Re: [WIRELESS-LAN] Backup power

[Urrea, Nick]

I'm curious, what software do you use to manage your UPSs and if you could 
describe the setup (SNMP, something else) that would be very helpful to us at 
UC Hastings?


---
Nicholas Urrea
UC Hastings College of the Law
Director of Information and Network Security
Information Technology
e: urr...@uchastings.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of Hales, David 

Sent: Thursday, July 20, 2017 9:00:03 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Backup power

We size and install a UPS in every switch closet.  We have only a few models of 
switch and access point, so we built a spreadsheet to calculate our power load 
based on actual power draw observed in our lab.  We try to size our UPSes to 
provide a minimum of 15 minutes of uptime with 150% of their installed load.  
That gives us enough headroom for adding switches to existing stacks, or adding 
other PoE devices down the road.  Based on a 5-6 year replacement cycle, that 
sizing should be more than enough to keep up with any growth in load we might 
experience before the next cycle where we can resize for the load at that point 
in time.

We keep our distribution and core on service contracts, but we use limited 
lifetime hardware warranty on our access switches.  We keep enough spares on 
hand to handle the troubleshoot and cross ship transition for any that fail.  
Again, we only have a couple of models in production, so keeping spares on hand 
is a pretty low cost option.

David Hales
Network Systems Administrator
Information Technology Services
1010 N. Peachtree
Clement Hall 117
Cookeville, TN 38505
P 931-372-3983
F 931-372-6130
E dha...@tntech.edu
www.tntech.edu/its
[Tennessee Tech Logo]
[TTU Facebook]  [TTU Twitter]  
 [TTU Instagram]  
 [TTU Youtube]  
 [TTU Pintrest] 


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sandra Bury
Sent: Thursday, July 20, 2017 10:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Backup power

Good morning -

I would be interested to know how many of you include UPS purchases for 
switches in each network closet in your campus deployments. If you do not build 
in backup power, do you put your switches on a maintenance contract, or do you 
pay to replace them when they fail outside of warranty?

Thanks very much.

Sandy

Sandra H. Bury
Executive Director, Computing Services
Information Resources and Technology
Bradley University
309-677-2808
sa...@bradley.edu

[https://www.bradley.edu/global/images/emailsig_wordmark.gif]

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] on-boarding of personal wireless devices

[Urrea, Nick]

I forgot to mention UC Hastings uses Cisco wireless.

---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh
Sent: Thursday, November 17, 2016 11:00 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] on-boarding of personal wireless devices

On Thu Nov 17 2016 12:55:37 CST, "Urrea, Nick" <urr...@uchastings.edu> wrote:
> 
> We at UC Hastings would like to create/deploy an automated on-boarding 
> solution for wireless personal devices such as Xbox, Roku, Apple TV, 
> Chromecast, etc.
> Any advice would be greatly appreciated.

The wireless network team here used the ClearPass system this fall to roll out 
a new SSID for these types of devices this fall for our students. 

<http://www.it.northwestern.edu/oncampus/device-northwestern/>

Basically students can register their devices via self service portal.  

--
Julian Y. Koh
Associate Director, Telecommunications and Network Services Northwestern 
Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: <http://www.it.northwestern.edu/> PGP Public 
Key:<https://bt.ittns.northwestern.edu/julian/pgppubkey.html>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

on-boarding of personal wireless devices

[Urrea, Nick]

We at UC Hastings would like to create/deploy an automated on-boarding solution 
for wireless personal devices such as Xbox, Roku, Apple TV, Chromecast, etc.
Any advice would be greatly appreciated.


---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer
Information Technology
e: urr...@uchastings.edu
ext: 4718
helpdesk:
e: helpd...@uchastings.edu
ph: 415-565-4625



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Who wifi vendors does everyone use?

[Urrea, Nick]

UC Hastings uses Cisco for wireless.

---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer
Information Technology
e: urr...@uchastings.edu
ext: 4718
helpdesk:
e: helpd...@uchastings.edu
ph: 415-565-4625




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Pete Hoffswell
Sent: Wednesday, March 30, 2016 10:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who wifi vendors does everyone use?

You may find this link interesting, showing marketshare for WLAN vendors over 
time.

http://www.statista.com/statistics/219473/global-market-share-of-enterprise-wlan-vendors/

Q4 2015:
#1: Cisco 45.04%
#2: Aruba 15.88%
#3: Ruckus 6.71%
#4: Huawei: 4.12%
#5: Ubiquiti: 2.7%
Other: 25.56%

I suppose in higher ed, it might line up similarly, but adding Aerohive in the 
mix.


-
Pete Hoffswell - Network Manager
pete.hoffsw...@davenport.edu
http://www.davenport.edu

On Wed, Mar 30, 2016 at 12:57 PM, Seward, Bill 
> wrote:
Pfeiffer is an Aruba shop.

Bill Seward   |   Director of Information Technology

Office of Information Technology
P.O. Box 960   |   48380 US Hwy 52
Misenheimer, NC  28109
Office  704-463-3066   |   Fax  704-463-1363
pfeiffer.edu   |   
facebook.com/PfeifferUniversity   | 
  @Pfeiffer1885
instagram/PfeifferUniversity    |  
 
youtube.com/PfeifferUniversity

For assistance with an IT-related issue, call Tech Support at 
704-463-3002 or email us at 
techsupp...@pfeiffer.edu
[advancement:public:GARY:stationary:Pfeiffer BB color logo email sig 
logo.jpg]

This email, including attachments, is intended for the person(s) or company 
named and may contain legally privileged information. Unauthorized disclosure, 
copying or use of this information is prohibited. If you are not an intended 
recipient, you may not review, copy or distribute this message. If you received 
this communication in error, please notify the sender immediately by email and 
delete the original message.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Schuette, David
Sent: Wednesday, March 30, 2016 11:08 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Who wifi vendors does everyone use?

MSU Denver is an Aerohive shop



Sent from my Verizon Wireless 4G LTE smartphone
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Non-802.1x devices on wireless...

[Urrea, Nick]

Our guest SSID will prompt every 9 hours with the acceptable use policy and the 
guest SSID only allows Internet and Internet facing computer services. If our 
end-users want to be connected all the time we in courage them to use our 
802.1x SSID. We do allow just Internet access for non 1x devices on a different 
SSID with Mac filtering.

