices to work.  And I have enabled just
about everything under AirGroup at one point or another.  If Chromecast
should peer across multiple vlan (subnets), then I may need to contact tech
support again.   I keep wondering what I am missing.

 Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 9:43 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet
where the user is based on policy.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 10:32
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students reg

RE: [WIRELESS-LAN] support of L2 peering devices?

2016-11-30 Thread Tim Tyler

Tim,

  “subnet based on policy”?  I have a pool of 6 vlans of which devices get
randomly assigned to one of the 6 subnets.   How does Airgoup know which
subnets the two pairing devices are in?  I thought it required a broadcast
to find each other.  I would think that would require a broadcast going out
to all 6 vlans.I am not quite sure what you mean by “policy”.

  I should note that all Bonjour devices work fine.  I just can’t get
Chromecast and other peering devices to work.  And I have enabled just
about everything under AirGroup at one point or another.  If Chromecast
should peer across multiple vlan (subnets), then I may need to contact tech
support again.   I keep wondering what I am missing.

 Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 9:43 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Yes, AirGroup sends the mDNS or SSDP advertisement out onto the subnet
where the user is based on policy.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 10:32
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and o

RE: [WIRELESS-LAN] support of L2 peering devices?

2016-11-30 Thread Tim Tyler

Tim,

So even if the two peering devices are on two different subnets, it should
still work?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Cappalli, Tim (Aruba)
*Sent:* Wednesday, November 30, 2016 8:41 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



Chromecast will work with the AirGroup service Googlecast enabled and with
drop broadcast/multicast enabled on the VAP.



This can work in large subnets or multiple smaller subnets.



Tim

Aruba ClearPass Team



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Wednesday, November 30, 2016 09:38
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] support of L2 peering devices?

2016-11-30 Thread Tim Tyler

Jon

   We do have the AirGroup functionality enabled.  But I also have a pool
of 6 /23 vlans.  So my first question is did you set up an independent SSID
for L2 devices to register?   Did you use one vlan (subnet)?  What size?
I am curious about the details to allow broadcast, but I am guessing I can
ask that of an Aruba engineer if I need.  The ability to allow broadcast
seems critical to getting Chromecast to work.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jonathan Miller
*Sent:* Wednesday, November 30, 2016 8:27 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] support of L2 peering devices?



Tim,



The AirGroup functionality in Aruba ClearPass is probably what you're
looking for.  You can set it up so that when students register their
devices, they can choose whether those devices are allowed to use
broadcast/multicast to talk to their other devices, or even allow sharing
to other users (potentially, depending on your setup).



We've seen it work fairly well, although sometimes a chromecast or
something will freak out and lose connectivity briefly with devices that
it's supposed to be allowed to talk to.



Jon Miller

Network Analyst

Franklin and Marshall College



Jonathan Miller

Network Analyst

Franklin and Marshall College



On Wed, Nov 30, 2016 at 9:22 AM, Tim Tyler  wrote:



Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

support of L2 peering devices?

2016-11-30 Thread Tim Tyler

Wireless Lan members,

We use Aruba Networks for our wireless solution and we do have many L2
devices working that leverage Bonjour, etc.  We simply do mac address
authentication for them.   Most L2 devices work fine.My big goal is to
find out the different methods that some of you might be using to support
the most difficult L2 devices such as Chromecast, Sonos speakers, and other
L2 devices that need to peer with another device in order to work.   These
type of devices ultimately need to broadcast to see each other.  Chromecast
generally needs to broadcast to the phone app so that the phone app can see
it and establish a connection with one another.   If you create another
SSID for it, what are the key factors in making it work?

Back in the earlier Fall, a number of you stated that you were using /16
subnets or very large subnets so that you only needed one subnet for your
residential wireless network.   So the question I have is did you do this
to better support L2 devices?   If so, do you allow broadcasts on your
large wireless subnet or did you simply do one /16 subnet to simplify the
administration of your wireless network?

Bottom line, how are some of you supporting L2 devices that allow
Chromecast and other peering L2 devices to work?





Tim Tyler

Network Engineer

Beloit College

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] About the Guest wireless network and account

2016-09-08 Thread Tim Tyler

We wanted to eliminate the administrative hassle of guests so we followed a
model which I think many instructions are following to some degree.   We
created a self-registration portal that is on an open SSID.  They register
and are sent an sms and email message which contains a password code to get
on for 24 hours.   It has worked very well and I now have minimal
involvement.   We think it is reasonable in terms of CALEA in case anyone
really cares about that.



