Re: [WIRELESS-LAN] eduroam and machine authentication
Neil, If you want to do machine authentication for local access, the SSID is yours, so treat it like you would treat any other SSID on campus. For machine authentication, I know that University of Tennessee used a lot of AD Group Policies to accomplish Machine Authentication, while maintaining user authentication at the same time (the machine can jojn the network to talk to AD on its own but each user has to authenticate independently to access the functionality of the machine). As Anders mentioned, if you give access to those machines with a REALM, empowering them to travel to other eduroam locations, make sure that someone is responsible for their usage. Best, Philippe www.eduroam.ushttp://www.eduroam.us On Apr 2, 2013, at 12:18 PM, Johnson, Neil M neil-john...@uiowa.edumailto:neil-john...@uiowa.edu wrote: We are getting requests to do windows machine authentication on our eduroam SSID (just for local machines). Is there anyone else out there doing this ? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edumailto:neil-john...@uiowa.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Looking for large-scale stadium WiFi deployments
All, If you decide to go the Provider (Verizon, ATT, etc... ) way for your stadium or even your campus, make sure that your contract doesn't restrict other SSIDs/networks/roaming consortiums too much. If you want to support eduroam or other free public providers those contract might restrict your ability to do so. Think 802.11u that is now part of 802.11 and all the potential Roaming Consortiums that will exist in the coming years! Just a heads up... Philippe Philippe Hanset www.eduroam.ushttp://www.eduroam.us On Apr 1, 2013, at 9:44 AM, Watters, John john.watt...@ua.edumailto:john.watt...@ua.edu wrote: I think that our folks have given up due to the cost and are trying to get ATT and/or Verizon to provide this. These two companies have already installed a shared jointly funded DAS system in our stadium which is working fairly well. The University of Alabama Bryant-Denny Stadium Capacity: 101,821 -jcw image001.jpg - John WattersUA: OIT 205-348-3992 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:l...@listserv.educause.edu] On Behalf Of Dewitt Latimer Sent: Sunday, March 31, 2013 4:32 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Looking for large-scale stadium WiFi deployments Dear Colleagues: If you have (or are in the process of) deploying WiFi to football stadiums greater than (say) 40K fans or arenas greater than (say) 15K, please shoot me a quick note back answering these simple questions. School Name/Venue AP vendor (Aruba, Cisco, etc) Approximate ratio of spectators per AP Which (if any) design firm did the turn-key design/build. Open access or authenticated Approximate commodity bandwidth draining the venue Do you have an RFP you can share? I'm on a tight schedule, so a quick turn around is appreciated in advance. Respond to dew...@montana.edumailto:dew...@montana.edu Many Thanks, Dewitt --- Dewitt Latimer, Ph.D. Chief Information Officer Montana State University dew...@montana.edumailto:dew...@montana.edu ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Eduroam and AUP acceptance?
All, With eduroam (or any 802.1x proxying), the outer identifier is the only thing that a Service Provider will see. @institution is necessary as an outer identifier to be able to route the request to the proper destination. So, it's not so much that eduroam doesn't allow the Service Provider to know the identifier, it's the user that decides what to reveal in the outer identifier. As of today, there is no enforcement of consistency between the outer identifier (carried with the negotiation of the TLS tunnel) and the credentials protected inside the TLS tunnel (credentials used for the authentication at the destination institution). The outer identifier just needs to contain the REALM (@institution) to be able to reach its destination. This said, many operating systems put by default the inner identifier as the outer identifier. In other words, as a user, you have to specifically configure your EAP supplicant in the operating systems with a specific outer identifier if you want to mask you identity (most common one is anonymous@institution, but @institution works as well). Every federation that participates in eduroam is required to sign a compliance statement: https://www.eduroam.org/downloads/docs/eduroam_Compliance_Statement_v1_0.pdf (Internet2 signed it on behalf of the US). This greatly enhances the responsiveness of the eduroam service as a whole. So we really have two schools of thoughts: 1-The privacy concerned (that only want anonymous@institution) 2-The Security concerned (that would prefer real-user@institution) For 1, I would say that you can always anonymize yourself or your users if you are concerned. For 2, if law enforcement is involved, as Peter Jacobs mentioned earlier Don’t worry about other countries and cooperation agreements between law enforcement. It works faster than you think – in both directions