We don't believe in limiting the end-users experience just protecting the 
school's sensitive data from attacks.
Also what is the difference from a wireless connection and a wired connection 
these days anyways.

---
Nicholas Urrea
UC Hastings College of the Law
Network and Systems Engineer
Information Technology
e: urr...@uchastings.edumailto:urr...@uchastings.edu


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Friday, July 05, 2013 7:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless...

Tim,

How often do you revisit what you restrict?  Last year, restricting Facebook 
would have sufficed to entice students to use 1x.  This year, Pinterest.  I 
still think this is the best way to get users to use the most appropriate 
network though.  Now if I could just get the people above me to embrace this.

-Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hall, Rand
Sent: Thursday, June 06, 2013 6:58 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless...

This is an excellent practice. Many of our people have no idea which network 
they are on and often wonder why the network is crappy. We see clients 
regularly using both our 802.1x and open networks. Just like other areas of 
life, one unprotected connection can haunt you for life ;-) Our penicillin 
prompt urges them to delete the open network profile. Everyone screams about 
being proactive. This is a win.


Rand

Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532
rand.h...@merrimack.edumailto:rand.h...@merrimack.edu

If I had an hour to save the world, I would spend 59 minutes defining the 
problem and one minute finding solutions. - Einstein

On Wed, Jun 5, 2013 at 9:07 AM, Timothy Cappalli 
cappa...@brandeis.edumailto:cappa...@brandeis.edu wrote:
We're also experimenting with the idea of a nag page when a known 802.1x user 
decides to use open. Each time they connect from a browser-capable device, they 
would see a page that shows the benefits of using eduroam and what is 
restricted on open.


Tim Cappalli, Network Engineer
LTS | Brandeis University
x67149 | (617) 701-7149tel:%28617%29%20701-7149
cappa...@brandeis.edumailto:cappa...@brandeis.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Peter P Morrissey
Sent: Wednesday, June 05, 2013 8:39 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless...

My only suggestion would be to be careful not to err on the side of suck. We 
did that for a while, but I really had a problem offering a service that 
sucks. It also struck me that it did not offer a welcoming environment  to 
our visitors. I agree that it is important to have incentives that gently steer 
non-guests towards the 802.1x service. Logging into a web page each time 
provides built in incentive. We also found that that limiting the time they are 
allowed to use the guest service, to the time it takes to get a temporary ID 
that can get them on 802.1x was the ideal, rather than cripple the service 
itself so that it was a frustrating experience for those who used it. We 
usually capture a phone number to cover attribution. The other advantage of the 
open SSID is that it is a good temporary solution for someone who has issues 
configuring their device for 1x. Some devices have difficulties (even using 
Xpressconnect). And when you think about it, maybe it isn't the end of the 
world if someone who can do 802.1x uses an open SSID. It happens all the time 
in coffee shops, hotels and airports all across the country.

Pete Morrissey

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeff Kell
Sent: Tuesday, June 04, 2013 8:29 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Non-802.1x devices on wireless...

On 6/4/2013 8:20 PM, Tim Cappalli wrote:
We restrict some services on open. Also, as part of the registration process, 
their device will be configured for eduroam and the open SSID will be removed 
from their network list. They could hop back on if they want. It's their choice.

If you have an open SSID, just be sure to make 

Same Radius server, more than one SSID, different groups of users?

[Urrea, Nick]

We at UC Hastings would like to create a new SSID that only allows
certain users with WPA-Enterprise authentication to access.

We currently have two SSIDs one which uses WPA-Enterprise with RADIUS
which checks against and Active Directory group and the other which uses
Web-Auth which checks against the same Active Directory. 

We are using the Cisco Solution for enterprise wireless.

 

I would like to use the same RADIUS server for both WPA-Enterprise
SSIDs.

Any ideas?

 

 

 

 

---

Nicholas Urrea

Information Technology

UC Hastings College of the Law

San Francisco, CA, 94102

urr...@uchastings.edu mailto:urr...@uchastings.edu 

help desk: 415-581-8802

helpd...@uchastings.edu

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Same Radius server, more than one SSID, different groups of users?

[Urrea, Nick]

Cisco shop yes we use a WISM2 with CAPWAP APs.
We are currently using IAS as our RADIUS server.

Can you have FreeRADIUS talk to AD or do you need another LDAP? 

-Nick

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James J J Hooper
Sent: Monday, September 19, 2011 10:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Same Radius server, more than one SSID, different 
groups of users?

On 19/09/2011 17:24, Urrea, Nick wrote:
 We at UC Hastings would like to create a new SSID that only allows 
 certain users with WPA-Enterprise authentication to access.

 We currently have two SSIDs one which uses WPA-Enterprise with RADIUS 
 which checks against and Active Directory group and the other which 
 uses Web-Auth which checks against the same Active Directory.

 We are using the Cisco Solution for enterprise wireless.

 I would like to use the same RADIUS server for both WPA-Enterprise SSIDs.

 Any ideas?

** If by Cisco Solution you meant Cisco WLC's with controller based APs:

This would be very easy to do with FreeRADIUS (http://www.freeradius.org/).

Do you have any other constraints? e.g. FreeRADIUS is unix/linux based, if you 
are a solely Windows shop, it'd be a bit of a learning curve.

We use FreeRADIUS to AAA our: VPN, Web-Auth wireless  multiple WPA2-Enterprise 
Wireless (inc. eduroam). A single instance can handle these simultaneously.

I believe the majority of the eduroam community use FreeRADIUS too.

** If you meant with Cisco ACS as your RADIUS server:
...sorry, no idea

Regards,
   James

--
James J J Hooper
Senior Network Specialist, University of Bristol 
http://www.wireless.bristol.ac.uk
-- 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Same Radius server, more than one SSID, different groups of users?

[Urrea, Nick]

I would like to limit the SSID so only a certain group can access it.

I want to use different QoS rates on different SSIDs so one network has
more bandwidth available to individual users than the other.

SSID for students 5 MB/s 

SSID for staff/faculty 20 MB/s

 

-Nick

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike King
Sent: Monday, September 19, 2011 11:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Same Radius server, more than one SSID,
different groups of users?