We pretty much just ask for full name, cell number, and personal email
address.   We block our domain addresses from using it.  We do restrict it
to certain protocols and a bandwidth limit.   In over a year, I  only had
one protocol complaint which I simply added to the capabilities since I
agreed it was a reasonable one to allow.   Given how few complaints I have
had and how many connect to it, I am happy with it as a solution.



Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Linchuan Yang
*Sent:* Thursday, September 08, 2016 1:02 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] About the Guest wireless network and account



Dear All



We are doing research for the wireless Guest network. Currently, we create
temp employee account for the Guests in our AD and using a separate captive
portal for the Guest login. For the group Guests (e.g. external event), we
allow them to share the same guest account.



However, we found that it’s not easy to manage and track the temp wireless
guest accounts. Could you please share how your institute setup and manage
the wireless guest network and the accounts?



Thank you, and have a good afternoon.



Yours,

Linchuan Yang (Antony)
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Res hall wireless printing..

2016-09-01 Thread Tim Tyler

Brian,

That is a really good point.  And I imagine that if it is only seen by the
registered user, it blocks anonymous printing as well.  Hm

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
*Sent:* Thursday, September 01, 2016 1:41 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Res hall wireless printing..



Printers on their own SSID is fine if you’re printing from a file, but what
if you’re printing from a website .. how do you get to that site if you’re
on the printer’s SSID?



-Brian



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Lee H Badman
*Sent:* Thursday, September 01, 2016 1:16 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Res hall wireless printing..



Most printers I’ve touched of late have two wireless modes. You can
certainly put them on the Infrastructure WLAN. Or… you can print directly
to them with their own SSID.



FWIW.



*Lee Badman* | Network Architect (CWDP, CWNA, CWSP, Mobility+)

Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244

*t* 315.443.3003  * f* 315.443.4325   *e* lhbad...@syr.edu *w* its.syr.edu

*SYRACUSE UNIVERSITY*
syr.edu



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Thursday, September 01, 2016 12:57 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Res hall wireless printing..



Yes, I don’t think you are going to be able to provide an alternative
SSID.  The printer is supplying the SSID.  The printer is not really
connecting to a SSID so I doubt providing one will help.  I am writing this
off as another lost cause.   We could consider blocking it, but I am not
sure it is worth doing that.  Now that 2/3rds of our users are in the
5.0ghz frequency, the overlap issue is less of a problem.   We used to warn
students that anyone could probably print to an open wifi printer, but some
modern printers are finally providing password protection.One solution
may be to provide residential printing but that has a significant cost as
well.  So I am going to hope that the overlap of frequencies doesn’t affect
us for a long time.

  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
*Sent:* Thursday, September 01, 2016 11:09 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Res hall wireless printing..



Can you tell it’s the start of the new academic year?...



I know we talk about this every year, but here we go again.  How are people
tackling/addressing students who want to use their wireless printers in
their dorm rooms?  In the past, we’ve told them they have to disable the
wireless and use a USB from their laptop.  That’s not flying as well as
more and more people are more and more dependent on tablets, phablets and
phones.



We haven’t thought it through, but one option is to set up a separate,
non-Internet accessible SSID for printers.  We’d have to think though if it
should hit the NAC, be somehow otherwise registered, do we care about
security, contain those SSID’s to buildings (and not pass that traffic
between buildings) etc, etc.



-Brian




*Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(:
*978.542.7272*

*Salem State University, 352 Lafayette St., Salem Massachusetts 01970*

*GPS: 42.502129, -70.894779*



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Res hall wireless printing..

2016-09-01 Thread Tim Tyler

Brian,

I get how tV’s, games, and roku’s work, but how does a printer work with
this?  I thought printers provided their own ssid – as opposed to
connecting to one?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Mark Usher
*Sent:* Thursday, September 01, 2016 11:38 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Res hall wireless printing..



Brian -



We just implemented Aruba Clearpass with Airgroups and are allowing
students to self white-list their misc devices including printers, on our
less secure (open...) SSID. With Aruba/Clearpass/Airgroups/PEF, you
basically just squash all of the broadcast and Airgroups/Clearpass forwards
the broadcast requests (unicast) the the student's shared devices so only
she/he 'sees' their devices. There's no security here, but kind of nice. So
far it's made our life much easier.



The biggest problem with these devices in my book is all of the extra RF
interference out in the dorms.







On Thu, Sep 1, 2016 at 12:08 PM, Brian Helman 
wrote:

Can you tell it’s the start of the new academic year?...