Also, all participants in eduroam are required to hold RADIUS logs for 6 months! (part of the GeGC Compliance Statement) For CALEA: eduroam is not a public network. Only authenticated users can join it! For DMCA: When you have a complaint, we help you send the complaint to the proper destination For blocking an abuser immediately: classic MAC address filtering, Chargeable User Identity (http://tools.ietf.org/html/rfc4372), or in desperate cases: block the entire REALM! The driver license analogy is great, but eduroam works better ... As a visitor to the US you have to first get an International Driver License, good for only a few months. http://www.usa.gov/Topics/Foreign-Visitors-Driving.shtml eduroam allows you to use your school credentials, as is ;-) Best, Philippe Philippe Hanset www.eduroamus.orghttp://www.eduroamus.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:l...@listserv.educause.edu] On Behalf Of Green, William C Sent: February-26-13 2:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Eduroam and AUP acceptance? I think the driver's license is an interesting analogy, and it causes me to think differently about the issues eduroam raises in a different light. However, as with most analogies it breaks down quickly (states do have standards coordinated with federal entities on IDs [blustering aside], coordinated training and standards [e.g. car vs truck], integrated license plate databases, user identities on the drivers license when pulled over, etc). I am interested in the service, and like the idea of enabling researchers better network access. But I'm still troubled by a number of issues which I think could be solvable, but solving them doesn't seem to be in the spirit of the European effort. Just a few: My understanding is eduroam doesn't allow the host university to know the identity of the user of the local network resource. The host can request it of the remote university, but the remote may or may not respond. It adds complexity to security investigations and law enforcement actions. Local law enforcement can't compel another country's university to release credentials. What might US CALEA implications be in these cases? I realize different laws/rules apply in different localities/entities regarding network use and identity and interpretation by each entities legal counsel. My understanding is also that eduroam doesn't have standards for who is granted credentials across institutions participating. At one school it may be faculty/students/staff, while at others that may include alumni/visitors/hobos. Related, I don't believe attributes are revealed in cases where the local institution wished to grant different status to, say faculty versus student. How do different access policies and charges (for those of us that charge) map? There may be exposures to user/password credentials utilized. For institution that use a consistent/single sign-on credential for their network
Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius
Linchuan, There is a big drawback to no letting your users join the local eduroam SSID. They won't be able to setup their devices while on campus before traveling. Having the concordia.cahttp://concordia.ca users joining the eduroam SSID on campus will help them with two aspects of the connectivity: -Learn to use the REALM (user@reaml, in your case realm=concordia.cahttp://concordia.ca) -Learn to load the proper RADIUS infrastructure certificate on their machine before traveling somewhere else These two things alone could reduce your help desk calls quite a bit. If you do so, make sure to enforce the REALM requirement from your own users in your RADIUS config (we used to not enforce that at University of Tennessee and ended up with users not being able to use eduroam when traveling) What you can do (as explained by Steve and Julian) is to filter the concordia.cahttp://concordia.ca users and put them in special VLANs. For instance: University of Tennessee, Knoxville assigns users with @utk.eduhttp://utk.edu credentials to the same VLAN pool weather they join the eduroam SSID or the ut-wpa2 SSID. The only difference between the two is that users joining eduroam have to use ne...@utk.edumailto:ne...@utk.edu and users on ut-wpa2 can only use netid if they want. Have a good Weekend, Best, Philippe Hanset www.eduroamus.orghttp://www.eduroamus.org On Feb 15, 2013, at 3:24 PM, Linchuan Yang linchuan.y...@concordia.camailto:linchuan.y...@concordia.ca wrote: Dear All Do you use different radius servers for your local SSID and eduroam SSID? Currently, we are using the same radius servers for both of SSID, and we found that some of our local users login with eduroam SSID inside our campus. We want to block our local users (both user...@concordia.camailto:user...@concordia.ca and user123)to login with eduroam SSID, could you please explain how to modify the proxy.conf or other configuration files on Freeradius (Linux version)? Furthermore, we want to block user...@concordia.camailto:user...@concordia.ca to login with our local SSID, and let user123 login with our local SSID. Thank you, and have a nice weekend. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] need help to substantiate an SSID recommendation