 

Nick, I've used both NPS (New RADIUS server from Microsoft) and IAS.
What you want to do is Extremely simple.

 

FYI:

Do NOT under any circumstances roll out a new SSID using WPA.   Use
WPA2.  

 

I have 3 SSID's that go back to the same RADIUS server.

 

Is there anything special you want to do?   Limit the groups so that
only one SSID is availble to them?

 

with VLAN id's you can even have users on the same SSID be in different
VLAN's, amoung other tricks.

 

Mike

 

On Mon, Sep 19, 2011 at 12:24 PM, Urrea, Nick urr...@uchastings.edu
wrote:

We at UC Hastings would like to create a new SSID that only allows
certain users with WPA-Enterprise authentication to access.

We currently have two SSIDs one which uses WPA-Enterprise with RADIUS
which checks against and Active Directory group and the other which uses
Web-Auth which checks against the same Active Directory. 

We are using the Cisco Solution for enterprise wireless.

 

I would like to use the same RADIUS server for both WPA-Enterprise
SSIDs.

Any ideas?

 

 

 

 

---

Nicholas Urrea

Information Technology

UC Hastings College of the Law

San Francisco, CA, 94102

urr...@uchastings.edu

help desk: 415-581-8802

helpd...@uchastings.edu

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiFi blockers in classrooms

[Urrea, Nick]

We have been wrestling with this idea of blocking students on our
wireless for some time.
I think the solution is to provide technology that increases student
participation in classroom so they won't be as distracted by social
media.  

Some technologies that I have come across:
Hotseat by Perdue. 
http://www.itap.purdue.edu/studio/hotseat/
Google Moderator and Forms come to mind.
The clickers seem to help. 

If anybody has ideas on technologies that work in the classroom I'm all
ears.


--
Nicholas Urrea
Information Technology
UC Hastings College of the Law
urr...@uchastings.edu
x4718




-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Curtis, Bruce
Sent: Friday, November 19, 2010 11:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiFi blockers in classrooms


On Nov 19, 2010, at 1:08 PM, Greg Schaffer wrote:

 Oh, I don't think it's worth it; I believe this to be an instruction
issue, but there are good points on both sides.
 
 Wouldn't need re-authentication; just some method of kicking off those
authenticated users at specified times.  I'm not a programmer, nor do I
know if this is done in any product, but I'd think it would be possible
to do.
 
 The sharing of access creds is a good point.  BUT, if the
authentication was by machine and not user, that would go far in solving
that issue.  For example, Enterasys NAC authenticates on MAC address
that has been registered by a user.  SO the algorithm would be look at
class list, look at student user id, look at MAC(s) registered, perform
individual block action.

  MAC addresses are easily changed/spoofed on modern laptops, probably
not as easily spoofed on smartphones though yet (or is there already and
app for that?)

  Two factor identification would be more robust than machine
identification.  Students might be less likely to share smartcards or
other physical devices than simple passwords.

 
 And I will say again, yes, a lot of work to solve what I think is an
instructor issue, and yes it does nothing to address 3/4G.  But it's an
interesting academic exercise...if you'll pardon the pun :)
 
 Greg
 
 On Fri, Nov 19, 2010 at 12:13 PM, Curtis, Bruce
bruce.cur...@ndsu.edu wrote:
 
 On Nov 19, 2010, at 10:35 AM, Greg Schaffer wrote:
 
 
  Finally, with regards to WiFi blocking, I don't think the simplest
solution has been offered yet.  If the wireless is accessed via
credentials, create an LDAP/AD/Radius interface that can disable those
accounts during a specified class time, or on command from the
instructor.  Can it be done?  I don't see why not, but I may be missing
something(s)...
 
  Greg
 
  You would have to tune the wireless system to require
re-authentication quite often, otherwise students could just connect to
the network 5 minutes be fore class and still be connected during class.
 
  Also this would create a situation where students are highly
motivated to share their access credentials with others.
 
  Is the administrative overhead to enter all of the data for class
times worth it when the future will only bring higher and higher
percentages of students with smart phones or netbooks that access the
Internet through 3G and 4g celluar?
 
 
 ** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 

---
Bruce Curtis bruce.cur...@ndsu.edu
Certified NetAnalyst II701-231-8527
North Dakota State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] DAS; are your happy with the DAS installation?

[Urrea, Nick]

Sorry about getting back to the topic so late. My question is really about if 
anybody has carriers paying for their Distributed Antenna Systems on campus. We 
have had a cell tower operator approach us about setting up DAS on our campus. 
I would like to extend the question to include carriers creating hotspots on 
campus and paying universities for access and/or infrastructure. 

---
Nicholas Urrea
urr...@uchastings.edu

Sent from my iPhone

On Nov 18, 2010, at 5:30 AM, Julian Y. Koh kohs...@northwestern.edu wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 At 8:24 AM -0500 11/18/10, Lee H Badman wrote:
 What generation of Wi-Fi do you use with your DAS (11a/g/n)?
 
 Our DAS isn't used for Wi-Fi, only cellular telephone.
 
 -BEGIN PGP SIGNATURE-
 Version: 9.9.1.287
 
 wj8DBQFM5SpBDlQHnMkeAWMRAshyAKCb8Zwz2iVkTVmhO7LZ/++tg0x8QwCgrzAb
 n3KD2GZ+ut7GZBlSnV9k5Pk=
 =ZyJw
 -END PGP SIGNATURE-
 
 -- 
 Julian Y. Koh mailto:kohs...@northwestern.edu
 Manager, Network Transport phone:847-467-5780
 Telecommunications and Network Services Northwestern University
 PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Limiting Bandwidth on Autonomous APs

[Urrea, Nick]

I like the idea of limiting based on usage and time.
The incident involving the 1 TB of data was a connection between a Mac and a 
Time Capsule connected to the same AP using Time Machine. The data never 
traversed our internet connection.

Most of the problems we are experiencing could be solved if we limit heavy 
users after a certain amount of time.


