from:"mike . albano"

Re: [WIRELESS-LAN] Cisco 3700 AP

2013-10-04 Thread mike . albano

Agree, PHY data rates and IP throughput are not the same. Even in Wave 2, the requirement for 160MHz wide channels makes >1Gbps (actual) questionable. You will not oversubscribe your 1Gig wired connection with Wave 1 802.11ac devices.-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Frank Sweetser Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 10/03/2013 06:54PMSubject: Re: [WIRELESS-LAN] Cisco 3700 APYou can't do a direct apples to oranges comparison between wired and wireless bandwidth. Remember, that wired connection is one gig in each direction for an aggregate of two gig of bandwidth, compared with the total half duplex 1.3 (in ideal conditions) on wave 1.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.Tony Juarez  wrote:
The 802.11ac supports 1.3GB, but the AP only has a 1GB wired connection.802.11ac with 4x4 multiple-input multiple-output(MIMO) technology with three spatial streams, offering sustained1.3-Gbps rates over a greater range for more capacity and reliabilitythan competing access points.Interfaces€ 10/100/1000BASE-T autosensing (RJ-45)€ Management console port (RJ-45)On 10/3/13 8:12 PM, "James Andrewartha" wrote:On 04/10/13 05:23, Andy Page wrote:For those interested, Cisco released information about their new 3700series access point ! withbuilt-in 802.11ac. Likely won¹t be able topurchase it for at least a month or so.http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps13367/data_sheet_c78-729421.htmlThey almost got it into a 802.3af power budget, except it runs in 3x3:3MIMO instead of 4x4:3 which shouldn't make too much of a difference.-- James AndrewarthaNetwork & Projects EngineerChrist Church Grammar SchoolClaremont, Western AustraliaPh. (08) 9442 1757Mob. 0424 160 877**Participation and subscription information for this EDUCAUSE ConstituentGroup discussion list can be found at http://www.educause.edu/groups/.**Participation and subscription information for this EDUCAUSE Constituent Group discuss! ion listcan be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] For those of you on Cisco code 7.5, supporting Bonjour, etc...

2013-10-10 Thread mike . albano

I am also running 7.5, utilizing the mDNS AP feature. This allows the devices (AppleTV's) to be plugged into a wired connection. Much less channel util. when screen-sharing is only going over Wireless in one direction. It works well. The simple guide is here:http://www.cisco.com/en/US/docs/wireless/technology/bonjour/7.5/Bonjour_Gateway_Phase-2_WLC_software_release_7.5.html#wp44530You can designate an mDNS ap at the distribution layer, or choose an ap in ea. building, if your need crosses distribution routers.Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 10/10/2013 08:10AMSubject: Re: [WIRELESS-LAN] For those of you on Cisco code 7.5, supporting Bonjour, etc...Hi  Rick-
 
Thanks for the response.
 
I guess I knew Prime wasn’t involved in Bonjour per se- I should have asked the question with more clarity. Wondering if PI was helping in any way with the
 management of zones, etc, as given our size we could have lots of them.
 
If you don’t mind sharing (could do a call if you’d rather), what is your typical “bring a Bonjour zone to life scenario”? Someone says they want to use AirPlay
 or AppleTV where you don’t yet have a zone, and then…? Are you seeing cases where it’s being relied on for classroom use, has a hiccup, and becomes an emergency response because instruction is disrupted? And which version of Cisco’s cookbook are you using-
 the one with Broadcast enabled on the WLAN or the one with Unicast?
 
 
Again, Thank you.
 
 
-Lee
 
 


From: Rick Coloccia, Jr. [mailto:coloc...@geneseo.edu]
Sent: Thursday, October 10, 2013 11:02 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv; Lee H Badman
Subject: Re: For those of you on Cisco code 7.5, supporting Bonjour, etc...


 

Bonjour first comes to the party with 7.4.  I had a long talk with the Cisco people (many hours over several days inside a tac case regarding bonjour and print servers) about the differences between 7.4 and 7.5 with regard to Bonjour. 
 7.5 introduces a "zone" concept, where only certain Bonjour sources are repeated to certain place.  The core functionality is the same, though, between 7.4 and 7.5.  If you go to 7.5, you can't go to prime 2, you'll need to wait for prime 2.1.
Now, all that said, we're running 7.4.110.0, with almost 900 APs on 7 controllers, and Bonjour is working.  Yep. I wrote that.  Apple tvs and printers "just show up."  Users are happy.  Yep.  I wrote that, too.
Prime isn't involved at all in Bounjour, not in the very least.  
Feel free to shoot questions over.
-Rick
On 10/10/2013 10:54 AM, Lee H Badman wrote:I have heard tangentially that 7.5 helps the cause of supporting AppleTVs  better than last couple of versions (no discredit to Cisco for trying to solve Apple’s shortcomings).
 Is there anyone running 7.5 on a big, prod WLAN that can say they are having an acceptable, low-support/low-confusion-for-users experience with lots of Apple Bonjour-dependent devices in use? Is PI helping with this in any way?


 


Just trying to get a read before we go to 7.5.


 


(I am aware of Bonjour gateways and what other vendors are doing, hoping to keep answers limited to Cisco 7.5)


 


Thanks very much-


 


Lee Badman


 

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 
-- 
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579 **
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco "Client Load Balancing"

2013-10-23 Thread mike . albano

If reproducible you should attempt to catch this in a packet capture.Load balancing should never "kick off" a user, it only takes affect upon initial association to the AP. load-balancing does nothing to 'already associated' clients. The "ap busy" message (code 17) is not always honored by the client.http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_01000.htmlHave you modified any of the default thresholds?-The EDUCAUSE Wireless Issues Constituent Group Listserv wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: LaMarr Baucom Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 10/23/2013 08:49AMSubject: Re: [WIRELESS-LAN] Cisco "Client Load Balancing"I had similar issues in our Residence Halls on 7.4, but Cisco and support forums advised me against using Client Load Balancing and Client Band Select. I made two changes and I haven't had a report of this since. First, I reduced the amount of APs I had in the Vlans. The second thing was enabling bandwidth constraints on the SSIDs. What model APs are you using? How many APs per Vlan? Are you using any QoS? Before upgrading our APs we also had these issues, but since upgrading them to the 1600/2600/3600 series the fixes I mentioned worked.

LaMarr BaucomWireless Network EngineerMurray State University(270) 809-2299

lamarr.bau...@murraystate.edu

MSU Information Systems staff will never ask for your password or other confidential information via email.

On Wed, Oct 23, 2013 at 10:35 AM, Danny Eaton wrote:

We had some clients (specifically running on Linux MINT) that had issues
with either/both the Load Balancing or Band Select, so for the controller
hosting the APs in the Computer Science building, we had to disable both
options. (Similar description to your issue, where the client would
constantly report being kicked off, and then rejoin. However, in MINT it's
problematic to constantly rejoin the SSID).

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Horizontal AP mounting options

2013-10-23 Thread mike . albano

Vlad,Are the E models not an option? With dipoles you can wall-mount AP's and position the DiPoles correctly. The cost will be slightly higher, due to the addition of DiPoles, probably ~80$ more, depending.If you do plan on mounting internal (2602I) on the wall, be sure you understand the impact this will have on the RF. Take a look at the radiation pattern of those AP's. You'll likely be creating more coverage 'vertically/up-down/elevation'.You may want to take a look at slide 107 - 115 of the following Cisco Live presentation:https://www.ciscolive365.com/connect/sessionDetail.ww?SESSION_ID=7789&tclass=popupMike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Jason Cook Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 10/23/2013 06:53PMSubject: Re: [WIRELESS-LAN] Horizontal AP mounting optionsWe have use similar things to others like L brackets or custom made brackets to fit our installation, but they might not look so pretty on a wall. In some cases we have simply installed the AP's vertically. It's not like they don't operate when vertical, from my understanding the recommendation is due to the radio pattern being designed for horizontal mounting. So you could do a vertical installation so long as you design the coverage correctly.I'm not sure what impact this could have on things like location services though.Another option could be to put a "design a pretty enclosure" competition to the art students :)--Jason CookTechnology ServicesThe University of Adelaide, AUSTRALIA 5005Ph    : +61 8 8313 4800-Original Message-From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade RistevskiSent: Thursday, 24 October 2013 1:02 AMTo: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: [WIRELESS-LAN] Horizontal AP mounting optionsHello All,I was doing a little research on Cisco's site about mounting options and came across this guide: http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/Cisco_Aironet.html.We are deploying a bunch of 1602's and 2602's and they recommend mounting them horizontally. There are areas where they need to be wall mounted and none of the ceiling mounts or brackets are an option. They recommend the Oberon P/N 1029-00, . It looks a bit overpriced for what it is and ugly IMO.http://www.oberonwireless.com/hard-lid_wall-mounted-access-point-enclosures.phphttp://www.provantage.com/oberon-1029-00~7OBER009.htmDoes anyone know of any other options?Thanks,--Vlad RistevskiNetwork ManagerRamapo College**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

802.11k

2013-11-19 Thread mike . albano

Curious if others have enabled 802.11k and if doing so has resulted in any client connectivity issues for clients that do not support it. Also, for the Cisco shops, the same question for "non-802.11k assisted roaming"ie "config wlan assisted-roaming prediction {enable | disable} wlan-id"Mike AlbanoNetwork EngineerUNLV**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4

2013-11-20 Thread mike . albano

Seeing this as well on our captive-portal SSID. Will be attempting the work-around shortly.MIkeUNLV-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Vlade Ristevski Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 11/20/2013 08:24AMSubject: Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4
  

  
  
That bug hit us hard since we depend on webauth. 