Jake, AES is definitely what you want to use, and with modern equipment it will actually be less intensive on your hardware since there is some key-caching advantage with 802.11i/WPA2. But another question is: are you doing PSK for the whole campus? Giving the same passphrase to all your users? (if you do, don't worry too much about TKIP VS AES) I have also heard that some OSes don't deal well with a blank space in the SSID, but I have never seen this for myself. Best, Philippe www.eduroamus.org On Jan 24, 2013, at 12:59 PM, Daniel Westacott dw...@umn.edu wrote: Jake: TKIP has been broken. A long time ago. This article http://wifinetnews.com/archives/2010/06/say_goodbye_to_wep_and_tkip.html talks of it being removed from the WiFi certification,the article was from 2010. We run SSID's with spaces, and have been doing it for years. /daniel/ daniel westacott Networking and Telecommunications University of Minnesota. On Thu, Jan 24, 2013 at 11:43 AM, Barros, Jacob jkbar...@grace.edu wrote: I feel silly asking this question but value your opinions. We recently had some authentication errors that caused me to open a support case. The engineer I was working with eluded to the fact that having a space in my SSID name could be contributing to the problem though not the root. He also inferred that using TKIP instead of AES would cut processing requirements on the controller and therefore grant better performance. I have not been able to confirm his opinions from those I have asked (including other engineers from the same company) nor in print. We are using a single SSID for most of our campus, 'Grace WiFi' WPA2-PSK AES. Theoretically, should I get better performance (or less overhead) from 'Grace-WiFi' WPA2-PSK TKIP? Leaving the vendor/company out of this conversation, will you please comment on whether or not these changes will make a difference? I would love to either substantiate or debunk this theory. Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] students per AP in residence halls
On Fri, Jan 11, 2013 at 9:50 AM, Tom O'Donnell to...@maine.edumailto:to...@maine.edu wrote: I was wondering what other schools have for a ratio of students to AP's in the residence halls, either definitely or approximately? Tom, At University of Tennessee Knoxville, we have redone our Dorms this summer and have had great success with the new design (almost no calls to the Help Desk during back to school, compared to a total fear of back to school in previous years ;-) Here is what we did: -APs are located in rooms, designed to have 5 GHz in every room. -We stagger the APs to respect a ratio of 5 or 6 person per AP, with at least 100 Mbps uplink/AP -We cover everything at 5 GHz and let ARM (the Aruba algorithm) deal with the 2.4 GHz coverage (3 channels, not 4) -Usually the position of bathrooms dictates the pattern of AP location (in some cases we had to go to 4 students/AP just because the design of the building forced us to do so) In general, dual occupation rooms are much easier to deal with than single occupation rooms. -Some buildings have great penetration vertically, some have great penetration horizontally. The staggering will be a function of the building characteristics. We usually survey a few floors for each building to establish a pattern then do the rest on paper. We also use the Algorithm provided in Airwave to corroborate our findings. Hope it helps, Philippe www.eduroamus.orghttp://www.eduroamus.org If you have such a number, how do you count dual-band AP's? They're doing more than a 2.4GHz AP, but not quite as much as two AP's. Then one last related question... Would anyone know their relative mix of 2.4GHz vs. 5GHz connections in residence halls? Thanks. -- Tom O'Donnell Senior Manager of Network and Server Systems Information Technology Services University of Maine at Farmington (207) 778-7336tel:%28207%29%20778-7336 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Residence Halls
David, Let me add that we cover between 5 to 6 students per AP (we stagger APs between floors), and when an AP goes down, we rarely receive a complaint since there is enough overlap between APs. So we can take some time to fix the problem (referring to the room access issue). As Larry mentioned, we used to have many complaints with our hallway 2.4 GHz design, we have almost none with our bedroom 5 GHz design. The cost is different of course! BTW, good luck to have a decent coverage at 5 GHz if you plan to cover from the hallway. The attenuation is atrocious! It is hard to reach the room, and APs see each other in the hallway forcing the RADIO algorithm to reduce power. (at least with the kind of buildings that we have at UTK) Best, Season's Greetings, Philippe www.eduroamus.org On Dec 19, 2012, at 10:30 AM, Jennings, Larry W ljenn...