Nicholas Urrea
Information Technology
UC Hastings College of the Law
urr...@uchastings.edu
x4718


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ammar Abdulahad
Sent: Friday, April 23, 2010 9:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Limiting Bandwidth on Autonomous APs

Nick,

With BlueCoat packet shaper, you can use dynamic partitions for the
dorm subnet to insure fairness to a certain extent. Or you can setup a
partition to limit the backup traffic. If the backup traffic is
encrypted then it's game over unless you want to use adaptive
response, so when a user hits a certain amount of bandwidth you
classify his traffic and put him in a partition with lower bandwidth
for a limited time period you define (I haven't done this with the
packet shaper but I know it is doable).


Ammar Abdulahad
Wireless/Network Analyst
Lawrence Technological University


On Fri, Apr 23, 2010 at 11:43 AM, Jeffrey Sessler
j...@scrippscollege.edu wrote:
 It's unlikely that QoS is going to solve this problem unless you can properly 
 classify the backup data from everything else. Depending on the age/type of 
 the AP, it's firmware, and the clients connected to it, ensuring fair use of 
 the radio may be more of a problem than the amount of traffic being passed. 
 Packet shaping is one alternative, but that's assuming it's a data capacity 
 and not a radio fairness issue.


 You may simply be at the point of exceeding your current wireless design, and 
 it may be time to look at a upgrading to 802.11n, increasing AP density, or a 
 combination of both.


 In my residential areas, since 2003 we've provide wired gigabit connections 
 to our students, yet they prefer the freedom of our WiFi network. Given the 
 trend, we designed and deployed our new WiFi network with capacity and not 
 coverage as the primary factor. The design resulted in a dense AP deployment, 
 providing a dual-channal 802.11n AP per ~7-12 residential students.


 A dual-channel AP per ~7-12 users may seem excessive to some, but the reality 
 is that WiFi is now the primary/only network for the majority of our 
 students, and as such, it needs to perform at an appropriate level. If a 
 student want's to transfer 1TB or data, stream movies, edit photoshop files, 
 etc. the wireless design/network shouldn't be a limiting factor.


 Jeff





 Urrea, Nick  04/22/10 9:47 AM 
 We are experiencing a problem in our dorm where one wireless user will
 use all of the Available bandwidth on an 802.11g Autonomous AP's radio.
 We are currently using a Bluecoat Packeteer packet shaper to shape
 traffic at the Internet. The problem I have seen is with user on-line
 backups, either to a Time Capsule (student moved a terabyte of data in a
 month) or to (mozy, Backblaze, etc.). We receive complainants that the
 Internet is slow. I am new to setting up QoS on cisco devices.



 Is there a way of limiting through QoS on an AP, so that if a student is
 using all of the radio's bandwidth other users using the same AP have a
 fair share of bandwidth?



 I would prefer not to rip and replace our 802.11g APs for 802.11N APs.



 Any other ideas are welcomed.



 Nicholas Urrea

 Information Technology

 UC Hastings College of the Law

 urr...@uchastings.edu

 x4718




 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Limiting Bandwidth on Autonomous APs

[Urrea, Nick]

We are experiencing a problem in our dorm where one wireless user will
use all of the Available bandwidth on an 802.11g Autonomous AP's radio.
We are currently using a Bluecoat Packeteer packet shaper to shape
traffic at the Internet. The problem I have seen is with user on-line
backups, either to a Time Capsule (student moved a terabyte of data in a
month) or to (mozy, Backblaze, etc.). We receive complainants that the
Internet is slow. I am new to setting up QoS on cisco devices. 

 

Is there a way of limiting through QoS on an AP, so that if a student is
using all of the radio's bandwidth other users using the same AP have a
fair share of bandwidth? 

 

I would prefer not to rip and replace our 802.11g APs for 802.11N APs. 

 

Any other ideas are welcomed. 

 

Nicholas Urrea

Information Technology

UC Hastings College of the Law

urr...@uchastings.edu mailto:urr...@uchastings.edu 

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Restricting of wireless access in classrooms

[Urrea, Nick]

I'm compiling research to give to our Faculty Technology Committee.

My question is has anybody successfully implemented a solution that
restricts access to wireless internet in classrooms?

Also if you have tried and were not successful in restricting wireless
access in classrooms let me know. Why didn't the solution work.

No opinions please about how students can just go buy a mobile broadband
card from a cellular carrier, or installing microwaves in the
classrooms, or that teaching techniques should improve.  

 

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Restricting of wireless access in classrooms

[Urrea, Nick]

We are a Cisco shop. Does Cisco have a product to do the location based
or time based firewalling that Meru and Aruba can do? 

 

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Sharon Luciw
Sent: Wednesday, December 02, 2009 12:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Restricting of wireless access in classrooms

 

The colleges wanted wireless in the classrooms to be used as a teaching
tool.  However, there was some feedback about being able to turn off the
wireless during specfic classes.  With a quarter system and a small
support staff, even with Aruba, we chose not to provide this type of
configuration/service to the instructors.

 

It was discussed as being a behavioral issue as well.

 

Sincerely,

Sharon Luciw, Director, Systems  Networks
Foothill-De Anza Community College District
ETS
12345 El Monte Road
Los Altos Hills, CA  94022
650-949-6161

Security is Everyone's Responsibility

Anything that contradicts experience and logic should be abandoned

---

This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information.  Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply email and
destroy all copies of the original message.

 

 

At 2:15 PM -0500 12/2/09, Ryan Holland wrote:

Nicholas,

 

While I personally feel this is more of a behavioral issue to
solve opposed to a technical one, one option would be to install APs in
the restricted classrooms broadcasting the same ESSID as you do outside
the classroom. This would (likely) be the strongest available signal for
the students, and their device(s) would (likely) connect to these APs.
You could invoke specific firewall policies for users on these APs to be
different. For example, you could redirect all traffic to a captive
portal instructing them that use of wireless during class is prohibited
. . . or something to that effect.

 

Just an idea.

 

--
Ryan Holland
Network Engineer, Wireless
CIO - Infrastructure

614-292-9906   holland@osu.edu

 

On Dec 2, 2009, at 2:02 PM, Urrea, Nick wrote:





I'm compiling research to give to our Faculty Technology
Committee.

My question is has anybody successfully implemented a
solution that restricts access to wireless internet in classrooms?

Also if you have tried and were not successful in
restricting wireless access in classrooms let me know. Why didn't the
solution work.

No opinions please about how students can just go buy a
mobile broadband card from a cellular carrier, or installing microwaves
in the classrooms, or that teaching techniques should improve. 