We upgraded to a more recent 7.5. code but then hit another bug:

https://tools.cisco.com/bugsearch/bug/CSCuj59101

"On rare occasions, the Cisco Aironet
  series Access Point crashes and reboots due to corruption of a
  certain data-structure used to optimize 802.11n AMPDU aggregation
  for better throughput.
A decode of the crash traceback will
  usually reference functions with the names "avl" or "wavl"; for
  example:
[0x005CE9CC]
  dot11_11n_aggr_pkt_time_compare(0x5ce980)+0x4c
[0x008FD2EC] avl_get_next(0x8fd2bc)+0x30
[0x008FEB58]
  wavl_get_next(0x8feac8)+0x90
[0x0060783C]
  disc_tx_11n_aggr_timer_send(0x6075c0)+0x27c
Conditions:
This bug will only occur with AP images
  from Cisco Unified WLC software releases 7.2.x.x, 7.3.x.x,
  7.4.x.x, and 7.5.x.x -- or the corresponding Autonomous or
  Converged Access AP images."
  
  
  I wouldn't say it only happened on "RARE OCCASIONS" either.
  
The only solution was for us to go back down to 7.4 code. I
don't recall running into so many bugs with our WLC 4404's.



On 11/20/2013 10:39 AM, Hurt,Trenton W.
  wrote:


  
  
  
  
Unable to access 5508 controller
GUI with Google Chrome after upgrading to 7.5.102.0 - "SSL
Connection Error"
https://supportforums.cisco.com/docs/DOC-38027
 
 
 
From:
The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Alan Nord
Sent: Monday, November 18, 2013 9:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLC 7.5 & Prime 1.4
 

  Any issues with 7.5 and Prime 1.3?  I
suppose it just lacks support of new features and is
probably why they list as not compatible.
  
 
  
  
I upgraded to 7.4.111.8 last week and
  things have been stable.  Does not resolve the original
  problem, but fixes alot of others.  I want to avoid Prime
  1.4 if at all possible, and I don't have plans to deploy
  AC anytime soon.

   

  


   
  
On Fri, Nov 15, 2013 at 4:59 PM, Garret
  Peirce 
  wrote:

  I'm using 7.5 on some 8510s w/PI1.3 , mainly due
to CSCty84682 - dropping mcast packets (ex. bonjour
announcements).
  As a formerly discussed topic, I'm finding browser
support is growing evermore painful.
I was holding off on PI 1.4 hoping not to get myself
wedged into a specific train, but I'm aiming to move to
it for improved browser support alone.  
  I could inquire with Cisco but, I'm here...
Anyone have current info on the WLC/PI roadmap?  Any
sense if 2.0 will merge into 2.1 or will they remain
separate trains?
  

  

  
We’re
using that combo. Seems to be quite a bit
more stable than 7.4.
  
 
Regards,
 
Eric Barnett
Senior Network Engineer/Wireless
  Administrator
Information and Technology Services
Arkansas State University
(870) 680-4243
http://wireless.astate.edu
 
 
From:
The EDUCAUSE Wireless Issues Constituent
Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Alan Nord
Sent: Friday, November 08, 2013 8:10
AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC 7.5 &
Prime 1.4

Re: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 Upgrade

2013-11-21 Thread mike . albano

John,I'm running the same setup, including FreeRADIUS with OpenLDAP (slapd) directory server. I have not heard any complaints yet, will update the list if that changes.Mike AlbanoUNLV-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Watters, John" Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 11/21/2013 01:26PMSubject: Re: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 UpgradeSorry (my head is dead right now).
 
[WPA2][Auth(802.1X + CCKM)]  using a FreeRadius server to get credentials from an LDAP server
 

 
-jcw 

 

John Watters   The
University of 
Alabama
    Office of Information Technology
    205-348-3992

 

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Dan Brisson
Sent: Thursday, November 21, 2013 3:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 Upgrade

 

That's encryption.  Ryan is asking about the authentication method.
-dan

Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu
On 11/21/2013 4:19 PM, Watters, John wrote:AES
 
 
 

 
-jcw 


 

John Watters   The
University of
Alabama
    Office of Information Technology
    205-348-3992

 


From: The EDUCAUSE Wireless
 Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Turner, Ryan H
Sent: Thursday, November 21, 2013 2:47 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 Upgrade

 
Still working for me.  What EAP Method are you using?
 

Ryan H Turner
Senior Network Engineer
The
University of
North Carolina at
Chapel Hill
CB 1150
Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926
Mobile

 


From: The EDUCAUSE Wireless
 Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Turner, Ryan H
Sent: Thursday, November 21, 2013 3:40 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 Upgrade


 
I haven’t upgraded my phone, but now you’ve inspired me.  I haven’t heard any complaints, however.  I’ll let you know.
 

Ryan H Turner
Senior Network Engineer
The
University of
North Carolina at
Chapel Hill
CB 1150
Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926
Mobile

 


From: The EDUCAUSE Wireless
 Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Watters, John
Sent: Thursday, November 21, 2013 3:38 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Problem with WPS2 and new IOS 7.0.4 Upgrade


 
 
Since the IOS 7.0.4 upgrade came out a couple of days ago all iPhones & iPads on our campus have quite working with our WPA2
 SSID. The problem seems to be with accepting the certificate (it hasn’t changed but the iDevice seems to think it has).
 
Has anyone else seen this problem? And, do you have a fix?
 
THANKS.
 
 
-jcw 


 

John Watters   The
University of
Alabama
    Office of Information Technology
    205-348-3992

 
 
** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


 

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.e

Re: [WIRELESS-LAN] Looking for input- Short DHCP lease times on Cisco WLC

2013-12-03 Thread mike . albano

Ian,I'm running 1-hour lease times for my environment, which includes both a captive-portal & wpa2-enterprise/802.1x SSID's. 20-25K unique devices/day (~10K simultaneous) accross 10 WLC's. Also been bit by dhcp-proxy so relying on ip-helpers @ SVI's. I was using ISC DHCP servers, but am now running Infoblox (which in turn uses ISC DHCP).Over the years, I've ended up expanding subnets to deal with address shortages and my current largest block is a /20. The question of "how big is too big" for subnet size in a WLC environment comes up a lot. I've been told as recently as this year that the only limitation is CAM space on the upstream device (6500's in my case). Assuming of course that P2P (client-to-client) is blocked and broadcasts are as well on the WLC. I've not seen any issue in my environment w/ large subnets as a way to deal with address exhaustion. I met a couple people at this years Live who had significantly larger than /20 blocks as well...without issue.Mike Albano-The EDUCAUSE Wireless Issues Constituent Group Listserv wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Ian McDonald Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 12/03/2013 02:19PMSubject: Re: [WIRELESS-LAN] Looking for input- Short DHCP lease times on Cisco WLC

Oh, we know, we know. However, a 2 packet exchange, request and ack is a drop in the ocean bandwidth wise, compared with all their mail sync, google notifications and facetube etc.
Thanks
--
ian
Sent from my phone, please excuse brevity and misspelling.
From:
Coehoorn, Joel
Sent:
‎03/‎12/‎2013 21:05
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:
Re: [WIRELESS-LAN] Looking for input- Short DHCP lease times on Cisco WLC

Remember that the client will ask to renew the lease at the halfway point. So a 10 minute lease time means you'll see traffic in the air after only 5 minutes.

What I shoot for is to have a student sit down with a laptop for a one hour class, get his initial lease, and not have him need to do any additionally dhcp traffic, even if he stays active for the entire class. That means a minimum lease time of around
2 hours. There are places where this is hard to achieve, though.Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu
The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society

On Tue, Dec 3, 2013 at 2:55 PM, Ian McDonald
wrote:We dynamically change lease time based on free space in the pool. Free space goes down, so does lease time. IIRC our shortest time is 10 minutes.
Thanks
--
ian
Sent from my phone, please excuse brevity and misspelling.
From:
Lee H Badman
Sent:
03/12/2013 20:52
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:
[WIRELESS-LAN] Looking for input- Short DHCP lease times on Cisco WLC
Wondering if anyone has gone down this road before-
We have pockets where, say 2000 busy WLAN users may be on like 60 APs in a given building, largely still and non-roaming, with 1 hour DHCP leases. If we shrank the lease time to 30 minutes, so that every 15 minutes
we have DHCP renewals in the air (we don't use DHCP proxy on the controller- bit too many times by past bugs)- could that amount to a volume of low-value traffic in the air that could become problematic? What about lease times of 15 minutes? When does short
= too short because of added overhead in the cells, APs, or controllers (3500s, 3600s, 5508s)? On latest code versions, is it ever of concern (beyond the DHCP servers’ ability to keep up)- especially given that the entire network that would feel the effect
of shorter lease times itself has 15K clients on it?
Before we try to do any structured analysis, just wondering if anyone has gone down the road of ever shrinking lease times (on an 802.1x WPA2 network) and came to regret it for any reason in a Cisco WLC environment?
We had guidance early (several years ago) on not to go “too short” on DHCP client lease times on Cisco controllers, but I can’t find the notes on what that meant.
Thanks-
Lee Badman
** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Neighbor messages failing Cisco 7.5 code

2013-12-04 Thread mike . albano

Working w/ TAC I had a bug generated (CSCul67156). The short of it is AP's failing to send neighbor messages on 2.4GHz radios. This severely impacts RRM (TPC & DCA). Running Cisco WiSM2 ver: 7.5.102.0 with 3600 AP's.It's visible through WCS/PI or CLI (show ap auto-rf 802.11b ).Not sure if I can put screens in this listserv, but I wrote it up here: http://www.mikealbano.com/ which has the debugs, screenshots and messages you'll see if you suspect your hitting this issue.Note, the only current workaround I have is resetting the Access Point. That brings it back to normal operation, though I'm not sure for how long.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifi

2013-12-13 Thread mike . albano

Sounds like a bad idea.Most SOHO routers/ap's you pick up at bestbuy/fry's run at max Tx power and have lowest supported data-rate of 1Mbps. Your 2.4GHz RF will be likely be unusable. ResHalls are even worse (RF-wise) than apartments, as they are much closer together. Let me know if you'd like me to expand on this but I'd say the following will greatly impact the usability if each suite/room has it's own soho ap:*CCI*ACI (with no channel plan, these devices will be on more than just 1,6,11)*Security (even w/ WPA2-PSK, most of these devices support the broken WPS)My experience is you either pay up-front (in $ or staff-time) to properly survey, or you pay on the back-end in troubleshooting. You are right about Education though. Regardless of the direction you choose, get signage, put it on the welcome packet etc. etc. Setting expectations has helped us a lot, especially when there's a MWO in every room and we are @ 50% 2.4GHz-only clients.Mike AlbanoUNLV-The EDUCAUSE Wireless Issues Constituent Group Listserv wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Barros, Jacob" Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 12/13/2013 09:36AMSubject: [WIRELESS-LAN] WiFi planning spin-off - Student provided wifiI didn't think this topic would generate that much buzz. Thank you all for your feed back. Allow me to jump tracks here and and throw out a concept that may seem heretical.
In res halls, has anyone provided ONLY wired connections and allowed students to bring in their own router(s). From a managed perspective, there are several reasons why it's a bad idea. However I cannot shake the notion that with proper education, the rewards might outweigh the risks.
To me, the target reward is that the student receives the level of service they want where they want it. The user can chose what device is desired and upgrade as they see fit and the technology is always current. IT would help with best practices, education and limited support but the student is ultimately responsible.
I would really like to pitch this for an apartment style dorm that is being built. Does anyone think this model can work?Jake Barros | Network Administrator | Office of Information Technology
Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178

Re: [WIRELESS-LAN] WLC code 7.6.1 is available- any beta sites that can report stability?

2013-12-20 Thread mike . albano

I'll be doing it before semester starts again. I'm facing bugs in 7.5 and was told that 7.5 will not get any MR releases, while 7.6 will.I haven't specified a change window yet, but will be happy to share my results after the upgrade. Non-global EAP-timer customization will be nice, but the "open caveats" are scary as usual. I also have 3700 & 1530's coming, so need the support.Mike Albano-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv Date: 12/20/2013 08:38AMSubject: [WIRELESS-LAN] WLC code 7.6.1 is available- any beta sites that can report stability?
Weighing whether to go to 7.6.1 over holiday break in anticipation of a 3700 AP deployment in March. Cisco has implied it’s quite stable and described it loosely as the stable 7.4.110 code + just enough new stuff to accommodate 3700s (release notes seem
to imply more though, from feature add perspective). For us, it’s do it now or push it out into the semester which can be a bit ugly.
 
Are there any beta sites that can comment on the new code- either on list or off?
 
 
Thanks-
 
Lee Badman
 
 
 **
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Myfi

2014-01-09 Thread mike . albano

Agreed. Both Jim and Lee hit the nail on the head. 
It sounds obvious, but for me what has really helped most, is education. Creating a sense of "ownership" of the service for building occupants goes a long way.
Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/09/2014 08:54AMSubject: Re: [WIRELESS-LAN] Myfi

Thanks for coming on-list for this Jim. It’s one of those “this is everybody’s problem” topics. Much appreciated.

-Lee

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Jim Florwick (jiflorwi)Sent: Thursday, January 09, 2014 10:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] Myfi

Today the only solution that we have had any luck with is wireless policy and spreading the word.  It is an education problem – and the Carriers will likely start
 caring more as they themselves deploy more wi-fi and bear the burden of their creations.  If you publish a policy – it's a lot like posting a speed limit – no one cares until someone gets a ticket.  Policing the policy is an important part of the education
 process.  In annual events we sponsor and support we police this using system location and then Fluke AirChecks to triangulate and identify an individual in a crowd  (that's actually fun for me – but not as productive as running the network).  Year on year
 since we started implementing policies, we have seen an improvement.  It's often not worth trying to track the Mi–Fi's down now as they will be gone before you can get to them – and in reality the short time they are active doesn't really interfere all that
 much.  It is my hope that one day this is like recycling – and neighbors will council neighbors on social responsibility.

As far as blocking the MAC address – this is not possible as the Mi-Fi is not on your control plane – it is it's own Wlan and is not using your wired resources
 – just your spectrum.  You can try rogue containment – and we have – eventually users get frustrated and quit – however this is only practical at normal user volumes – large events you can't afford to waste spectrum by attacking rogues over the air.

Standards committees are well aware of the issue – but the hangup is that an IBSS or Mi-Fi is perfectly legal by the specification.  Some hope can be seen in
 the WFA's adoption of an Enterprise Voice Certification.  Perhaps one day we will have a consumer cert vs Enterprise Engineered cert – and hopefully a way to mandate what features are acceptable on a privately engineered enterprise network.

Jim Florwick
Cisco
TME WNG 

From:
Scott Allen Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>Date: Thursday, January 9, 2014 9:23 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
" Subject: Re: [WIRELESS-LAN] Myfi

Has anyone constructed a wired/wireless set of tools that will allow us to manually detect WiFi rogues and then disable their MAC addresses on the wired network?
  I have Prime 1.3 running for APs so I can see the rogues but I don't know which wired port they are connected to.  

-Scott (we are the morlocks) Allen

On Thu, Jan 9, 2014 at 9:03 AM, Lee H Badman <
lhbad...@syr.edu> wrote:

Is a frustrating topic for sure. Even if you have a good wireless guest network, many vendors/visitors
 and even some faculty/staff/students just prefer to pull their own devices out and use “their own WLAN” anywhere and everywhere- it’s just part of their lifestyle. And yes, frustratingly our friends at Verizon and AT&T who make these units increasingly cheaper
 could give a rip about interference or policy of the places the gadgets get used. My own rant:

http://wirednot.wordpress.com/2013/02/25/mi-fi-not-kind-to-wi-fi/

Prevention is great if you can effectively spread the word, but the need to have a mitigation strategy
 is inevitable- as is the occasional scenario where a class or meeting (or stadium event) has its campus wireless crippled by people “bringin’ their own Wi-Fi”. Sadly. Our lot in life is to bear the criticism that the WLAN sucks when we’re simply a victim of
 physics, until we can deal with getting the devices eliminated.

The move to 5 GHz by more devices helps, but doesn’t eliminate the problem as some Mi-Fis are showing
 up in 5 GHz as well. To me, this is just one of the negative (to us in the Enterprise WLAN business) effects of the general consumerization of IT, and of WLAN specifically. There is no fix, there is no answer, so you need a strategy that combines:

·

Education- frequent and non-threatening messages of why these devices are problematic

·

Get partners- IT staff/Deans, etc  beyond the WLAN admins have to buy in and help with the mess

Re: [WIRELESS-LAN] Informal Report From a new eduroam Environment

2014-01-15 Thread mike . albano


Thanks for sharing Lee, I've been on the fence myself re: deploying Eduroam.
Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/15/2014 09:05AMSubject: [WIRELESS-LAN] Informal Report From a new eduroam Environment

Given that this is our first semester broadcasting the eduroam at Syracuse University, I wanted to dig into how the new service was being used on campus. I really didn’t expect much, but am already impressed.  In the last two weeks, we’ve seen logged in
eduroamers from: US
CornellBrandeisGeorge Washington UU of Iowa
U of MarylandPittTulane 
Canada
Polytechnique MontrealRyerson University, Toronto
 UK
U of Edinborough, ScotlandLoughborough UUniversity of London
CambridgeSt. AndrewBristolCity U of London
 Europe
U de Poiters, FranceTelecom-Bretagne, FranceHDM-Stuttgart, Germany
KTH Royal Inst of Technology, SwedenU Poiters, France
Vienna University of TechUppsala U, SwedenUtrecht U, NL
Stockholm School of Economics (This equals around 100 unique clients- most we’ve seen concurrent is just under 40.) 
 Though just a spit in the bucket of our 20K concurrent daily WLAN client peak, the diversity of schools on the list is pretty thought-provoking.
 -Lee BadmanSyracuse University
   **Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

2014-01-16 Thread mike . albano

Same situation (as Luke) here at UNLV. Let me know if you'd like more info...
Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Luke Jenkins 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/16/2014 12:06PMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0
We're running 7.6 with a mix of APs including 3602s, no reports of this issue here and I've not noticed it on my Macbook Pro. Though it could always be some setting we don't have in common such as different encryption types, QoS, or HA that are causing the issue.
Happy to drill down into the nitty gritty off list if you want to check configs, drop me a line.
-Luke
On Thu, Jan 16, 2014 at 12:40 PM, Spurgeon, Charles E 
 wrote:

Has anyone else seen a dropped connection issue with Macbooks and Cisco WLC v 7.6.100.0 code?

We are pilot testing 7.6.100.0 code on a WiSM2 card supporting staff APs and have noticed a dropped connection issue with Macbooks when associated with the 5GHz radio on model 3602i or 3702i APs. 

The connection typically fails after approx. 15 minutes, usually leaving the client with an IP addr which it can ping, but the client cannot ping the gw addr or anything beyond the gw. The client WiFi interface reports that it is still associated, which is confirmed on the controller side of the connection. 

For one Macbook the test AP is directly above the laptop, with a 5GHz-specific and AP-specific SSID to help isolate the issue. 

