RE: One more round- finer point on Open Networks in Dorm

[trent . hurt]

I’m curious how a portal solves dhcp capacity issues.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Monday, May 16, 2016 7:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm


Agreed.

We had a wide open Guest network for a while until there were DHCP capacity 
issues. We then inserted a portal to fix that.
​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Brian Helman [mailto:bhel...@salemstate.edu]
Sent: Friday, May 13, 2016 11:50 AM
Subject: Re: One more round- finer point on Open Networks in Dorm

Lee, I posed this question back at NERCOMP.  You may want to also know the 
answer to “who has done this and switched back to a non-open environment?”.

-Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, May 13, 2016 9:02 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm


I asked this back in February, and would like to go one more round with some 
specifics applied. Direct response off-list is OK if you prefer. Let me ask it 
two ways:

· Who runs a wide-open WLAN in their dorms? I’m talking no encryption, 
no portal, no nothing. Just get on and go, baby.
· Same question, but with simple PSK/WPA2 added.

No ISE, no Clearpass, no MAC registrations. For those doing this, do you 
rate-limit? Restrict access only to Internet? Block WLAN clients from directly 
reaching each other? Any other restrictions/policy configs applied?

Thanks,

Lee Badman

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

[trent . hurt]

Here is great list of clients w/ capabilities

https://sites.google.com/a/mikealbano.com/clients/



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Wednesday, April 13, 2016 9:36 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?

This is a good reference to look at devices' capabilities:



https://urldefense.proofpoint.com/v2/url?u=https-3A__wikidevi.com_wiki_List-5Fof-5F802.11ac-5FHardware=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=iInZnKzc7Ag2BSusW5tsNTg8_SpPl6clhUDfwrgGyV0=T3Z9uNRj0uZ8LTynEF4tOxP0aVesBS5DOpC95GyqKxk=
 



Also, the Wi-Fi Alliance site has a lot of good information that is relatively 
simple for users to understand. They also have a product finder page that 
allows you to filter based on different criteria. 



https://urldefense.proofpoint.com/v2/url?u=http-3A__www.wi-2Dfi.org_product-2Dfinder=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=iInZnKzc7Ag2BSusW5tsNTg8_SpPl6clhUDfwrgGyV0=Goweo-EWRd043Bvq8bT-Hc1PlS8N5kM58ADti_P5mCU=
 



Other than that, it is hard to teach the consumers to pay attention to the 
details of the technology they are buying. Most of the times their decisions 
are driven by cost factors. Luckily today you can just recommend "AC", and that 
guarantees 5GHZ; something that was not the case with 802.11n.



Regards, 



Hector Rios

Louisiana State University





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook

Sent: Tuesday, April 12, 2016 7:41 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



Bit of both, we see plenty of new devices 2.4 only. It's always the cheap 
stuff. Apple is pretty popular though so at least on that side we know we get 
5ghz



The Edimax Nano USB seems a good choice for laptops, 5ghz only but the inbuilt 
will take care of 2.4 and the device is small enough to be plugged in 
permanently. Going to trial a coupel but they are only $20 here in AU so even 
students can afford an upgrade. We've proven to a few people the difference by 
using the large Edimax AC1200, those are great but too big. Antenna strength 
may be interesting on the Nano.



Does anyone have a website up to educate students/staff on BYOD purchasing? We 
used to but it was removed (another story) and I'm keen to get it going again. 
The problem is that most people won't see it before purchasing, but at least 
it's a point of reference. 





-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Gogan, James Patrick

Sent: Tuesday, 12 April 2016 9:38 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



I'm unfortunately seeing that we may actually start to experience an INCREASE 
in 2.4GHz-only devices . when we asked about this on campus recently, I 
received this reply ... and this is from a central IT person:



" I wanted to point out that many brand new phones don't speak 5GHz such as the 
Motorola Moto G (3rd generation) which just began shipping late last summer.  
In fact, none of the generations of Moto G have a 5GHz radio.  Motorola has 
reserved 5GHz wifi for the Moto X which is their premium spec phone.The 
Moto G is a pretty common phone - I know of several folks (in our department) 
that have such including myself and a coworker who just bought a brand new one 
Friday.  Republic Wireless sells a ton of these.  The Moto E, which is the base 
model, also doesn't speak 5GHz.  Several folks in our building also have that 
phone."