 

 



Nicholas Urrea

Information Technology

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 




Spam
https://antispam.osu.edu/b.php?i=969718633m=b51c1b6098e3c=s 
Not spam
https://antispam.osu.edu/b.php?i=969718633m=b51c1b6098e3c=n 
Forget previous vote
https://antispam.osu.edu/b.php?i=969718633m=b51c1b6098e3c=f 

** Participation and subscription information
for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

 


** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

 

 

-- 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Self-assigned IP on Macs

[Urrea, Nick]

We had a similar problem with clients assigning themselves a
self-assigned ip address. We had this problem on all of our Cisco 1252
antonomous mode dual radio APs. The problem was that on the 2.4 ghz
radio the AP after a given time would stop sending client traffic to the
assigned VLAN. The clients could still authenticate and the AP wouldn't
drop the client, but they could move onto the VLAN. 
A re-boot would temporarily solve it. The fix was to upgrade the
firmware of the 1252 APs to IOS 12.4(21a)JA1.

When Cisco shipped the 1252 APs they had firmware 12.4(10b)JA. 



Nicholas Urrea
Information Technology 
UC Hastings College of the Law
urr...@uchastings.edu
x4718




-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Anthony Croome
Sent: Tuesday, October 13, 2009 9:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs

Hi

We are having this problem too.  Is there any new information from
people?

We currently run Cisco wireless and have upgraded some locations to the
new N standard.  

The problem appears to be isolated in the locations where we have
upgraded but we can't be 100% sure.

It is only appearing on macs, and they claim it works in one place but
not another.  All we can see is that it appears to be rejecting the
dhcpoffer from the dhcp server.

We haven't tried disabling dhcp proxy as discussed earlier in this
thread, but others have said it didn't help.

The latest temporary solution that has worked on two out of two macs is

===

All commands required at the command line:

sudo ipconfig set en1 BOOTP (case sensitive and en1 is generally the
wireless adapter on macs but it could possibly be different?)

wait 5 seconds and then enter:

sudo ipconfig set en1 DHCP

===


Anthony Croome
QUT


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Earl Barfield
Sent: Friday, 28 August 2009 11:39 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-assigned IP on Macs

 Date:Thu, 27 Aug 2009 15:58:39 -0500
 From:Hector J Rios hr...@lsu.edu
 Subject: Self-assigned IP on Macs...
 
 Have you guys run into this issue? We run Cisco's lightweight APs on
 WiSMs running code 5.2.193. Mac will associate to our APs but just
won't
 obtain an IP address. In the end it assigns itself a self-assigned IP.
 We are seeing this on a lot of new MacBooks and MacBookPros running
 10.5.8. If we associate the computer to an autonomous AP it works
fine.
 If we boot it in safe mode it works fine too. Everything else it just
 fails. 

I had the same problem after ugrading from 4.2.something to 5.2.193.0.

Uncheck Enable DHCP Proxy under controller-advanced-DHCP and see if
that fixes it.  It worked for me.


-- 
Earl Barfield -- Academic  Research Tech / Information Technology
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: earl.barfi...@oit.gatech.edue...@gatech.edu

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Problem with Clients not getting an ip address on the 2.4ghz radio of a dual setup 1252; any ideas?

[Urrea, Nick]

We installed Cisco 1252 APs in our classrooms over the summer.

The Cisco 1252 are running in autonomous mode and are fitted with dual
radios (2.4ghz, 5ghz).

What we have been seeing is that after a given time an 1252 AP will not
give clients on the 2.4ghz radio ip addresses. The clients on the 5ghz
radio don't have a problem. The AP will continue to associate and
authenticate users on both radios but users on the 2.4ghz radio looses
the ability to reach the network. A reboot fixes the problem for maybe a
day or two.  This is an output of the association table on an AP that is
having a problem.

We are running version 12.4(10b)JA1 of the firmware:

Any ideas?

 

802.11 Client Stations on Dot11Radio1: 

 

SSID [SecureHastings] : 

 

MAC AddressIP address  DeviceNameParent
State 

001c.b3b8.a1f7 192.168.34.219  unknown   -   self
EAP-Assoc

001c.b3b9.c835 192.168.32.234  ccx-client-   self
EAP-Assoc

001f.5bbe.823e 192.168.33.198  unknown   -   self
EAP-Assoc

0023.1205.4488 192.168.33.79   unknown   -   self
EAP-Assoc

0023.1255.1f17 192.168.35.152  unknown   -   self
EAP-Assoc

 

SSID [hastings] : 

 

MAC AddressIP address  DeviceNameParent
State 

001f.5bbc.d58c 192.168.14.189  unknown   -   self
Assoc

001f.5bbc.e60d 192.168.10.139  unknown   -   self
Assoc

0022.6890.b7f1 192.168.9.218   unknown   -   self
Assoc

0022.6980.5d0c 192.168.15.159  unknown   -   self
Assoc

0023.1201.4ed6 192.168.14.140  unknown   -   self
Assoc

0023.6c84.6aeb 192.168.13.211  unknown   -   self
Assoc

 

 

802.11 Client Stations on Dot11Radio0: 

 

SSID [SecureHastings] : 

 

MAC AddressIP address  DeviceNameParent
State 

0021.006a.d366 0.0.0.0 unknown   -   self
EAP-Assoc

 

SSID [hastings] : 

 

MAC AddressIP address  DeviceNameParent
State 

0013.e87d.2425 0.0.0.0 ccx-client198-3rd-RmK self
Assoc

001a.73bd.1ba9 169.254.126.12  unknown   -   self
Assoc

001c.bf6b.b904 169.254.202.5   ccx-client198-3rd-RmK self
Assoc

0023.4d64.56b6 0.0.0.0 ccx-clientCherylL self
Assoc

0025.5621.88db 0.0.0.0 ccx-clientBCARR   self
Assoc

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Installing a non Verisign certificate in Windows 2003 IAS (RADIUS)

[Urrea, Nick]

We currently are using the Verisign WLAN certificate with our WPA
Wireless network (PEAP MS-CHAPv2).

We are using Windows 2003 IAS as our RADIUS server.

We would like to use a different CA than Verisign.

Is anybody using a different certificate than the Verisign WLAN
certificate to authenticate wireless clients using IAS?