I know we talk about this every year, but here we go again.  How are people
tackling/addressing students who want to use their wireless printers in
their dorm rooms?  In the past, we’ve told them they have to disable the
wireless and use a USB from their laptop.  That’s not flying as well as
more and more people are more and more dependent on tablets, phablets and
phones.



We haven’t thought it through, but one option is to set up a separate,
non-Internet accessible SSID for printers.  We’d have to think though if it
should hit the NAC, be somehow otherwise registered, do we care about
security, contain those SSID’s to buildings (and not pass that traffic
between buildings) etc, etc.



-Brian




*Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(: *978.542.7272
<978.542.7272>*

*Salem State University, 352 Lafayette St., Salem Massachusetts 01970*

*GPS: 42.502129, -70.894779*



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.





-- 

*Mark Usher*

Director of Infrastructure and Security
Information Technology | 102 Patterson Hall
Ashland, Ohio 44843
419.289.5882 <4192895882>
mus...@ashland.edu

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Res hall wireless printing..

2016-09-01 Thread Tim Tyler

Yes, I don’t think you are going to be able to provide an alternative
SSID.  The printer is supplying the SSID.  The printer is not really
connecting to a SSID so I doubt providing one will help.  I am writing this
off as another lost cause.   We could consider blocking it, but I am not
sure it is worth doing that.  Now that 2/3rds of our users are in the
5.0ghz frequency, the overlap issue is less of a problem.   We used to warn
students that anyone could probably print to an open wifi printer, but some
modern printers are finally providing password protection.One solution
may be to provide residential printing but that has a significant cost as
well.  So I am going to hope that the overlap of frequencies doesn’t affect
us for a long time.

  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
*Sent:* Thursday, September 01, 2016 11:09 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Res hall wireless printing..



Can you tell it’s the start of the new academic year?...



I know we talk about this every year, but here we go again.  How are people
tackling/addressing students who want to use their wireless printers in
their dorm rooms?  In the past, we’ve told them they have to disable the
wireless and use a USB from their laptop.  That’s not flying as well as
more and more people are more and more dependent on tablets, phablets and
phones.



We haven’t thought it through, but one option is to set up a separate,
non-Internet accessible SSID for printers.  We’d have to think though if it
should hit the NAC, be somehow otherwise registered, do we care about
security, contain those SSID’s to buildings (and not pass that traffic
between buildings) etc, etc.



-Brian




*Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(:
*978.542.7272*

*Salem State University, 352 Lafayette St., Salem Massachusetts 01970*

*GPS: 42.502129, -70.894779*



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

2016-09-01 Thread Tim Tyler

Brandon,
Many games and other devices don’t support 802.1x in case that was the
network they were trying to connect to.   We created an SSID that allows for
mac address authentication.  We allow student to register the mac address of
their non 802.1x complaint devices and connect to our SSID that supports mac
addresses (open network).   We have no problems that I am aware of with PS4
stations.
  Note: We use Aruba with Clearpass.
Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brandon Dixon
Sent: Thursday, September 01, 2016 8:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Playstation 4 (PS4) Not Connecting to Wireless

We have been seeing issues where PS4's on campus will not connect to our
Aerohive wireless devices properly.  Other devices such as Xbox One are
working fine, it seems to be isolated to PS4 devices.  We are beginning to
wonder if this is an issue with Enterprise wireless AP's and I was curious,
before we spend more time digging, if others are experiencing issues with
PS4 on their campus.  (Apologies for the shoddy image quality)


--
Brandon Dixon
Network Engineer
Information Systems
Murray State University
Phone: (270) 809-3694
Fax:   (270) 809-3465



MSU Information Systems staff will never ask for your password or other
confidential information via email.


**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Do you have POE everywhere?

2016-08-31 Thread Tim Tyler

You may want to consider putting in a UPS to make sure the power is clean
and consistent even if just to experiment for a short period of time.   We
have used injectors in the past (no longer), and they were completely fine
for us.  Never had a problem.

The other possible problem could be your switch.  If you over load a
switch, the last device(s) to come up on reboot of the switch might not
have enough power to sustain PoE properly.  I have had to increase power
supplies on a few of my switches (or use an additional switch) in heavy
populated PoE scenarios.

Tim

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd M. Hall
Sent: Wednesday, August 31, 2016 8:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Do you have POE everywhere?

Do you have POE in every location or are there some small locations that
still use injectors?

If you have some injectors left, I have a few questions.