Don't know whether to blame Motorola or folks that go for the cheapest stuff 
possible.



-- Jim Gogan / Univ of North Carolina at Chapel Hill



-Original Message-

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Earl Barfield

Sent: Monday, April 11, 2016 4:07 PM

To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

Subject: Re: [WIRELESS-LAN] Turning off 2.4 on a select SSID?



> On 04/07/2016 09:24 AM, Hector J Rios wrote:

>>

>> I guess this brings up another good question, and that is, what is 

>> the percentage of 5GHz vs 2.4GHz you all see in your institutions?

>> For us is still 50-50. And it’s been like that for a while. I still 

>> see new laptops that only come with 2.4GHz adapters.

>>





While it can be useful to track what percentage of connections use 5GHz radios, 
we've found that a better question to ask is "What percentage of 5GHz-capable 
clients are actually connecting at 5GHz".



In our environment, it varies wildly by building: some as high as 95% 

aruba Atmosphere Breakout Sessions Now Available

[trent . hurt]

Login/account required to view the sessions...

http://page.arubanetworks.com/index.php/email/emailWebview?mkt_tok=3RkMMJWWfF9wsRokvajLdu%2FhmjTEU5z14uopW6%2B3iokz2EFye%2BLIHETpodcMT8JkNLrYDBceEJhqyQJxPr3FLNkNyMBvRhfnDw%3D%3D


See Bruce this list isn't all Cisco wifi.  :)

Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Updated Cisco technical docs

[trent . hurt]

Lots of updates or new guides for 8.2

http://www.cisco.com/c/en/us/support/wireless/5500-series-wireless-controllers/products-technical-reference-list.html

Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Welcome to Bring-Your-Own-Access | EdTech Magazine

[trent . hurt]

Any folks looking to adopt bring your own access policies?  


http://edtechmagazine.com/higher/article/2015/12/welcome-bring-your-own-access


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Self-registered MAC device bypass- worth the headaches?

[trent . hurt]

Not sure how up to date this is…

http://2.bp.blogspot.com/-XhUW84JOJj4/TdZdX3YbIJI/AAA/BpQ7LDfc5Yo/s1600/comparison%2Bbetween%2BPPSK.jpg

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield
Sent: Tuesday, March 1, 2016 3:09 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

I’m curious how PPSK scales.  What are the limits on the number and span of a 
PPSK?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Tuesday, March 01, 2016 12:02 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the 
headaches?

Ruckus supports a PPSK variant, as well.

I'm just gonna put this out there. I have this idea in my head for an ideal 
wifi service. It starts with personal pre-shared key (PPSK), but it's something 
I don't believe is possible yet with any vendor.

Step one is to create a unique key prefix for each user, effectively embedding 
a username value (the prefix) into the same field as the key/password. The 
prefix would be as short as possible, perhaps as small as three characters, in 
order to keep entry into devices simple. The purpose of this prefix is to allow 
users to choose their own wifi password, while still ensuring that each PSK 
value is unique and identifiable to a given user. If we don't value allowing 
users to choose their own wifi passwords, we could instead generate and assign 
them, and just map back the assigned key to the user.. but I believe there is 
value in this.

Users would onboard by first connecting to a portal available via open/limited 
ssid to claim their key. They would have to log in with their traditional 
username/password. The portal would then prompt them for a key suffix (their 
wifi password), and then show them the complete key (prefix + suffix), which 
would be registered with our system. It would also have options to show them 
history for devices authenticated using their key, expire an old/create a new 
key using the same prefix, and other typical account management options. Once 
created, that key could be used with anything that supports traditional PSK 
connections.