Any info will help.

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Good Wifi sniffer for IPhone

[Urrea, Nick]

Is anybody using their IPhone to test wireless signals and perform site
surveys?

If you are what App are you using to do this.

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

urr...@uchastings.edu

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues

[Urrea, Nick]

We are about to install Cisco 1250 N APs on campus.

I have noticed the problem that you are talking about in my test lab
with the 1250 N.

We currently only have Cisco 1230 b/g APs install on campus using
2.4ghz.

The Macs only have the problem that you describe when connected to the
Cisco 1250 N.

It doesn't seem to matter what radio they connect to on the N AP. If
have tried disabling the 5ghz on the 1250 N and I get the same problem.

 

This problem has held up the process of us installing the 1250 N APs.

 

What type of APs are you using?

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Lee H Badman
Sent: Thursday, January 22, 2009 8:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Macintosh- Ongoing Connectivity Issues

 

We saw this in earlier versions of OS X, then things got better with
some of the earlier 10.5.x code, but now seems to be getting worse
again. Wondering if anyone else is seeing Mac behavior along these lines
on the latest Apple code versions including 10.5.6:

 

*   Clients will associate to lesser-quality 11a cells even though
better 11g signal is present (FREQUENT)
*   Clients will stick to the 11a AP they associate with even when
they have the opportunity to move to better (stronger, less users, good
SNR) 11a signal (FREQUENT)
*   Clients appear to be fine in every way- good association, good
SNR and signal strength, pass 802.1x authentication, all indications are
fine. Yet they have difficulty getting IP address or doing anything else
despite their nearby peers having no issues at all, in cells that are
not overtaxed. (LESS FREQUENT)

 

We have about 35% Macintosh penetration among our 5-6 thousand user per
day client count. But of late, every wireless client issue not easily
resolved seems to be with Mac hardware doing the above described.

 

Is any one else feeling these symptoms?

 

-Lee

 

 

Lee H. Badman

Wireless/Network Engineer

Information Technology and Services

Syracuse University

315 443-3003

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WPA and Wireless LAN Server Certificate?

[Urrea, Nick]

We currently use IAS with the Verisign WLAN cert.
We are going to move away from Verisign for our cert purchases.
Can you use another cert authority besides Verisign for IAS?


Nicholas Urrea
Information Technology 
UC Hastings College of the Law


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman
Sent: Wednesday, November 19, 2008 7:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA and Wireless LAN Server Certificate?

We use Verisign and Cisco ACS on LWAPP. After the server names are
listed in the supplicant config and are trusted once, we never see the
cert prompt again. 

(Also- make sure PC date/time is correct- if the PC clock time is way
off, outside of the valid cert time period, the client will never get
past the verify cert bubbles- this one can be maddening to diagnose). 

-Lee

Lee H. Badman
Wireless/Network Engineer
Information Technology and Services
Syracuse University
315 443-3003

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[EMAIL PROTECTED] On Behalf Of Norman Elton
Sent: Wednesday, November 19, 2008 9:37 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WPA and Wireless LAN Server Certificate?

We're using a Verisign cert on IAS, but our users are still prompted
to accept the cert upon initial connect. We asked Verisign about this,
and they basically said, that's the way it's designed to work. We
did some poking around on the interwebs, and could find a good
solution. This was two or three years ago.

Has anyone managed to find a cert that XP/Vista will accept without
prompting?

Thanks

Norman Elton

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WPA verisign certificate prompts users

[Urrea, Nick]

When a user connects to our WPA wireless network using PEAP-MSCHAPv2
they are prompted by a certificate prompt that says. 

the issuer of this certificate could not be found

The client can accept the certificate which installs the Verisign server
certificate as well as the Verisign Intermediate certificate on the
clients machine.

The client can then login and use the WPA network.

Is there something wrong in our setup because users are getting the
error message or is this just the nature of using PEAP-MSCHAPv2 with
Verisign's WLAN certificate and an IAS server.

Mac users have to always trust the certificate or they will be prompted
every time they connect to our WPA network.

 

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

[EMAIL PROTECTED]

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

User Tracking with IAS

[Urrea, Nick]

I am looking for a solution to perform user tracking using an IAS
server.

We will be rolling out WPA2/802.1x this summer and I would like to do
user tracking.

I would like to poll all the user logins/logoffs into a
database/application.

Any ideas of software/solutions?  

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

[EMAIL PROTECTED]

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Using 4 channels rather then 3 for the 2.4ghz wifi

[Urrea, Nick]

We have a large study room at UC Hastings which accommodates up to 150
students.

On average I see about 80-100 users using the wifi in the room.

To load balance the wifi in the room I have setup 4 APs.

Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6, and 11.

The 4 APs are line of sight with each.

Do you think it would be a good idea to go to 4 channels instead 3

Ex: (1, 4, 8, 11) 

 

 

 



Nicholas Urrea

Information Technology 

UC Hastings College of the Law

[EMAIL PROTECTED]

x4718

 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Using 4 channels rather then 3 for the 2.4ghz wifi

[Urrea, Nick]

Thanks Everybody for the info.

I have already lowered the radios to 5mw OFDM and CCK

I’m just trying to make the wifi network as reliable as possible.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL 
PROTECTED] On Behalf Of Jon Freeman
Sent: Thursday, February 21, 2008 1:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Using 4 channels rather then 3 for the 2.4ghz wifi

 

FYI - this configuration does not conform to the 802.11 specifications.

Regards,
Jon
303-808-2666


 -Original Message-
From:   Philippe Hanset [mailto:[EMAIL PROTECTED]
Sent:   Thursday, February 21, 2008 12:43 PM Pacific Standard Time
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:Re: [WIRELESS-LAN] Using 4 channels rather then 3 for the 
2.4ghz wifi

Nick,

We have been doing 1-4-7-11
(but 1-4-8-11 makes more sense)
since 2000 and even with 802.11g we still like it.
The loss that you get from overlapping is largely regained
by having a 4th channel.
Other sources advise to play with smaller cell and reducing the milliwatts
emitted from the AP instead of using 4 channels!
CIROND published a paper about the usage of 4 channels as well,
(search for CIROND, 4 channels, 802.11b...)
warning that though it is acceptable with CCK, it might create problems
with OFDM!