1.  How reliable are they?
2.  Are your injectors made by your wireless vendor?
3.  Do you have a way to monitor how often your APs reboot?

The reason I'm asking is that I just discovered that we have some APs that
are rebooting frequently and they are all in locations that still have
injectors.  I expanded some home-grown code and started graphing AP uptime
as well as lwapp/capwap uptime. (Found issues with lwapp/capwap uptime in
a few locations as well)


--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] How big are your wireless segments?

2016-07-27 Thread Tim Tyler

So I am guessing from this conversation that the reason the bandwidth
consumption remains the same regardless of one or multiple vlans is because
the frequency still sees the broadcast even if most vlans do not.  And the
frequency is what counts.  {please correct me if I am wrong}.  Hence an arp
from a client uses the same amount of bandwidth regardless of the number of
total clients that see it because vlans share the same bandwidth
(frequency) with one another given any AP.



Even if bandwidth is not an issue, wouldn’t performance still remain an
issue if end devices have to process and drop/ignore higher volumes of
broadcast traffic on a regular basis?



And if one resolves that issue by blocking all broadcast traffic, does that
affect layer 2 apps like Chromecast?

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jake Snyder
*Sent:* Tuesday, July 26, 2016 11:25 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] How big are your wireless segments?



Actually, they don't have to "respond."  They have to process the incoming
frame.  If they aren't listening for that port, they will ignore or drop
the packet.



If you are talking about client impact to CPU/battery/etc, I agree.  If you
are talking about airtime, the sum of the broadcast traffic is the same.
Stopping broadcast over the air is the scalable way to solve



Thanks

Jake Snyder





Sent from my iPhone


On Jul 26, 2016, at 6:00 AM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu > wrote:

Actually, you reduce the broadcast traffic with smaller subnets. Remember
that all clients on the subnet **must** respond to a broadcast.



Smaller subnets generally mean fewer clients responding to a given
broadcast. This leaves more airtime for productive Wi-Fi traffic.







*Bruce Osborne*

*Wireless Engineer*

*IT Network Services - Wireless*



*(434) 592-4229*



*LIBERTY UNIVERSITY*

*Training Champions for Christ since 1971*



*From:* Jake Snyder [mailto:jsnyde...@gmail.com ]
*Sent:* Monday, July 25, 2016 1:28 PM
*Subject:* Re: How big are your wireless segments?



One thing to remember is that over the air you have the same amount of
broadcast whether it is one vlan or a pool of 4.

For Example: If you have 4 client segments that are a /24, and each AP has
a client on one of the 4 subnets, you still send the sum of 4x /24 network
broadcast over the air.  Meaning only on lightly loaded APs where you don't
have all 4 subuets do you get a net gain of airtime.  Same applies for
link-local multicast.  Smaller subnets in pools don't really gain you much
without the suppression techniques, and with the suppression techniques,
you don't need the smaller subnets.

The place where pools/groups of vlans are attractive is where you may be
using public IPs and don't have a large contiguous block of IPs in which to
place clients.  So picking 4 non-contiguous /24 networks is easier to do
than picking a full class B.





On Mon, Jul 25, 2016 at 11:04 AM, Tim Tyler  wrote:

Brian,

  We have pools of /22 /23/ and /24.  We separate our pools from students
vs fac/staff (still on the same ssid).   It may be ok to do /16.   I know
that Aruba does a lot to prevent broadcast storms, but I feared the
overhead of one large segment might have on it.   We also give students a
different ip pool depending whether they are in a residential building vs
an academic/admin building.  This allows us to shape traffic differently.
But this will become less of an issue as we acquire more bandwidth
(hopefully).

   I am curious of those using /16, does that resolve your layer 2
issues?   Aruba does a good job of bridging many layer 2 solutions anyways,
but having one /16 vlan does seem enticing and perhaps unnecessary for
bridging protocols.  However, I am curious about other overhead efficiency
issues.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
*Sent:* Monday, July 25, 2016 10:22 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] How big are your wireless segments?



We are in the process of moving from a controllerless vendor to Aruba.  Our
current design is very segmented, to keep wireless device broadcasts from
overwhelming the network and AP’s (we had this problem back in 11g days).
Presently, we’ve limited segments to /23’s (give or take).  In your
controller-based environments, how large have you let these segments go?
Is a /21, /20 … viable?



-Brian




*Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(: *978.542.7272
<978.542.7272>*

*Salem State University, 352 Lafayette St., Salem Massachusetts 01970*

*GPS: 42.502129, -70.894779*



** Participation and subscription information for this EDUCAUSE
Constituent Group dis

RE: [WIRELESS-LAN] How big are your wireless segments?