One important feature that I'd like to see as part of this, and what I think 
helps make this idea unique, is that devices authenticated with the same PPSK 
should always end up with the same vlan id. In this way, a student would be 
able to, for example, connect to a desktop in his room from the phone/tablet he 
brought to class and grab a file he forget to show an instructor. It also makes 
things like wireless printers, long the bane or our existence, almost 
reasonable in terms of setup and support.

By keeping a prefix that's unique to each user, or mapping all key assignments 
back to the user, we can still always know who is responsible for a given 
device. We could do things like get a report of keys that authenticate more 
than, say, 6 devices to monitor for key abuse, expire keys when there is a 
problem, engage a known user when expiring old keys is not enough, and even map 
users to specific vlan pools for network policy enforcement. We could also 
create keys for events or specially classes of device (security cameras, door 
locks, wifi phones, etc). Additionally, per-user keys means each user's 
over-the-air signals have different encryption keys, preventing things like 
firesheep from working. This is just about all the things we do with 802.1x 
today, but in a form that's much friendlier to the consumer devices we have to 
support.

This plan effectively embeds a username (the prefix) and a password (suffix) 
into the same value, with our without the prefix, so some of the same security 
concerns apply, but these are solvable problems. We just need to get vendors on 
board with the idea.



[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]


Joel Coehoorn
Director of Information Technology
402.363.5603
jcoeho...@york.edu



The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Tue, Mar 1, 2016 at 10:20 AM, David R. Morton 
> wrote:
Matt, Bill and others,

You’d indicated that you have instructions for most common devices, is this 
something that you can share. Like others, we have a manual registration 
process (built on ClearPass), but it does require the MAC in order to complete 
the registration. The Amazon Echo is now relatively straightforward, as it 
shows up in the Alexa app after you’ve connected your phone to the Echo. To 
find it, users open the Alexa app, go to settings, choose the device and scroll 
all the way down to the bottom 

Re: [WIRELESS-LAN] wireless planning tool question

[trent . hurt]

I can say I've asked ekahau myself about this and was told I wasn't the first 
one to request it.  Not sure what version it's going to be in but they told me 
they are working on it.

I personally use/prefer capacity planner tool from here...

http://www.revolutionwifi.net/capacity-planner/

Sent from my iPhone

On Jan 22, 2016, at 8:26 AM, Oliver, Jeff 
> wrote:

All,

This question would/could refer to all tools that have predictive capabilities, 
but the tool that I have is the Ekahau ESS Pro. Has anyone found a way to take 
higher densities of devices in a specific area of a map into account, such as a 
floor that is largely office spaces but has a couple of classrooms dropped into 
the center or end of the floor?

Cheers,
Jeff

---

Jeffrey L. Oliver
Sr. Network Analyst
Information Technology Services
The University of Lethbridge
4401 University Drive, Lethbridge, Alberta, T1K 3M4

Tel: 403.329.5162
Mob: 403.315.4461
Fax:403.382.7108

URI:   mailto:jeff.oli...@uleth.ca


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

[trent . hurt]

Also couple notices for cisco 1800 series ap

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet


http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, January 13, 2016 11:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] FW: Cisco Wireless LAN Controller Unauthorized Access 
Vulnerability

FYI



-Original Message-
From: Wireless Issues in the JANET community 
[mailto:wireless-ad...@jiscmail.ac.uk] On Behalf Of Paul Hill (phill)
Sent: Wednesday, January 13, 2016 11:14 AM
To: wireless-ad...@jiscmail.ac.uk
Subject: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Hi folks,

For relevant Cisco-using colleagues, I'd like to draw your attention to a newly 
published Cisco PSIRT Advisory 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc

The advisory relates to a newly discovered, high severity vulnerability in the 
Cisco Wireless LAN Controller software that could result in a remote attacker 
being able to modify the configuration of the controller or causing a denial of 
service condition.