Philippe


--
Philippe Hanset
University of Tennessee, Knoxville
Office of Information Technology
Network Services
108 James D Hoskins Library
1400 Cumberland Ave
Knoxville, TN 37996
Tel: 1-865-9746555
--

On Thu, 21 Feb 2008, Urrea, Nick wrote:

 We have a large study room at UC Hastings which accommodates up to 150
 students.

 On average I see about 80-100 users using the wifi in the room.

 To load balance the wifi in the room I have setup 4 APs.

 Right now we use the 3 non-overlapping 2.4ghz channels, 1, 6, and 11.

 The 4 APs are line of sight with each.

 Do you think it would be a good idea to go to 4 channels instead 3

 Ex: (1, 4, 8, 11)







 

 Nicholas Urrea

 Information Technology

 UC Hastings College of the Law

 [EMAIL PROTECTED]

 x4718




 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] LWAPP [was: [WIRELESS-LAN] Upgrade 1200 to lwapp]

[Urrea, Nick]

Do students ever experience a wireless network drop in a high density
area such as in a classroom or lecture hall.

Using the Aruba system 

-Original Message-
From: Brooks, Stan [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 01, 2007 8:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] LWAPP [was: [WIRELESS-LAN] Upgrade 1200 to
lwapp]

Simon,

While I can't speak definitively about the Cisco solution, I can tell
you about Emory's Aruba installation.  The Aruba and Cisco architectures
are similar (but with some significant differences).

We now have over 1400 APs and 21 controllers - all Aruba.  I'm a big
proponent of the centralized architecture of Aruba or Cisco (or others
in the marketspace) for any wireless installation of over a handful of
APs because of the benefits it provides over thick APs.  These benefits
fall roughly into 3 categories: management, security, and user
experience.

Here are just some examples in each category -

Management: I can see and manage the entire system on one console.  I
can tell if an AP is up or down, how many users are on it, etc.  An also
upgrade firmware for all APs and controllers in under 2 hours, with
limited interruptions to users during the upgrade.  Deploying APs is as
simple as setting  location code and connecting it to the network - the
AP gets its address via DHCP, looks up its controller via DNS, and
connects to its controller to get its configuration.  I can add or
delete SSIDs or change configuration on as many or few of the APs as
needs dictate in less than a minute. New SSID on all APs? - done - no
problem!  One wireless infrastructure can support many different
wireless networks (guest, voice, etc).

Security: Since all wireless traffic is tunneled back to the controller
(Aruba/Cisco - Trapeze is different), I can apply ACLs or firewall rules
for wireless at the controller.  With Aruba, I can apply different
firewall rule sets based on authentication (device, user, etc).  I can
build a very secure wireless infrastructure that is easily adaptable to
whatever security needs we need on our various wireless networks.  The
wireless network is now more secure than the wired network because of
the role-based access control that can be applied to users.

User Experience:  Two words - Ubiquitous roaming.  Users can roam across
campus and not lose connectivity (assuming wireless coverage exists).
The controllers take care of the mobile IP stuff without the need to
load a mobile IP client on the users' computer.  With Aruba, I can even
load-balance users across subnets (we use class C subnets -24 of them -
for all of our wireless users).  A user gets an IP address and keeps it
for as long as they are active - no matter where they roam across
campus.  I can easily scale the system, too - adding subnets as needed
quickly at the controller, as opposed to adding subnets in the buildings
where the APs are.  We needed to do this during our Move-in weekend last
year when our wireless usage grew to over double what we saw the
previous spring.

Without the centralized architecture, there is no way Emory's wireless
network could have grown to its current size and still be manageable.
There is A LOT of value in the centralized architecture.

 - Stan Brooks - CWNA/CWSP
  Emory University
  Network Communications Division
  404.727.0226
  [EMAIL PROTECTED]
AIM: WLANstan  Yahoo!: WLANstan  MSN: [EMAIL PROTECTED]
-Original Message-
From: Simon Kissler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 28, 2007 2:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] LWAPP [was: [WIRELESS-LAN] Upgrade 1200 to
lwapp]

Okay, so I've been trying to figure this out and figured I may as well
ask. Where is the cost benefit of the using the controllers and LWAPPs.
The controllers aren't cheap and the APs don't get cheaper even though
they are light ?   I assume there are some management benefits in this
kind of solution, but have you found them to be worth the money ?  Are
there other benefits that aren't as obvious to me that are ?

I like the idea of making management easier and just like any
technologist like shiny new toys, but in the context of overall funding
priorities with aging network equipment in places and other challenges
find it hard to justify since our APs mostly just work and require
little touching beyond initial config and occasional firmware upgrades.
What about this am I missing ?

-Simon



**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Question about WPA 802.1x

[Urrea, Nick]

I have configured in a test environment WPA with PEAP to an ISA server.
I would like to configure two RADIUS servers for fault tolerance.
I was going to use PEAP with MSChapv2 with Fast Reconnect to ensure
proper roaming.
What I know is that Fast Reconnect only works if the 2 or more APs that
the client roams to are connect to the same RADIUS server. 

My question is how would you setup more then one IAS server and still
allow Fast Reconnect across all APs?

Another question is about load on the RADIUS server.
We currently have at peak 800 users using the Wireless network. What
specs for the server or servers should I use to handle this load?



--
Nicholas Urrea
IT Department 
UC Hastings College of the Law
[EMAIL PROTECTED]
415-565-4718

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WISMs and Peer to Peer blocking

[Urrea, Nick]

I am also curious about P2P blocking. Does the WiSM also block Bittorent
traffic to the Internet?

 

 

--

Nicholas Urrea

IT Department 

UC Hastings College of the Law

[EMAIL PROTECTED]

415-565-4718

 



From: Ruiz, Mike [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 17, 2007 5:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WISMs and Peer to Peer blocking

 

Not having WiSM I'm curious, is the P2P blocking based on some Flow
Setup Throttling technology? 