@utk.edu wrote: David, During the spring and summer of 2012, the University of Tennessee Knoxville campus upgraded wireless in the dorms. We had b/g AP's in the dorm hallways and the wireless complaints were a constant reminder that we had to do something. We removed the AP's from the hallways and placed AP's in some of the dorm rooms, taking one of the wired ports for an AP. Overall, we went from around 600 AP's to 1600 AP's and to 802.11n throughout in the process. We've had very few calls where students have messed with the AP's. For rooms that we had to use one of the wired ports, we allow a small switch to be installed upon request. But we haven't seen many requests for that. lj Larry Jennings IT Manager - Network Services The University of Tennessee 2309 Kingston Pike Bldg. Knoxville, TN 37996 Phone: 865.974.1619 Email: ljenn...@utk.edu SIP: ljenn...@utk.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of David Robertson Sent: Wednesday, December 19, 2012 8:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Residence Halls We are looking at how we install wireless in our Residence Halls for coverage. Currently we only place access points in the hallways, but are looking at moving them into the rooms for better coverage. We were wondering if anyone else has put the access points in the rooms and if they have seen a reduction in wireless complaint or if there have been issues with students playing with or disconnecting the access points. David R. -- David Robertson Service Delivery Manager Network Engineering Technology George Mason University Voice: 703-993-2443 Fax: 703-993-3505 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Residence Halls
Joel, Heads up. Many vendors provide box mounted APs with only one radio at 2.4 GHz (e.g. your Ruckus reference) or selectable spectrum (the extreme network reference or even the Aruba AP 93H). Providing only 2.4 GHz is a solution that might not last for long and only providing 5 GHz could create problems with your community. We looked at those and decided that this type of investment wouldn't last very long. If a vendor had a 2 radios AP in a wall box format, it would be a completely different story (but can 802.3af support 2 radios and a switch?) Philippe On Dec 19, 2012, at 11:44 AM, Coehoorn, Joel jcoeho...@york.edumailto:jcoeho...@york.edu wrote: We're looking into a wall-box form factor for our access points. Something along the lines of one of these: http://www.ruckuswireless.com/products/zoneflex-indoor/7025 http://www.extremenetworks.com/products/altitude-4511.aspx http://www.panoptictechnology.com/smart-room-network-jacks/ They're designed to fit into a traditional electrical wall box (like the one that's probably already there for an existing network drop) and they provide a passthrough port, so a student can still plug in a wired device like an xbox without messing the functional parts of the AP. The student may not even know there's an access point there. This won't work for everyone, since the big Aruba/Cisco players don't have this form factor. We're small enough we don't even have a controller and use fat APs. But I thought this was still worth mentioning for those with mixed environments or anyone using Ruckus or Extreme.. As a side note: is anyone else eager for a common AP/Controller interaction standard, to be able to bring one vendor's access points to another's controller? [http://www.york.edu/ycsealsig.png] Joel Coehoorn Director of Information Technology York College, Nebraska 402.363.5603 jcoeho...@york.edumailto:jcoeho...@york.edu [http://www.york.edu/mvplogo.png] The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Wed, Dec 19, 2012 at 10:16 AM, Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu wrote: To that point- I have had to hit manual override on the fabled RRM algorithm in spots where the APs influence each other to the detriment of the clients. Typically amounts to setting a new min power level that the APs are not allowed to go below, and occasionally going old-school setting fixed power. I find the auto power/channel thing to be good, but not above reproach. -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of phanset Sent: Wednesday, December 19, 2012 11:10 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Residence Halls David, Let me add that we cover between 5 to 6 students per AP (we stagger APs between floors), and when an AP goes down, we rarely receive a complaint since there is enough overlap between APs. So we can take some time to fix the problem (referring to the room access issue). As Larry mentioned, we used to have many complaints with our hallway 2.4 GHz design, we have almost none with our bedroom 5 GHz design. The cost is different of course! BTW, good luck to have a decent coverage at 5 GHz if you plan to cover from the hallway. The attenuation is atrocious! It is hard to reach the room, and APs see each other in the hallway forcing the RADIO algorithm to reduce power. (at least with the kind of buildings that we have at UTK) Best, Season's Greetings, Philippe www.eduroamus.orghttp://www.eduroamus.org/ On Dec 19, 2012, at 10:30 AM, Jennings, Larry W ljenn...@utk.edumailto:ljenn...