Free software updates are available to all affected customers and can be 
obtained directly from Cisco.com (for those with service contracts) or via the 
Cisco TAC (for those without service contracts).

Cisco Wireless LAN controllers running 7.6, 8.0 and 8.1 software versions 
before interim (escalation) builds 7.6.130.33, 8.0.120.7 and 8.1.120.5 are 
impacted. Current latest public builds 8.0.121.0 and 8.1.131.0 already include 
the fix. A fixed build of 7.6 is available via TAC request only as there are no 
further public rebuilds planned for 7.6. If you are currently running an 
escalation build other than a publicly downloadable build, please check via 
your support partner or with TAC before upgrading to ensure that your intended 
upgrade version still integrates the fixes your escalation image provides. If 
it doesn't, TAC will recommend the next available escalation release that 
includes everything.

If you're running a guest wireless SSID that uses WebAuth then you are most at 
risk and should plan to upgrade your wireless controller software as soon as 
possible.

Please review the full advisory details via the link above and if you have any 
questions or concerns, please don't hesitate to contact me or your support 
partner.

This is a wireless mailer, but of side relevance is a different PSIRT 
announcement that affects Identity Services Engine (ISE) here: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise

Regards,
Paul

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIFAg=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=q3L8JFNZQLLdbxJWeUOtZHekWMGvs1VI5VLTdJ7Vc9w=nd59EuGzTH06FueVNhEkLQXFHt21P3DjRt2smNfOhi8=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

FW: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

[trent . hurt]

FYI



-Original Message-
From: Wireless Issues in the JANET community 
[mailto:wireless-ad...@jiscmail.ac.uk] On Behalf Of Paul Hill (phill)
Sent: Wednesday, January 13, 2016 11:14 AM
To: wireless-ad...@jiscmail.ac.uk
Subject: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Hi folks,

For relevant Cisco-using colleagues, I'd like to draw your attention to a newly 
published Cisco PSIRT Advisory 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc

The advisory relates to a newly discovered, high severity vulnerability in the 
Cisco Wireless LAN Controller software that could result in a remote attacker 
being able to modify the configuration of the controller or causing a denial of 
service condition.

Free software updates are available to all affected customers and can be 
obtained directly from Cisco.com (for those with service contracts) or via the 
Cisco TAC (for those without service contracts).

Cisco Wireless LAN controllers running 7.6, 8.0 and 8.1 software versions 
before interim (escalation) builds 7.6.130.33, 8.0.120.7 and 8.1.120.5 are 
impacted. Current latest public builds 8.0.121.0 and 8.1.131.0 already include 
the fix. A fixed build of 7.6 is available via TAC request only as there are no 
further public rebuilds planned for 7.6. If you are currently running an 
escalation build other than a publicly downloadable build, please check via 
your support partner or with TAC before upgrading to ensure that your intended 
upgrade version still integrates the fixes your escalation image provides. If 
it doesn't, TAC will recommend the next available escalation release that 
includes everything.

If you're running a guest wireless SSID that uses WebAuth then you are most at 
risk and should plan to upgrade your wireless controller software as soon as 
possible.

Please review the full advisory details via the link above and if you have any 
questions or concerns, please don't hesitate to contact me or your support 
partner.

This is a wireless mailer, but of side relevance is a different PSIRT 
announcement that affects Identity Services Engine (ISE) here: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise

Regards,
Paul

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Amazon Echo- An Example of Admin Pain

[trent . hurt]

>From this link it appears that the device is using mdns for discovery.

https://www.piettes.com/hacking-alexa-the-new-amazon-echo/


If you can find out the mdns service string (cisco world).  (example of 
airtunes service string  _raop._tcp.local.)  It's called service ID in aruba 
world, but its same format just different verbage.   From the pic in the link 
it shows

dp-447601db._sftp-ssh._tcp.local

If I had one I would sniff just to verify that I have the correct service string

You should be able to go into controller and manually add this service string 
to your controller's mdns gateway.  Of course you would have to have the device 
on mac auth ssid and enable mdns snooping on both the mac auth ssid and your 
802.1X ssid.   Then your 802.1X capable clients should get the mdns 
advertisement from the mac auth wlan via the controller mdns snooping table.