2016-07-25 Thread Tim Tyler

Brian,

  We have pools of /22 /23/ and /24.  We separate our pools from students
vs fac/staff (still on the same ssid).   It may be ok to do /16.   I know
that Aruba does a lot to prevent broadcast storms, but I feared the
overhead of one large segment might have on it.   We also give students a
different ip pool depending whether they are in a residential building vs
an academic/admin building.  This allows us to shape traffic differently.
But this will become less of an issue as we acquire more bandwidth
(hopefully).

   I am curious of those using /16, does that resolve your layer 2
issues?   Aruba does a good job of bridging many layer 2 solutions anyways,
but having one /16 vlan does seem enticing and perhaps unnecessary for
bridging protocols.  However, I am curious about other overhead efficiency
issues.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman
*Sent:* Monday, July 25, 2016 10:22 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] How big are your wireless segments?



We are in the process of moving from a controllerless vendor to Aruba.  Our
current design is very segmented, to keep wireless device broadcasts from
overwhelming the network and AP’s (we had this problem back in 11g days).
Presently, we’ve limited segments to /23’s (give or take).  In your
controller-based environments, how large have you let these segments go?
Is a /21, /20 … viable?



-Brian




*Brian Helman, M.Ed *|*  Director, ITS/Networking Services | *(:
*978.542.7272*

*Salem State University, 352 Lafayette St., Salem Massachusetts 01970*

*GPS: 42.502129, -70.894779*



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

2016-06-27 Thread Tim Tyler

Dexter,

I think that is a good point.  There are going to be more and more devices
broadcasting their own SSID beside routers.   Printers, TV’s, etc.  This
topic is probably going to affect us all much more in the future.   I am
not worried in the short run, but I will be curious to see how this evolves
for us in the long run.   We also have a policy of not allowing student
routes, but I doubt I will do much enforcement.  I am hoping to educate
students that we can support almost all layer 2 devices.  But SSID
broadcasts are going to increase regardless.   And we are close to some
residential neighborhoods which we would never have control over anyways.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Dexter Caldwell
*Sent:* Monday, June 27, 2016 3:46 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] student residential routers?



We have a policy against it, but generally enforce it on an as-needed
basis.   We reserve and exercise the right to maintain the health of the
network, but we generally don’t actively constantly patrol to remove them
unless we have a problem.  There are so many printers and other devices
that are broadcasting wireless by default that it’s not very practical
anyway.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Friday, June 24, 2016 2:49 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] student residential routers?



Wireless-lan members,



Ok, I am curious as to what your opinions are on allowing students to have
their own wireless routers in residential buildings (dorms).   While we
have a policy that we don’t allow them, it is extremely difficult and
time-consuming to stop them.  The two main points seem to be:

Consumes more over-head of available frequency bandwidth.

Less secure.



The 5.0ghz radios have so many more channels now.  So is this bandwidth
consumption and efficiency still a major concern for many of you?   I know
this was most certainly a critical issue for the 2.4ghz radios with only 3
channels, but my stats are showing that 2/3rds of our clients now connect
to the 5.0ghz radio.   AC allows for much better density.  So is the
additional over-head of additional SSID broadcasts still a big issue?   If
so, are there any articles talking about this with regard to 5.0ghz
technology?



As far as security is concerned, it just seems to me that keeping the enemy
out of our networks was a lost cause a long time ago.  I don’t even trust
my fac/staff subnets let alone student ones.  I know that residential style
routers are not secure, but I have to wonder how significant this issue is.
  After all, one is only gaining access to the network.  Nothing sensitive
at this stage has been compromised yet.  I wonder if this is a marginal
issue given how often hackers gain access to computers inside networks
anyways.



I am really curious as to what many of you think about this.  Do you have
policy to not allow student routers?  Do you put in effort to suppress
student router deployment?



Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

[WIRELESS-LAN] student residential routers?

2016-06-24 Thread Tim Tyler

Wireless-lan members,



Ok, I am curious as to what your opinions are on allowing students to have
their own wireless routers in residential buildings (dorms).   While we
have a policy that we don’t allow them, it is extremely difficult and
time-consuming to stop them.  The two main points seem to be:

1.   Consumes more over-head of available frequency bandwidth.

2.   Less secure.



The 5.0ghz radios have so many more channels now.  So is this bandwidth
consumption and efficiency still a major concern for many of you?   I know
this was most certainly a critical issue for the 2.4ghz radios with only 3
channels, but my stats are showing that 2/3rds of our clients now connect
to the 5.0ghz radio.   AC allows for much better density.  So is the
additional over-head of additional SSID broadcasts still a big issue?   If
so, are there any articles talking about this with regard to 5.0ghz
technology?