@utk.edu wrote: David, During the spring and summer of 2012, the University of Tennessee Knoxville campus upgraded wireless in the dorms. We had b/g AP's in the dorm hallways and the wireless complaints were a constant reminder that we had to do something. We removed the AP's from the hallways and placed AP's in some of the dorm rooms, taking one of the wired ports for an AP. Overall, we went from around 600 AP's to 1600 AP's and to 802.11n throughout in the process. We've had very few calls where students have messed with the AP's. For rooms that we had to use one of the wired ports, we allow a small switch to be installed upon request. But we haven't seen many requests for that. lj Larry Jennings IT Manager - Network Services The University of Tennessee 2309 Kingston Pike Bldg. Knoxville, TN 37996 Phone: 865.974.1619tel:865.974.1619 Email: ljenn...@utk.edumailto:ljenn...@utk.edu SIP: ljenn...@utk.edumailto:ljenn...@utk.edu -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN
Re: [WIRELESS-LAN] 802.1x Wireless Printers- revisited
Has been a while: What wireless printers have you found that successfully work on 802.1x based wireless networks- particularly using MS-CHAPv2/PEAP, WPA2, and AD back-end (as if the printer was just another host on the secure network). If the reason why you're asking is because you've had issues with the above setup, and you happen to be using HP printers. The supplicant on HP printers before firmware releases in 2011 would not work correctly if using PEAP with the inner tunnel terminating on FreeRADIUS, Arran, Is this problem just with FreeRADIUS or should it be with all flavors of RADIUS like RADIATOR, Microsoft IAS NPS, CISCO ACS ISE, Juniper Steel-Belted? Thanks, Philippe www.eduroamus.org because HP had misimplemented the draft specification, and included full EAP headers in the inner tunnel, when they were meant to send cut down EAP headers. Newer firmware for HP printers should contain the fix. If you're not using HP printers then apologies for the noise. -Arran ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] anyone using Aerohive?
And when you do include the cost of controllers make sure to consider the lifetime of a controller. We are on our second generation of access-points but still relying on the same controllers. So, the final cost is amortized over two generations. Time will tell if we can use them for a third one ... Philippe Univ. of TN On Nov 17, 2012, at 9:38 PM, Frank Bulk frnk...@iname.commailto:frnk...@iname.com wrote: One can’t ignore the controller and licensing costs and compare AP pricing. You need to look at the total system cost… Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barros, Jacob Sent: Wednesday, November 14, 2012 2:46 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] anyone using Aerohive? Depends on what you chose to factor in to the cost and which model you choose. We are an Aruba shop and we use the 'low end' AP's (and happy with them at that). If you compare an AP93 to the HiveAP121, the AP93 is way less. Choose to factor in the cost of the controller and licensing and the numbers are a lot closer. However if you look at the list price on an AP125, it is about the same as HiveAP330. Again, factor in the cost of the controller and the Aerohive unit is less. I believe it's worth a look either way. Get out your must haves list and compare. Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178tel:574.372.5100%20x6178 On Wed, Nov 14, 2012 at 3:18 PM, Ashfield, Matt (NBCC) matt.ashfi...@nbcc.camailto:matt.ashfi...@nbcc.ca wrote: Thanks for the reply. I am a bit surprised at the sticker price comment. It was my understanding that it’d be quite a bit cheaper than the conventional centralized/controller based solutions? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Barros, Jacob Sent: Wednesday, November 14, 2012 4:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] anyone using Aerohive? We have a few deployed at an apartment style building outside our physical cabling plant range. So far it's been a great solution. It overcame a few density and coverage issues, so kudos there. Management interface is web based and hosted and that works well. My only negative is the sticker price. It's a little more than other systems, but so far it has been fantastic. We have not attempted to integrate it with our NAC and there is no need to tunnel to on-campus resources, so I cannot comment there. They offered us a trial and I was sold in the first few days. If you are looking to do a live testing environment, I would recommend you do so without hesitation. Do you have any specific questions? Jake Barros | Network Administrator | Office of Information Technology Grace College and Seminary | Winona Lake, IN | 574.372.5100 x6178tel:574.372.5100%20x6178 On Wed, Nov 14, 2012 at 2:40 PM, Ashfield, Matt (NBCC) matt.ashfi...@nbcc.camailto:matt.ashfi...@nbcc.ca wrote: Been hearing a few things about Aerohive, but not a whole lot of discussion on here. Has anyone looked at it? What are your impressions? Thanks Matt Ashfield New Brunswick Community College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.