IOS and Windows7 platforms do not appear to have the issue when associated to the same SSID on the same AP. 

But so far three Macbooks (two Macbook Air with dot11ac, one Macbook Pro with dot11n) have demonstrated the dropped connection issue. They are all running Mac OS X 10.9.x (Mavericks).

The issue does not occur when the test 3602i AP is moved back to 7.4 code.

Thanks,

-Charles

Charles E. Spurgeon

University of Texas at Austin / ITS Networking

c.spurg...@its.utexas.edu / 
512.475.9265**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
-- =-=-=-=-=-=-=-=-=-=-=-=
Luke JenkinsNetwork EngineerWeber State University
**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Network Access Policy

2014-01-16 Thread mike . albano

We allow guests. Only a captive portal w/ TOS check-box. Limitations are as follows:
*Guest users do not get access to any campus resources that are not otherwise exposed publicly. I also disallow Bittorrent, but have not restricted anything further.
*There is a time-limit (7:00am - Midnight)I do not rate-limit. I don't like increasing RF utilization by artificially slowing down the connection. I want people to get on and get off the medium as fast as possible.
Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Alexander, David" 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/16/2014 02:05PMSubject: [WIRELESS-LAN] Guest Network Access Policy

We have had a policy in place for several years requiring guests to be sponsored by an employee in order to use our wireless network.  There are two types of sponsorship – short term (5 days) and long term (30 days).  In addition, sponsored guests must register their network devices via MAC address registration to gain access to the network.

Our guest wireless implementation has caused some issues with public areas like our student center and event spaces which host groups of people who require network access, and the identity of the guests isn’t always known in advance.

I wanted to know about guest network access policy at other schools, and I’d appreciate your feedback on the following questions:

1)
  Do you allow guests on your wireless network?

a.
   If you allow guests, what steps do they need to take to gain access to the network (eg. sponsorship, MAC registration, open network)?

b.
  If you require sponsorship or device registration, can you explain the process or give me a pointer to your policy?

2)
  Is your wireless network completely open in any part of your campus (eg. Library, student center, event spaces, athletic fields, etc.)?

 Thanks,
Dave **
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] OS X 802.1x auth issue

2014-01-17 Thread mike . albano

Would be nice if more technical details were available. For example, at what part of the EAP/PEAP packet exchange does this delay occur? 
I've seen numerous times where the "Access-Challenge" is sent from RADIUS and received by the client (verified by 802.11 packets & WLC debugs)...and then it just sits there, doesn't respond, and eventually EAP starts over. 
Something tells me that level of detail won't be released.
Mike Albano-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Joel Coehoorn 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/17/2014 05:06PMSubject: Re: [WIRELESS-LAN] OS X 802.1x auth issue
Even acknowledging the issue is a huge help for me: Mac people have a hard time believing Apple could possibly have done anything wrong with their device until you have something like this to point to. Until Apple own recommendation is to change the setting on the device, their view is the problem *must* be in the network.
Sent from my iPadOn Jan 17, 2014, at 5:14 PM, Marcelo Lew <
marcelo@du.edu> wrote:

Looks like Apple finally sort of “admitted” of an issue with 802.1x authentication, several months later and most of us already knew this work around, but better late than never
J

http://support.apple.com/kb/TS5258

**Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

2014-01-21 Thread mike . albano


Can you perform a packet capture and identify exactly when the failure is occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS macbook via airport utilities...see here: 
http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os-x
 ).Taking a closer look at the packets, while time consuming, should help you get closer to the root cause. TAC will likely want this as well.
-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Spurgeon, Charles E" 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/21/2014 12:13PMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0


After getting complaints about connectivity drops on both Mabook Pro and Macbook Air laptops, I was able to replicate the issue on the 5 GHz radio, in either a model 3700 AP or a model 3600 with ac module. No issues are seen (connection stays up for 30 minutes of testing) on 5 GHz in a model 3500 or on a model 3600 with no ac module.

 

To make a stable testbed I created an SSID that was identical to our production SSID with the exception of a radio policy of 5GHz only. Next, I created an AP group for testing with that SSID, and put the 3600 or 3700 AP into that group. So the test AP only has one SSID and only on the 5GHz radio.

 

Once associated with this SSID, the laptop is able to ping its own IP addr, but not the gw addr. The laptop will be able to ping an addr on the campus or Internet until it stops working, which will happen anywhere from 10 to 20 minutes into the test. 

 

This result also occurs on an MBA with IPv6 disabled. 

 

So far the test connection eventually fails on a mid-2013 MBA running 10.9.1 and a mid-2010 MBPro, running either 10.9 or 10.8.5.

 

-Charles
 

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] 
On Behalf Of Tristan GulyasSent: Sunday, January 19, 2014 6:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

 Hi guys,
 
We’re about to start piloting 7.6.100.0 with a variety of clients -  what’s the best way to test/reproduce this issue?

 
Cheers,
Tristan
 
 
 
On 17 Jan 2014, at 9:51 am, Luke Jenkins <
ljenk...@weber.edu> wrote:

We provide native dual stack access for our wireless clients, so that could be why we aren't seeing the issue.
 
-Luke

 
On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman <
lhbad...@syr.edu> wrote:
We have found that disabling client-side IPv6  (we also are not set up for it) puts an end to most OS X issues. Sometimes is the fix for random Win problems, but very prevalent in OS X space.
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott AllenSent: Thursday, January 16, 2014 4:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0
Good point.  I had a couple of problem tickets (7.4.100.0) that on
further investigation Prime showed the clients were connected onlyIPv6 and getting nowhere because we don't have IPv6 enabled.
-ScottOn Thu, Jan 16, 2014 at 4:22 PM, Lee H Badman <
lhbad...@syr.edu> wrote:> We're doing fine with WPA-2, PEAP, MS-CHAP v2. I hate to say it- but try
> disabling IPv6 on the problem machine, and make sure no OS X updates
> waiting. From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] On Behalf Of Luke Jenkins> Sent: Thursday, January 16, 2014 3:06 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC
> 7.6.100.0 We're running 7.6 with a mix of APs including 3602s, no reports of this
> issue here and I've not noticed it on my Macbook Pro. Though it could always
> be some setting we don't have in common such as different encryption types,
> QoS, or HA that are causing the issue.>>>
> Happy to drill down into the nitty gritty off list if you want to check
> configs, drop me a line. -Luke
>> On Thu, Jan 16, 2014 at 12:40 PM, Spurgeon, Charles E
>  wrote:>> Has anyone else seen a dropped connection issue with Macbooks and Cisco WLC
> v 7.6.100.0 code? We are pilot testing 7.6.100.0 code on a WiSM2 card supporting staff APs and
> have noticed a dropped connection issue with Macbooks when associated with
> the 5GHz radio on model 3602i or 3702i APs.>>>
> The connection typically fails after approx. 15 minutes, usually leaving the
> client with an IP addr which it can ping, but the client cannot ping the gw
> addr or anything beyond the gw. The client WiFi interface reports that it is
> still associated, which is confirmed on the controller side of the
> connection. For one Macbook the test AP is directly above the laptop, with a
> 5GHz-specif

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

2014-01-22 Thread mike . albano

Tim, Can you elaborate?-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Tim Cappalli 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/22/2014 09:04AMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

This is a known issue with OS X and is happening across multiple wireless vendors.

Tim Cappalli
  |  ACCP /  ACMP /  CCNA

Network Engineer  |  Brandeis University

cappa...@brandeis.edu
 | 
(617) 701-7149

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 21, 2014 4:14 PMTo: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

I guess I’d also ask if failure machines are staying awake the whole time?

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mike Albano
Sent: Tuesday, January 21, 2014 3:56 PMTo: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

Can you perform a packet capture and identify exactly when the failure is occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS macbook via airport utilities...see here: 
 http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os-x
  ).

Taking a closer look at the packets, while time consuming, should help you get closer to the root cause. TAC will likely want this as well.
-The EDUCAUSE Wireless Issues Constituent Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> wrote: - 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: "Spurgeon, Charles E" Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/21/2014 12:13PMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

After getting complaints about connectivity drops on both Mabook Pro and Macbook Air laptops, I was able to replicate the issue on the 5 GHz radio, in either a model 3700 AP or a model 3600 with ac module. No issues are seen (connection stays up for 30 minutes of testing) on 5 GHz in a model 3500 or on a model 3600 with no ac module. 

To make a stable testbed I created an SSID that was identical to our production SSID with the exception of a radio policy of 5GHz only. Next, I created an AP group for testing with that SSID, and put the 3600 or 3700 AP into that group. So the test AP only has one SSID and only on the 5GHz radio. 

Once associated with this SSID, the laptop is able to ping its own IP addr, but not the gw addr. The laptop will be able to ping an addr on the campus or Internet until it stops working, which will happen anywhere from 10 to 20 minutes into the test. 

This result also occurs on an MBA with IPv6 disabled. 

So far the test connection eventually fails on a mid-2013 MBA running 10.9.1 and a mid-2010 MBPro, running either 10.9 or 10.8.5. 

-Charles

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Sunday, January 19, 2014 6:13 PMTo: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0 

Hi guys, 
  We’re about to start piloting 7.6.100.0 with a variety of clients -  what’s the best way to test/reproduce this issue? 

Cheers,
Tristan

On 17 Jan 2014, at 9:51 am, Luke Jenkins <
 ljenk...@weber.edu> wrote:

We provide native dual stack access for our wireless clients, so that could be why we aren't seeing the issue. 