As far as security is concerned, it just seems to me that keeping the enemy
out of our networks was a lost cause a long time ago.  I don’t even trust
my fac/staff subnets let alone student ones.  I know that residential style
routers are not secure, but I have to wonder how significant this issue is.
  After all, one is only gaining access to the network.  Nothing sensitive
at this stage has been compromised yet.  I wonder if this is a marginal
issue given how often hackers gain access to computers inside networks
anyways.



I am really curious as to what many of you think about this.  Do you have
policy to not allow student routers?  Do you put in effort to suppress
student router deployment?



Tim Tyler

Network Engineer

Beloit College

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

2016-03-01 Thread Tim Tyler

Lee,

  We leverage our Guest wifi network for mac registration via Clearpass.
We do this for the obvious reason to support devices that don’t support
802.1x.   The process is easy enough, but we are lacking in the
communication of this service.  We are learning that many students are just
going out and getting their own rogue AP to support their devices because
they simply don’t know that we can support them.  To this point, the only
device that I am aware of that doesn’t worked on our network is
Chromecast.  Our difficulty next year will be to educate students that
there is an option for getting their non-enterprise devices to work on our
network.  This has created a debate about cracking down on rogue AP’s as
part of the educational process.   I like our solution, but our
communication is lacking and needs to be addressed  by next Fall.

  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
*Sent:* Tuesday, March 01, 2016 8:12 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Self-registered MAC device bypass- worth the
headaches?



Hi Everyone,

Not looking for a lot of input on all of the things you CAN do- just asking
a focused question for those that are doing it.

We're piloting the ability for students to self-register games, TVs, Roku,
etc. but am astounded at how hard some devices are to find MAC addresses
for from the user side. Amazon Echo is notorious, also fighting with a Roku
2. No labels, not easy to find in menu. Sure, you can find all of this on
APs, but that isn't "self-service" for self-registration.

Anyone have thoughts, comments, scars, suggestions? I know Clearpass and
ISE can fingerprint, but I'm finding that's far from accurate at times, and
again- doesn't help with "register YOUR device by MAC" for users that can't
see what network admins use.

-Lee Badman

Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

2016-02-26 Thread Tim Tyler

John,

Does AMPs leverage any blocking at the switch level or is done by
jamming wireless frequencies?  If it is jamming frequencies, don’t you run
the risk of blocking non campus residential home AP’s?



  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Watters, John
*Sent:* Friday, February 26, 2016 9:50 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Rogue AP's



We are a Cisco shop that uses the Airwave AMPs for management. We let the
AMPs contain the rogues. It works reasonably well and certainly beats
trying to it do it manually on the controllers. Right now we are seeing
2,279 rogues on our campus with the biggest category being HP printers.



We do have a policy that tells folks not to do this. But, there is really
no penalty to them for ignoring the policy.



On a related note our legal folks are considering whether to let us
continue to try to contain rogues on campus. Has any other campus been told
not to do rogue containment?











-jcw
[image: UA Logo]




John Watters   The University of Alabama

Office of Information
Technology

205-348-3992





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Friday, February 26, 2016 8:40 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Rogue AP's



Wireless managers,  {cross referenced with NETMAN}

I am wondering if anyone has found an automatic way to block rogue AP’s on
your network.   I know I can get a report from Airwave on rogue AP’s, but
it seems like it would be time consuming to go after each of them
individually.  I am curious how some of you handle this.  Do you have a
method for blocking them?



Also, there are other products beginning to broadcast their own ssid as
well including printers, connectify, etc.   How do you handle them?   Do
you even have policy restricting those from your network?







Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Rogue AP's

2016-02-26 Thread Tim Tyler

Wireless managers,  {cross referenced with NETMAN}

I am wondering if anyone has found an automatic way to block rogue AP’s on
your network.   I know I can get a report from Airwave on rogue AP’s, but
it seems like it would be time consuming to go after each of them
individually.  I am curious how some of you handle this.  Do you have a
method for blocking them?



Also, there are other products beginning to broadcast their own ssid as
well including printers, connectify, etc.   How do you handle them?   Do
you even have policy restricting those from your network?







Tim Tyler

Network Engineer

Beloit College

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

39 matches

Mail list logo