 

Mike Ruiz

 

 

Michael G Ruiz

Network and Systems Engineer

Hobart and William Smith Colleges

Information Technology Services

v 315.781.3711 f 315.781.3409

 

 

 

From: Jake Woodhams [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 17, 2007 3:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WISMs and Peer to Peer blocking

 

Unicasting to not reveal my lurking status... :-)

You wouldn't happen to be looking at clients connected across the
controller boundaries would you?  In other words, say AP1 is connected
to WiSM controller A and AP2 is connected to WiSM controller B.
Peer-to-peer blocking works on a per controller basis today, so clients
connected to AP1 would be able to communicate with clients connected to
AP2.

- Jake


On 1/16/07 11:51 PM, Anthony Croome [EMAIL PROTECTED] wrote:

Hi
 
Has anyone out there had problems with peer to peer blocking on the
WISMs WLAN controllers?
 
I originally enabled it on the two controllers, and I thought it worked.
But now it doesn't seem to be working as I can happily scan away and see
other wireless clients and connect to their ports. It is definitely
enabled, I checked the WCS gui, each controllers GUI and each controller
CLI.  And they all report Peer to Peer blocking is enabled.
 
I am running release 4.0.179.11 on the controllers.
 
Anthony Croome
QUT
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. http://www.educause.edu/groups/ 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Is anybody using (IAS) internet authentication service for RADIUS?

[Urrea, Nick]

I want to setup a RADIUS server here at UC Hastings 
Is anybody using IAS in Windows Server 2003 for their RADIUS server?
Is there a recommended solution from Microsoft to Install WPA / 802.1x
Free Radius vs. a Microsoft Solution.
Also what is the volume of users you have accessing the RADIUS server.
What would be a suggested hardware requirement for 800 users

We currently have a Bluesocket Solution with an Airwave AMP manageing
Cisco 1231 APs in Thick mode.

Bluesocket allows you to do 802.1x pass through for authentication. We
use the Bluesocket for QoS, Firewall, and DHCP. 

--
Nicholas Urrea
IT Department 
UC Hastings College of the Law
[EMAIL PROTECTED]
415-565-4718

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

How to link multiple T1s together

[Urrea, Nick]

I am looking to link 6 T1s together with or without bonding
Which equipment would you recommend?
I would prefer to go with Cisco as a vendor.




--
Nicholas Urrea
IT Department 
UC Hastings College of the Law
[EMAIL PROTECTED]
415-565-4718

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Is anybody using outsourcing for their wireless networks?

[Urrea, Nick]

We are interested in outsourcing our wireless network.
Any suggestions?


--
Nicholas Urrea
IT Department 
UC Hastings College of the Law
[EMAIL PROTECTED]
415-565-4718

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Is anybody using outsourcing for their wireless networks?

[Urrea, Nick]

Are main concerns are bandwidth and the 24 hour support.



Nicholas Urrea
IT Department
UC Hastings College of the Law
[EMAIL PROTECTED]
x4718



-Original Message-
From: Jorge Bodden [mailto:[EMAIL PROTECTED]
Sent: Tue 1/2/2007 8:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Is anybody using outsourcing for their wireless 
networks?
 
Nick,

What exactly are you interested in outsourcing?  There are a couple of 
things that you can outsource with regard to a wireless network.  1)  
Site survey for location of the APs.  2)  If you do your in-house 
cabling, you can outsource a cabling contractor who has experience with 
wireless deployments to do the installs.  3) You can outsource the 
management of the system.  I am sure you can probably find a company 
that you can lease the equipment from.  So the outsourcing possibilities 
are nearly endless.  You first need to define what your organization is 
capable of doing on its own and what your company needs to outsource. 

I strongly suggest for you to make sure to do all your homework on 
possible vendors.  Check references that the company may have.  You 
would be much better off with a company who is up and coming because 
they tend to 1) have better prices and 2) be hungrier than their larger 
competitors.  But this is a matter of personal preference.  Last but not 
least, (THIS IS VERY IMPORTANT) with any company that you decide to 
outsource be sure that you have a very capable project manager that is 
going to ride them for deliverables and milestones.  If you lack this, 
you are going to get a half @$$ job that you are not going to be happy.  
You do not want the outsourcing company to dictate what you can and 
cannot do.  Just make sure you get your money's worth.

Thanks.

Jorge Bodden
Network Analyst
New York Hospital/Columbia University


Urrea, Nick wrote:
 We are interested in outsourcing our wireless network.
 Any suggestions?


 --
 Nicholas Urrea
 IT Department 
 UC Hastings College of the Law
 [EMAIL PROTECTED]
 415-565-4718

 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
   






This electronic message is intended to be for the use only of the named 
recipient, and may contain information that is confidential or privileged.  If 
you are not the intended recipient, you are hereby notified that any 
disclosure, copying, distribution or use of the contents of this message is 
strictly prohibited.  If you have received this message in error or are not the 
named recipient, please notify us immediately by contacting the sender at the 
electronic mail address noted above, and delete and destroy all copies of this 
message.  Thank you.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Question about Wireless cards

[Urrea, Nick]

We at UC Hastings have a dense deployment of Access Points in our dorm.
The access points are Cisco Aironet 1231s running 802.11 b/g.
I need a recommendation for a very good PCI or USB wireless card for
students that are using their desktops to connect to the wireless
network.

--
Nicholas Urrea
IT Department 
UC Hastings College of the Law
[EMAIL PROTECTED]
415-565-4718

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Problems with Disconnects

[Urrea, Nick]

We at UC Hastings College of the Law in San Francisco are using 
Cisco Aironett 1231 APs and a Bluesocket solution.
 
Some of our users experience wireless connection drops.
These students say that they don't have any problems connecting anywhere else 
Here are the settings that we use on the radios
 
World Mode is Disabled
Preamble: Long
Receive Antenna: Diversity
External Antenna Configuration: Disabled
Traffic Stream Metrics: Disabled
Aironett Extensions: Enable
Ethernet Encapsulation Transform: RFC1042 
Reliable Multicast to WGB: disabled
Beacon Period: 100
Max Data Retries: 32
Fragmentation Threshold: 2346
Data Beacon Rate (DTIM): 2
RTS Max. Retries: 32
RTS Threshold: 2347
 
We do a 3 channel overlay  (Ch 1, 6, 11)
 
Any suggestions or advice would be greatly appreciated
Nick
 

Nicholas Urrea
IT Department
UC Hastings College of the Law
[EMAIL PROTECTED]
x4718
 
 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.