Not pretty but it should work as long as the service string is correct.


Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, January 05, 2016 3:50 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Amazon Echo- An Example of Admin Pain

Happy New Year, everyone.

See 
https://www.reddit.com/r/amazonecho/comments/3ic47c/is_there_any_workaround_to_get_alexa_on_a_private/

And note all of the clever "work arounds". Yikes.

Is anyone dealing with Echos for real, with findings that you can share? I 
don't have one yet to eval, but am told that much of the desired functionality 
would be broken by Echo on MAC-Auth Open Network and users on Secure 1x network.

Other than finding the MAC address creatively on the network, you can email 
Amazon for it. I'm also curious how the MAC address is determined by emailing 
Amazon (?)



Regards,

Lee Badman






** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

aps into a office Christmas tree

[trent . hurt]

http://www.networkworld.com/article/3015954/mobile-wireless/our-christmas-tree-at-the-office.html



Trenton Hurt, CWNE #172,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Active directory account lockout N-2 policy

[trent . hurt]

Does anyone know which radius servers actually work with the password history 
n-2 feature in Active Directory?


>From the link below...


"This new feature is sometimes called password history n-2. The most recent 
previous password is referred as n-1. The next most recent is n-2. Not all 
authentication
 types will take advantage of this new feature. 
Kerberos
 and 
NTLM
 authentication protocols support password history n-2. These protocols are 
used when either a password or smart card is used for interactive logon. Other 
protocols, such as 
RADIUS
 and PEAP, may or may not increment badPwdCount when a bad password is 
attempted. Some protocols do not forward bad password attempts to the PDC 
Emulator. That might explain why phone users can get locked out if the phone 
attempts repeatedly to authenticate with a bad password."

http://social.technet.microsoft.com/wiki/contents/articles/32490.active-directory-bad-passwords-and-account-lockout.aspx#Account_Lockout_in_Windows_TwoThousandThree_and_Above




Thanks
Trent


Trenton Hurt, CWNA,CWDP,CWSP,CWAP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

surface pro 4 slow wifi

[trent . hurt]

FYI... haven't seen this myself just passing along

http://www.ibtimes.co.uk/surface-pro-4-surface-book-having-slow-wi-fi-how-fix-1526643



Trenton Hurt, CWNA,CWDP,CWSP,CWAP,CCNP(W),CCNA(W),CCNA(V),CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Android Marshmallow and Wireless..

[trent . hurt]

Necessary RADIUS Updates
Many popular RADIUS versions contain a bug that causes 802.1X authentication to 
fail on devices attempting to negotiate with the TLS 1.2 protocol. This issue 
affects the following services:
FreeRADIUS 2 versions 2.2.6 through 2.2.8
FreeRADIUS 3 versions 3.0.6 through 3.0.8
Net::SSLeay 1.52 or earlier on RADIATOR servers
ClearPass 6.5.1
This bug was present but unnoticed until TLS 1.2 support was briefly included 
in iOS 9 devices. It is now supported by the newest Android systems and the 
developers have no plans to revert to TLS 1.0 despite connectivity issues. To 
ensure all future devices are able to connect to secure wireless, we strongly 
advice that you update your RADIUS per developers recommendations:
ClearPass: Upgrade to version 6.5.2 or greater
RADIATOR: Upgrade Net::SSLeay to version 1.70 or greater
FreeRADIUS: Upgrade to version 3.0.10
Microsoft NPS: Update information available 
here.




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, October 13, 2015 3:28 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Marshmallow and Wireless..