-Luke 

On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman <
 lhbad...@syr.edu> wrote:
We have found that disabling client-side IPv6  (we also are not set up for it) puts an end to most OS X issues. Sometimes is the fix for random Win problems, but very prevalent in OS X space. 
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott AllenSent: Thursday, January 16, 2014 4:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0
Good point.  I had a couple of problem tickets (7.4.100.0) that on
further investigation Prime showed the clients were connected onlyIPv6 and getting nowhere because we don't have IPv6 enabled.
-ScottOn Thu, Jan 16, 2014 at 4:22 PM, Lee H Badman <
 lhbad...@syr.edu> wrote:> We're doing fine with WPA-2, PEAP, MS-CHAP v2. I hate to say it- but try
> disabling IPv6 on the problem machine, and make sure no OS X updates
> waiting.>>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 ] On Behalf Of Luke Jenkins> Sent:

Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

2014-01-23 Thread mike . albano

Thanks for the detailed description Charles. I havn't seen this yet (I'm on 7.6) but will update list if I do.
Mike AlbanoUNLV
-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Spurgeon, Charles E" 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/23/2014 07:52AMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

An indicator of a failing connection is that once the client is associated and gets an IP addr, then it cannot ping the gw addr, but it can ping past the gw addr to the Internet. 

When the connection eventually fails, packet capture shows that the client loses the ARP entry for the gw addr. Connections may fail in 5 to 10 minutes and always fail by 20 minutes. As it happens, the ARP cache timeout in MacOS is 20 minutes. If you wait another 20 minutes or so, the ARP request will succeed and the connection will start working again.

A TAC case is open, and the wireless BU is working on replicating. One possibility is that it might be an issue with how the link aggregated channel behaves between the controller and its connection to the router.

Backing down the WLC code from 7.6 to 7.5 appears to clear up the issue in my tests.

-Charles 

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] 
On Behalf Of Mike AlbanoSent: Tuesday, January 21, 2014 2:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

Can you perform a packet capture and identify exactly when the failure is occurring? Sniffer AP/Omnipeek/AirPCap etc (or more easily a 3SS macbook via airport utilities...see here: 
 http://rfsperra.tumblr.com/post/68654132591/capturing-802-11-traffic-with-os-x
  ).

Taking a closer look at the packets, while time consuming, should help you get closer to the root cause. TAC will likely want this as well.
-The EDUCAUSE Wireless Issues Constituent Group Listserv <
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> wrote: - 

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
From: "Spurgeon, Charles E" Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/21/2014 12:13PMSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0

After getting complaints about connectivity drops on both Mabook Pro and Macbook Air laptops, I was able to replicate the issue on the 5 GHz radio, in either a model 3700 AP or a model 3600 with ac module. No issues are seen (connection stays up for 30 minutes of testing) on 5 GHz in a model 3500 or on a model 3600 with no ac module. 

To make a stable testbed I created an SSID that was identical to our production SSID with the exception of a radio policy of 5GHz only. Next, I created an AP group for testing with that SSID, and put the 3600 or 3700 AP into that group. So the test AP only has one SSID and only on the 5GHz radio. 

Once associated with this SSID, the laptop is able to ping its own IP addr, but not the gw addr. The laptop will be able to ping an addr on the campus or Internet until it stops working, which will happen anywhere from 10 to 20 minutes into the test. 

This result also occurs on an MBA with IPv6 disabled. 

So far the test connection eventually fails on a mid-2013 MBA running 10.9.1 and a mid-2010 MBPro, running either 10.9 or 10.8.5. 

-Charles

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tristan Gulyas
Sent: Sunday, January 19, 2014 6:13 PMTo: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0 

Hi guys, 

We’re about to start piloting 7.6.100.0 with a variety of clients -  what’s the best way to test/reproduce this issue? 

Cheers,
Tristan

On 17 Jan 2014, at 9:51 am, Luke Jenkins <
 ljenk...@weber.edu> wrote:

We provide native dual stack access for our wireless clients, so that could be why we aren't seeing the issue. 

-Luke 

On Thu, Jan 16, 2014 at 2:33 PM, Lee H Badman <
 lhbad...@syr.edu> wrote:

We have found that disabling client-side IPv6  (we also are not set up for it) puts an end to most OS X issues. Sometimes is the fix for random Win problems, but very prevalent in OS X space. 

-Original Message-From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Scott AllenSent: Thursday, January 16, 2014 4:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELESS-LAN] dropped connections on Macbooks with Cisco WLC 7.6.100.0
Good point.  I had a couple of problem tickets (7.4.100.0) that on
further investigation Prime showed the clients were connected onlyIPv6 and getting nowhere because we don't have IPv6 enabled.
-ScottOn Thu, Jan 16, 2014 at 4:22 PM, Lee H Badman <
 lhba

Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

2014-01-23 Thread mike . albano

Same here.Mike-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Lee H Badman 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/23/2014 11:58AMSubject: Re: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

I can weigh in on 7.6 code- thus far, after almost a month, it is as stable as any code we’ve had on our very large environment. I can’t speak as kindly about PI… but not sure anyone can.

-Lee

From:
 The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
On Behalf Of Ashfield, Matt (NBCC)Sent: Thursday, January 23, 2014 2:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUSubject: [WIRELESS-LAN] Cisco 7.6 code and Prime 2.0?

Good Afternoon
We are looking at deploying more APs in our campuses and the 3700 seems to be the best choice at the moment. The issues we have is we are not at 7.6 Code level yet so we’d have to get there for the 3700s to work. We are also running Prime 2.0 currently. We
 are new to Prime so are mostly using it for troubleshooting and monitoring, and not for managing our controllers.

My questions are:- Is 7.6 stable enough to upgrade to? I see some threads on here that are a bit scary in relation to 7.6
J
- Does anyone know if Prime monitoring capabilities would still be available if we upgraded our controllers to 7.6? I’d test this myself, but all controllers we have are production!
Any info you can provide is greatly appreciated.

Thanks 

Matt
New Brunswick Community College

** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/
. **Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC 7.6 code

2014-01-23 Thread mike . albano

Keep in mind LSS only applies to mDNS snooping via Wireless. In other words, if your planning on using the "mDNS AP" feature (as I have), where you snoop mDNS on wired ports (via trunk to AP) you will not have LSS capability.
OSX issues so far do not seem to be tied to just 7.6 code, or at least theirs no concrete evidence of that just yet.
-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: "Timothy J. Meade" 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 01/23/2014 03:14PMSubject: [WIRELESS-LAN] Cisco WLC 7.6 code

Hey everyone.   Our campus is planning an upgrade of our WLC's from 7.4 code to 7.6 code.  Reading past postings in this list serv it seems that there were initial problems some clients (OSX) were having.  Have these been resolved and do you feel 7.6 is stable? 
 Feature wise we are looking at enabling the location specific services features of the Bonjour gateway.  Thanks in advance for the advice.
Tim MeadeThe University of Scranton **
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] How many drops 802.11ac phase 2

2014-02-07 Thread mike . albano

We always run 2 cables per drop location (wireless or otherwise).Bulk of the cost is labor, so makes sense to do so.
Mike AlbanoUNLV
-The EDUCAUSE Wireless Issues Constituent Group Listserv  wrote: -

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUFrom: Brian David 
Sent by: The EDUCAUSE Wireless Issues Constituent Group Listserv 
Date: 02/07/2014 06:54AMSubject: [WIRELESS-LAN] How many drops 802.11ac phase 2

All,
I wanted to see how many people were planning on running 2 drops to 802.11ac phase 2 access points?
Currently we are just doing a one for one swap when replacing an older a/b/g AP’s with 802.11ac phase 1 AP’s
When you have new construction, do you plan on running 2 drops so when phase 2 come into play you will be all set for it?

 Brian J David
Network Systems
Boston College

 **Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Https Re-directs With Web-Auth

2014-02-14 Thread Mike Albano

I believe the current way of doing the captive portal will not work with
HTTPS. Basically, the WLC allows the 3-way tcp handshake to complete and
then intercepts the HTTP GET from the client, redirecting the client to
your local webserver for login (or accept TOS etc.) With HTTPS, that HTTP
GET is encrypted, so the WLC never see's it, hence can not respond on
behalf of the "real" destination webserver.

Mike Albano

On Fri, Feb 14, 2014 at 3:00 PM, Curtis K. Larsen
wrote:

> Hello,
>
> I have a Cisco WiSM2 with a WLAN configured to use MAC-Auth, and
> RADIUS-NAC with a Pre-Auth ACL that only allows clients to re-direct to an
> external captive portal server.  I am seeing that regular http requests get
> re-directed fine, but https requests never get sent from the controller to
> the external captive portal server.
>
> I have opened a TAC case and I am waiting for a response but in the
> meantime I came across this bug CSCar04580 which indicates that the WLC
> does not re-direct for https, but http only.  It says it is resolved on 8.0
> code.  This means anyone with a home page set to an https address may think
> the page is not working.
>
> I have not tried this specific test with Cisco ISE, but it seems to me the
> same problem would be present as it also uses the RADIUS-NAC and Pre-Auth
> ACL methods.  Has anyone else encountered this and found a work-around?
>  Let me know.
>
>
> Thanks,
>
> Curtis Larsen
> University of Utah
> Wireless Network Engineer
>
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco MDNS-AP

2014-02-20 Thread Mike Albano

I use the MDNS-AP feature, running 7.6 extensively. You may want to give
this a read:
http://www.cisco.com/c/en/us/td/docs/wireless/technology/bonjour/7-5/Bonjour_Gateway_Phase-2_WLC_software_release_7-5.html#wp44528

If you'd like I can share with you my exact configs (at both switch & WLC).

Mike Albano

On Thu, Feb 20, 2014 at 4:33 AM, Jerry Bucklaew  wrote:

> To All:
>
>  Has anyone got the MDNS-AP function working on a cisco controller
> running 7.6 code?  I am trying to set it up and I followed the
> instructions.  I have one AP on a tagged port snooping on a single vlan.
>  The MDNS-AP picks up the apple-tv on inital boot but then it times out.
>  So it seems the querier is not working.  I am not sure how the querier is
> suppose to work.  The controller does not have a interface on that vlan
> because that vlan is not dragged into the controller, hence the need for
> the MDNS-AP.
>Also when the controller does have the Apple-tv service from the
> MDNS-AP it does not seem to hand it out.  I can see all the "wireless"
> apple-tv devices but not the MDNS one even though the controller has it in
> the list?
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: FW: [WIRELESS-LAN] Cisco MDNS-AP

2014-02-21 Thread Mike Albano

Sending to the list, in case anyone else finds this useful re: the mDNS AP
feature...

You don't need the vlan trunked to the WLC. What you do need to do is:
1. configure the .1Q trunk to the AP, so for example in the following I
have the MDNS-AP snooping on vlans 52,53,138...etc. and the native vlan is
set to 3718, as that is the vlan that the AP management interface resides
on.

*int gi3/3*

*switchport trunk native vlan 3718*
*switchport trunk allowed vlan 52,53,138,280,315,1352,3016,3700,3718*

2. Then on the WLC, you need to tell it which vlans to snoop (listen for
link-local multicast/Bonjour advertisements):
*config mdns ap vlan add 52 bhs-mdns*
*config mdns ap vlan add 53 bhs-mdns*
*etc. etc.*
where "bhs-mdns" is the AP Name.

You can verify config by issuing the following:
*show mdns ap summary*
   AP Name  Ethernet MAC   Number of Vlans
VlanIdentifiers
--     -
 -
bhs-mdns  c4:64:13:c0:82:bf  8
 138,3016,52,200,280,53,315,1352

Mike Albano
UNLV



On Fri, Feb 21, 2014 at 6:22 AM, Watters, John  wrote:

>   I am also having some problems w/the 7.6 Bonjour code. Would you be
> willing to send me a couple of sample configs, both from a switch & a WLC?
>
>
>
> THANKS.
>
>
>
>
>
>
>
>
>
> -jcw
>
>
>
>
>
> John Watters   The University of  Alabama
>
> Office of Information
> Technology
>
> 205-348-3992
>
>
>   --
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Mike Albano
> *Sent:* Thursday, February 20, 2014 2:43 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Cisco MDNS-AP
>
>
>
> I use the MDNS-AP feature, running 7.6 extensively. You may want to give
> this a read:
> http://www.cisco.com/c/en/us/td/docs/wireless/technology/bonjour/7-5/Bonjour_Gateway_Phase-2_WLC_software_release_7-5.html#wp44528
>
>
>
> If you'd like I can share with you my exact configs (at both switch & WLC).
>
>
>
> Mike Albano
>
>
>
> On Thu, Feb 20, 2014 at 4:33 AM, Jerry Bucklaew  wrote:
>
> To All:
>
>  Has anyone got the MDNS-AP function working on a cisco controller
> running 7.6 code?  I am trying to set it up and I followed the
> instructions.  I have one AP on a tagged port snooping on a single vlan.
>  The MDNS-AP picks up the apple-tv on inital boot but then it times out.
>  So it seems the querier is not working.  I am not sure how the querier is
> suppose to work.  The controller does not have a interface on that vlan
> because that vlan is not dragged into the controller, hence the need for
> the MDNS-AP.
>Also when the controller does have the Apple-tv service from the
> MDNS-AP it does not seem to hand it out.  I can see all the "wireless"
> apple-tv devices but not the MDNS one even though the controller has it in
> the list?
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

<>

Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input

2014-02-24 Thread Mike Albano

Lee,
I've read the support-forums thread, and am in a similar situation. I've
been running 7.6.100.0 since holiday break, and based on the bugs in the
thread, I'm inclined to request access to the engr. build "just in case".
My network is not as large as yours (~8500 simultaneous & 25K unique
devices/day) but it's hard to read something like "Broadcom chipsets may
have trouble associating or may experience traffic hangs..." and not assume
I have users hitting this.
I have not heard complaints, but that doesn't mean much.

My need for 7.6 (more specifically 7.5+) is features. I don't anticipate
having 3700's for about another 60 days.
In conclusion, I've given you no useful information but will update if I do
ever get a direction on that MR code ( I'll actually be at the EBC
tomorrow, so will try to corner someone into getting a sense of severity on
these 7.6 bugs).

Mike Albano


On Mon, Feb 24, 2014 at 8:06 AM, Anders Nilsson
wrote:

> And he's Spanish!  ;)
>
>
>
> *Från:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *För *Lee H Badman
> *Skickat:* den 24 februari 2014 16:15
> *Till:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Ämne:* Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking
> for input
>
>
>
> Name dropper!
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *On Behalf Of *Anders Nilsson
> *Sent:* Monday, February 24, 2014 10:09 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] SV: [WIRELESS-LAN] SV: 7.6.100 bugs- looking
> for input
>
>
>
> Just talk to Javier Contreras who wrote the 7.6MR1 beta note.  He's da
> man.  :)
>
>
>
> /Anders
>
>
>
>
>
> *Från:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *För *Lee H Badman
> *Skickat:* den 24 februari 2014 16:06
> *Till:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Ämne:* Re: [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input
>
>
>
> Thanks, Anders- we have yet to deploy 3700s, but will be within a couple
> of weeks. Hence the desire to get ahead of this sort of thing. I'm waiting
> on the latest clarification, hopefully from deep inside the BU, but there
> is great value in knowing where others are on the same journey.
>
>
>
> -Lee
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *On Behalf Of *Anders Nilsson
> *Sent:* Monday, February 24, 2014 10:02 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] SV: 7.6.100 bugs- looking for input
>
>
>
> Sounds like you're hitting this one:
>
>
>
> CSCuj17283 <https://cdetsng.cisco.com/webui/#view=CSCuj17283>
>
> Macbook Air, Macbook with 802.11ac chipset, and Intel 6300 v15.9.2.1 chipets 
> are reported to see dropped packets
>
> and odd ARP behaviors when using Cisco 3700 Series access point with WPA2 
> security and Centrally switched data (Local mode or Flex).
>
> Behavior varies, number of associated clients, device hosting the default 
> gateway of the client access VLAN, and/or L3 path beyond L2 DS.
>
>
>
> Supposed to be fixed in version 7.6.100.4 and available if you kneel
> before the mighty TAC.
>
> There also rumors about a beta of 7.6MR1
> https://supportforums.cisco.com/docs/DOC-40402  that have this fixed.
>
>
>
> This message will self-destruct in 10 seconds, good luck Lee  ;)
>
>
>
> Cheers
>
> Anders
>
>
>
> *Från:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *För *Lee H Badman
> *Skickat:* den 24 februari 2014 15:48
> *Till:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Ämne:* [WIRELESS-LAN] 7.6.100 bugs- looking for input
>
>
>
> Turning to my Cisco WLAN colleagues on the list for their input.
>
>
>
> We're running 7.6.100, since the holiday break after doing fairly
> extensive testing and getting the input of other large environments that
> ran it in beta. We've done well on this code to date, but are about to roll
> out 3700s in a new, very high profile building, and so I'm looking closely
> at every bit of data I can get on potential problems looming.
>
>
>
> Please see https://supportforums.cisco.com/message/4173717 thread, and in
> particular the second half of the discussion. There are three potentially
> bad bugs described, and also the mention of a new engineering build
> available (seemingly by request) to address these bug

Re: [WIRELESS-LAN] Cisco MDNS-AP

2014-02-24 Thread Mike Albano

At risk of a shameless plug, I've been asked a couple times recently how to
get mDNS snooping configured using Cisco WLC's, so I wrote it up here:
http://www.mikealbano.com/2014/02/using-mdns-snooping-for-bonjour-support.html

It's not a "thorough" description of all things-mDNS, but hope it helps
someone get started using 7.4 or 7.5/7.6.

Mike Albano


On Thu, Feb 20, 2014 at 4:33 AM, Jerry Bucklaew  wrote:

> To All:
>
>  Has anyone got the MDNS-AP function working on a cisco controller
> running 7.6 code?  I am trying to set it up and I followed the
> instructions.  I have one AP on a tagged port snooping on a single vlan.
>  The MDNS-AP picks up the apple-tv on inital boot but then it times out.
>  So it seems the querier is not working.  I am not sure how the querier is
> suppose to work.  The controller does not have a interface on that vlan
> because that vlan is not dragged into the controller, hence the need for
> the MDNS-AP.
>Also when the controller does have the Apple-tv service from the
> MDNS-AP it does not seem to hand it out.  I can see all the "wireless"
> apple-tv devices but not the MDNS one even though the controller has it in
> the list?
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] RLDP Feature?

2014-03-05 Thread Mike Albano

We don't use RLDP, mostly b/c "open" Rogues are extremely rare (in our
environment). With default settings these days being PSK on SOHO devices, a
wide-open Rogue is not common.


Mike Albano


On Wed, Mar 5, 2014 at 3:50 PM, Curtis K. Larsen
wrote:

> I agree.  But for a short term solution to bridge the gap until we install
> the dedicated AP's - I think toggling RLDP on/off for Local mode AP's at
> scheduled intervals after hours might be a decent option.
>
> 
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of McClintic, Thomas [
> thomas.mcclin...@uth.tmc.edu]
> Sent: Wednesday, March 05, 2014 4:09 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] RLDP Feature?
>
> I would rather use Rogue Detector APs. We have RLDP enabled here, we are
> working toward incorporating Rogue Detector APs instead.
>
> RLDP only works on open SSIDs and impacts valid client performance.
>
> Rogue Detectors can sense secured networks for wired rogues.
>
> We do not currently use any real-time voice applications.
>
> Thanks
>
>
>
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
> Sent: Wednesday, March 05, 2014 3:18 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: [WIRELESS-LAN] RLDP Feature?
>
> For those running Cisco I am wondering how many of you have the RLDP
> feature enabled on your controllers, and if you support real-time voice
> applications like Vocera - have you noticed any affect to their
> performance, and connectivity?
>
> I am looking at enabling the feature with alerting only -no
> auto-containment just yet- in order to gain a bit more detailed info
> regarding the rogues in our environment.  From the Cisco document here:
> https://urldefense.proofpoint.com/v1/url?u=http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0A&m=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0A&s=4a01be1a611d0300de7f7e638438a274101d03538be6fd449acad9dc97789836
>  ...It says  "During the RLDP process, the AP is unable to serve clients.
> This will negatively impact performance and connectivity for local mode
> APs."  Interested to know your experience if any with this.
>
> Thanks,
>
> Curtis Larsen
> University of Utah
>
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at
> https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0A&m=aDJhT1HU4F117G6%2FqtTBpf%2Ff1OnxjfwA4WSf6G1KC%2BU%3D%0A&s=06047f242b1b04bf8c6c1583f82c4f3b6c0968bd3e31d2aed0ccd79c6b115542
> .
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Survey

2014-03-06 Thread Mike Albano

Great idea Jerry, looking forward to the results.
I Just filled it out, here's some additional feedback:

   - Lowest supported data-rate (what cisco calls mandatory...industry
   calls Basic) depends on density. I use RF Profiles to set lowest mandatory
   rate much higher in lecture-halls & medium-high density environments.
   Office space I still disable all non-OFDM rates (ie no 802.11b -- 6Mb min.
   mandatory)
   - It's 802.1X (not x)
   - i found the "how do you deal with Rogues" question difficult to answer
   in a mult. choice format. (I think that deserves it's own survey).

Thanks for sharing,

Mike Albano


On Thu, Mar 6, 2014 at 5:41 AM, Jerry Bucklaew  wrote:

> To ALL:
>
> I wanted to ask a couple questions about what people are doing to
> improve performance for their wireless systems.  Specifically in disabling
> speeds and turning on aggressive load balancing and client band select.  I
> have access to some survey software and thought why not do it through a
> survey.  So I compiled a basic survey (12 questions) about wireless
> systems.  I added questions about how many cables you pull and what do you
> do with rogues, two popular topics. I hope people do not find this
> annoying, the survey is anonymous and of course voluntary.
> The results to the survey may be useful to many of us so I will
> publish them back to the list after a week. The more people who take the
> survey, the more useful the results will be.  If people find this sort of
> thing useful, I can create more surveys and publish the results.
>
>
> http://vovici.com/wsb.dll/s/8727g55c36
>
>
> PS. This is my first attempt at doing surveys and using this software so I
> apologize in advance for any mistakes I have made.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

How do "you" deal with rogues.

2014-03-06 Thread Mike Albano

Jerry's survey inspired me
This has been asked before in many different ways; but not as thoroughly as
I'd like. Feel free to email me on or off-list. I will share the results w/
the list once compiled.

We are trying to revise our Rogue policy, and interested in what other
higher-eds are doing. It's only 6 questions, most of which are optional.

https://docs.google.com/forms/d/1jtuEmaKu0fwQKJixY1-9Hr3a_hfRjqztYyb0ghDEZJ0/viewform

Appreciate any responses,

Thanks,


Mike Albano

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

WLPC Videos

2014-03-07 Thread Mike Albano

Videos from the recent WLPC conference have been posted. These are very
applicable if you design WiFi networks (most on this list):
My favorites:
Designing for Capacity (Andrew Von Nagy): http://vimeo.com/88454112
Engineering High Density (Chuck Lukazewski):
https://www.youtube.com/watch?v=uE3HChpRiJs
RF Myths (GT Hill): https://www.youtube.com/watch?v=V7M3ZLQIhOk

All videos found at:
https://www.youtube.com/channel/UCIzBSS46vcqhwmBZ7ZpY-yg
or
http://vimeo.com/keithrparsons

Mike Albano

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Rogue Policy Survey Results

2014-03-10 Thread Mike Albano

Thanks to all who participated in the survey. I found this information very
helpful. Here is a link to the results:
https://docs.google.com/spreadsheet/ccc?key=0Apd_vkrjDP3wdDdhM1dobFAxSlQ1MlV3Q0QtVUxRMFE&usp=sharing

Mike Albano

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Wpa2 cracked?

2014-03-26 Thread Mike Albano

Steve Gibson bought the paper and went through it. Long story short: "news
flash -- weak PSK's can be brute-forced".
Nothing new at all.

Mike Albano

On Sat, Mar 22, 2014 at 3:39 AM, Ryan McLeod  wrote:

>   I will be out of the office until Monday March 31st. Please direct all
> tech needs to the Tech Helpdesk. Thank you!
>
> GO BEYOND!
> Founded in 1821, New Hampton School is a coeducational, independent,
> college preparatory boarding and day school for students in grades 9-12 and
> postgraduate.
> www.newhampton.org
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Disabled 2.4 Radios not staying disabled

2014-04-25 Thread Mike Albano

Anyone else seeing this?
Cisco Wism2's ver. 7.6.100.10 (though I believe it affects all 7.6)
When I disable radios "config 802.11b disable " the radios turn
themselves back on after a "config ap reset" or power outage, changing AP
Group's etc. Basically, when the AP reboots, the radio re-enables itself.

TAC case pending.

Mike Albano

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 24 Apr 2014 to 25 Apr 2014 (#2014-88)

2014-04-28 Thread Mike Albano

Thanks all, I'll have to do the same (script to check).

Mike



On Mon, Apr 28, 2014 at 11:42 AM, Earl Barfield <
earl.barfi...@oit.gatech.edu> wrote:

> On 04/26/14 00:00, WIRELESS-LAN automatic digest system wrote:
>
>> Date:Fri, 25 Apr 2014 17:49:42 -0700
>> From:Mike Albano
>> Subject: Disabled 2.4 Radios not staying disabled
>>
>> Anyone else seeing this?
>> Cisco Wism2's ver. 7.6.100.10 (though I believe it affects all 7.6)
>> When I disable radios "config 802.11b disable " the radios turn
>> themselves back on after a "config ap reset" or power outage, changing AP
>> Group's etc. Basically, when the AP reboots, the radio re-enables itself.
>>
>> TAC case pending.
>>
>> Mike Albano
>>
>>
>
> Yes, we saw this back with 7.4.103.6.It only did this if the AP had
> a non-default RF profile.We opened a tac case (in Jun 2013) but
> I don't see that a bugid was ever assigned.
>
> As a workaround, I wrote a simple script that periodically queries our
> Airwave Management Platform server and alerts me if any radios are not
> in the desired state.
>
>
>
>
>
> --
> Earl Barfield -- Academic & Research Tech / Information Technology
> Georgia Institute of Technology, Atlanta Georgia, 30332
> Internet: earl.barfi...@oit.gatech.edue...@gatech.edu
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Stadium WiFi

2014-05-07 Thread Mike Albano

I've been looking at Stadium WiFi as well. There's a lot of moving parts to
it. More than just good WiFi ("apps", digital signage, Kiosks etc.)...you
need to identify what your trying to accomplish, and go from there.
For us, the stadium is used year-round, and hosts many events in addition
to our Campus events. It is a multi-purpose facility, so is dynamic in
nature.

If you're looking to enhance the "Fan Experience" a DAS-only solution won't
get you all the bells & whistles. The hotness/all the rage is surrounding
Location Based services (What's the closest bathroom, concession sales w/
out leaving seat, seat-upsales, shortest bathroom line etc). You'll
want/need an 'app' if you want to really engage the "Fans".

The most successful stadiums (NFL, NBA etc.) seem to have both...a good DAS
& 802.11 WiFi system in place.

You can find statistics on-line for 802.11 uptake at Superbowls and major
events. Not surprisingly, it's growing. You can also find article
referencing student attendance going down at campus'. Speculation is that
lack of a connection (wifi or other), being 'disconnected' is driving them
away.

I'll refrain from vendor-wars and "who's better". I can comment off-list on
specific parts of systems that I prefer in one over another, but as with
most things, there is no clear "winner".

Some links:
http://www.techrepublic.com/article/how-sports-teams-are-scrambling-to-keep-millennials-coming-to-games/#.
http://www.rcrwireless.com/article/20140205/networks/extreme-networks-boosted-by-enterasys-acquisition/(statis
by Extreme, WiFi by Cisco)
http://wlanbook.com/stadium-wifi-list/
http://wirednot.wordpress.com/2014/01/22/whats-the-big-deal-with-stadium-wi-fi-let-me-spell-it-out-for-you/
http://online.wsj.com/news/articles/SB10001424052702303369904579423792725267978(hey,
look who won worst!)
http://vimeo.com/89430966 (Chuck Lukaszewski talking Ultra-HD WiFi)

Mike Albano

On Wed, May 7, 2014 at 12:23 PM, Ball, Erik  wrote:

>  It’s been about a year since Stadium WiFi has come up on this list, so I
> wanted to see if there has been any movement towards a large scale stadium
> WiFi deployment by anyone?  We looked into this a little less than a year
> ago, and it would be quite pricey given that it would be really only
> utilized 1 season of the year.  However, the topic is coming up again (as
> part of envisioning the perfect fan experience), and it would be nice to
> see where other people stood on this.
>
>
>
> If so, can you share where you are at in the process, and the vendor that
> you selected?
>
>
>
> However, it sounds like working through cellular/DAS arrangements has been
> more popular/widespread than bothering with stadium WiFi.  If you chose
> DAS, without bothering with 802.11 coverage, did that satisfy people?
>
>
>
> Thanks,
> Erik
>
>
>
>
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] iOS8 and randomized mac addresses

2014-06-10 Thread Mike Albano

Only a packet capture will tell, and as Eric pointed out, doesn't seem to
be happening on the Beta. Time will tell "how" this feature is implemented.

I do see this having the following impact:
*Band Steering (Cisco-speak=Band Select) -- If probes are sent from dif.
mac's per radio this will break current implementation of Band Steering.
*Roaming troubleshooting -- Analyzing when a STA begins to 'Probe' for
other AP's (while connected to first AP) will become difficult/impossible.
Will need to rely solely on Auth &Assoc. requests.
*Passive tracking -- Things like 'dwell time' (dots on a map in front of
the bathroom). Will artificially increase those numbers.

All depends on how it's implemented. Different MAC per radio? How often
does it regenerate a random MAC? Once at boot-up? Every probe-cycle? Every
Probe? (that would be 34 dif. mac's in one active-scan @ 1 per channel!).
Just not enough info yet.

Mike Albano


On Tue, Jun 10, 2014 at 6:12 AM, Eric Kenny  wrote:

> I can confirm that my iPhone 5s with iOS 8 beta does NOT randomize the MAC
> address in probe requests.  This was determined by capturing and analyzing
> the probe request frames.
>
>
>
> Thanks,
>
>
>
> Eric J. Kenny
>
> Network & Security Engineer
>
> Marist College
>
> 3399 North Rd.
>
> Poughkeepsie, NY 12601
>
> 845.575.3820
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> [mailto:The EDUCAUSE Wireless Issues
> Constituent Group Listserv ] *On
> Behalf Of *Frank Sweetser 
> *Sent:* Tuesday, June 10, 2014 9:03 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] iOS8 and randomized mac addresses
>
>
>
>
> From what I can tell, they're only randomizing the MAC address on probe
> requests. It appears to still use the burned in MAC address for
> association
> and all subsequent traffic.
>
> That said, I'd love for someone with an iOS 8 device and a suitable
> wireless
> sniffer rig to confirm this guess =)
>
> Frank Sweetser fs at wpi.edu | For every problem, there is a solution
> that
> Manager of Network Operations | is simple, elegant, and wrong.
> Worcester Polytechnic Institute | - HL Mencken
>
> On 06/10/2014 08:54 AM, Lee H Badman wrote:
> > For historical tracking, could be pretty rough especially when
> individual
> > users have multiple devices.
> >
> >
> > *Lee H. Badman*
> > Network Architect/Wireless TME
> > ITS, Syracuse University
> > 315.443.3003
> >
> --
>
> > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
> > on behalf of Eric Kenny
> >
> > *Sent:* Monday, June 9, 2014 2:27 PM
> > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > *Subject:* Re: [WIRELESS-LAN] iOS8 and randomized mac addresses
> >
> > I h ave the first beta of iOS 8 installed on my iPhone 5s and it does
> not
> > appear to randomize the MAC address, nor are there any visible settings
> to
> > enable/disable that "feature." Since the MAC address remains the same
> while
> > associated to a wireless network it should not pose any issues. The
> original
> > source in the article indicates that iOS 8 will only randomize the MAC
> while
> > scanning for available networks.
> >
> > Thanks,
> >
> > Eric J. Kenny
> >
> > Network & Security Engineer
> >
> > Marist College
> >
> > 3399 North Rd.
> >
> > Poughkeepsie, NY 12601
> >
> > 845.575.3820
> >
> > *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
> > [mailto:The EDUCAUSE Wireless Issues
> > Constituent Group Listserv ] *On Behalf Of
> > *Rick Coloccia, Jr.
> > *Sent:* Monday, June 9, 2014 11:06 AM
> > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> > *Subject:* [WIRELESS-LAN] iOS8 and randomized mac addresses
> >
> > Just saw this:
> >
> >
> http://www.theverge.com/2014/6/9/5792970/ios-8-strikes-an-unexpected-blow-against-location-tracking
> >
> > It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc
> for
> > location trackers, and score a major win for privacy. As spotted by
> Frederic
> > Jacobs <https://twitter.com/FredericJacobs/status/475601665836744704>,
> the
> > changes have to do with the MAC address used to identify devices wi! th
> in
> > networks. When iOS 8 devices look for a connection, they randomize that
> > address, effectively disguising any tra

Re: [WIRELESS-LAN] Testing RADIUS Performance

2014-06-12 Thread Mike Albano

I too run FreeRADIUS servers. I've used radperf & eapol_test to do
performance testing & optimization: http://networkradius.com/radperf.html and
http://deployingradius.com/scripts/eapol_test/
It's not the most user-friendly tool, but once dialed in they're easy to
run and script.

Mike Albano
UNLV




On Thu, Jun 12, 2014 at 11:06 AM, Jorj Bauer  wrote:

> Well, it's encouraging to hear that other people feel our pain and have
> come to the same answers.
>
> -- Jorj
>
> --
> Jorj Bauer
> Manager of Engineering, Research and Development
> Information Systems and Computing, University of Pennsylvania
> 215.746.3850
> XMPP: j...@upenn.edu
>
>
> On Jun 12, 2014, at 1:50 PM, Joni Julian  wrote:
>
> > To test RADIUS, I've looked at
> http://www.serverwatch.com/sreviews/article.php/3935211/5-Free-RADIUS-Testing-and-Monitoring-Tools.htm
> for options.
> >
> > We discovered our FreeRADIUS performance problems by being affected
> ourselves and checking Splunk for errors associated with our logins. When
> we first started with EAP-TTLS, we needed to spread the load across 6
> FreeRADIUS servers because we use kerberos, and the FreeRADIUS module for
> kerberos isn't multithreaded before FreeRADIUS 3.x (which didn't exist when
> we started adding servers to keep authentications from timing out). In
> terms of each server's load average, that stays low (often under 1%). So it
> wasn't a LOAD problem so much as a single-threaded bottleneck. We now have
> a script on Splunk to let us know if those errors crop up again, but I hope
> we'll use FreeRADIUS 3.x before that happens.
> >
> > - Joni
> > --
> > Joni Julian, Ph.D.
> > Associate Director of Networking,
> > Network Management Systems and Services
> > UNC ITS Networking
> >
> > On Jun 12, 2014, at 10:45 AM, Turner, Ryan H wrote:
> >
> >> We are using freeRadius and ran a large EAP-TTLS deployment prior to
> deprecating it in favor of EAP-TLS.  We did spread out our authentications
> across multiple servers on campus so that the load wouldn't swamp our
> servers.   We see around 60k wireless devices a day (max concurrent around
> 30k), and spread the load across 6 or 7 freeRadius servers.
> >>
> >> Ryan Turner
> >> Senior Network Engineer, ITS
> >> The University of North Carolina at Chapel Hill
> >> +1 919 274 7926 Mobile
> >> +1 919 445 0113 Office
> >>
> >>> On Jun 12, 2014, at 10:32 AM, "Charles Rumford" <
> charl...@isc.upenn.edu> wrote:
> >>>
> >>> We are currently in the process of evaluating new RADIUS servers at
> the moment.
> >>> One of the problems we are having is coming up with a reliable and
> realistic way
> >>> of testing them to make sure that they are able to handle the load our
> wireless
> >>> network is going to throw at them.
> >>>
> >>> I was curious if anyone had any testing frameworks or methodologies
> they have
> >>> used in the past to test performance and conduct load testing on
> RADIUS servers.
> >>> I'm ultimately looking for a solution that simulates 802.1X
> EAP-TTLS/PAP
> >>> requests at the peak rate coming from our controllers.
> >>>
> >>> Thanks!
> >>>
> >>> --
> >>> Charles Rumford
> >>> Network Engineer/Senior Wireless Engineer
> >>> ISC Network Operations
> >>> University of Pennsylvania
> >>> OpenPGP Key ID: 0xF3D8215A
> >>> (p) 215-746-2808
> >>> (c) 267-398-7939
> >
> > **
> > Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>
> **
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] apple tv wired/wireless

2014-06-13 Thread Mike Albano

*Wired only
*WPA2-Enterprise SSID Only
*Allowing AirPlay & Airtunes.

As others have mentioned, Wireless = painful to configure and high Channel
Utilization.

Mike Albano


On Fri, Jun 13, 2014 at 12:45 PM, Hurt,Trenton W.  wrote:

>  That is what I have done as well, and yes it’s not very user friendly
> for setup.  It’s also an rf killer and I have been trying to not expand
> this because of the high channel utilization this causes by having both
> ends doing the mirror on wifi.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hector J Rios
> *Sent:* Friday, June 13, 2014 3:34 PM
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] apple tv wired/wireless
>
>
>
> We do allow them on our wireless network, but on the 802.1X network only
> (we didn’t want to create a separate SSID). They have to setup a profile to
> do this, and push it out to the Apple TV  device, but believe me, it is
> painful. I don’t recommend it.
>
>
>
> -Hector Rios
>
> Louisiana State University
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Hurt,Trenton W.
> *Sent:* Friday, June 13, 2014 8:31 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] apple tv wired/wireless
>
>
>
> For the folks that have apple tvs on campus.  How are they connecting to
> the network?  Wired/wireless
>
>
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

39 matches

Mail list logo