Correction...  TLS 1.2 was fixed for EAP-TLS in 2.2.7.  This is a good thread:

https://code.google.com/p/android/issues/detail?id=188867

I think you actually should be good running on 2.2.9 according to this thread, 
but you obviously aren't!!  If you really struggle, you may want to consider 
backreving to a freeRadius that didn't include TLS 1.2 support until you can 
assess.  If you have a virtual infrastructure, I'd spin up a test RADIUS server 
on old code with the same config and test.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Tuesday, October 13, 2015 3:23 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android Marshmallow and Wireless..

Post your EAP method.  The fixes for TLS1.2 are not universal across the 
freeRadius versions and are EAP type dependent.  For example, UNC is EAP-TLS, 
and the fix for TLS was in 2.2.8.  I 'think' TTLS was 2.2.9.  We've had no 
issues with Android M.  I sent an email out to our technical user community and 
we've had no issues with numerous people connecting.

Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, October 13, 2015 3:13 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Android Marshmallow and Wireless..

So, we're a Cisco wireless shop, running WiSM-2's HA, blah blah blah... 
Authenticate the 802.1x with FreeRadius, and just upgraded it this morning to 
2.2.9.  I've got ONE user on a Nexus 5 who upgraded to Marshmallow.  When we 
were running the 2.2.8 version of FreeRadius, the login failed.  We've upgraded 
to 2.2.9, and we're seeing in the radius logs "Login OK" for his username and 
MAC address, but really, it is not connecting.

I've captured the "troubleshooting" logs from our PI 2.2.3, and we're going to 
work with him tomorrow running debug on the radius server when he's trying to 
connect, but thought I'd reach out to y'all and see if anyone else is seeing 
this issue.


   Respectfully,

   Danny Eaton

   Snr. Network Architect
   Networking, Telecommunications, & Operations
   Rice University, OIT
   Mudd Bldg, RM #205
   Jones College Associate
   Office - 713-348-5233
   Cellular - 832-247-7496
   dannyea...@rice.edu

   Soli Deo Gloria
   Matt 18:4-6

G.K. Chesterton, "Christianity has not been tried and found wanting.  It's been 
found hard and left untried."




** Participation and subscription 

RE: [WIRELESS-LAN] iPads and sleep issues

[trent . hurt]

On the cisco what is your session timeout set to?  The default is enabled and 
1800 seconds it’s under wlan and advanced tab.  Also you may want to check this 
link and look into what your broadcast key rotation is set to.  The default is 
1hr.   I saw lots of issues with androids in the past with this and clients 
would drop every hour.

http://wirelessccie.blogspot.com/2009/12/wpawpa2-broadcast-key-rotation-on.html



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Roth
Sent: Tuesday, October 13, 2015 8:22 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] iPads and sleep issues

Christopher,

We have a group on campus that has about 40 iPads in a cart for student use. We 
never had a connection issue per se with these iPads, but we did notice that 
every hour (literally every 60 minutes) we would see all of the iPads that were 
asleep and connected to a single AP suddenly disconnect then reconnect. Our 
wireless vendor is Cisco. To my knowledge when they woke them up they never had 
an issue with connecting them, we just happened to notice an hourly dip in our 
Prime connection graphs during the summer.

I'm not sure if this helps or not

On Tue, Oct 13, 2015 at 2:45 PM, Jeremy Gibbs 
> wrote:
May I ask, who is your wireless vendor?


--

Jeremy L. Gibbs
Sr. Network Engineer
Utica College IITS

T: (315) 223-2383
F: (315) 792-3814
E: jlgi...@utica.edu
http://www.utica.edu

On Tue, Oct 13, 2015 at 2:32 PM, Butler, Christopher 
> wrote:
I'm looking to collect some other information to help inform our process to 
resolve an issue we are experiencing on our wireless infrastructure.  I have an 
open incident with my vendor and they are working on a resolution, but I'm 
trying to determine if we are the only ones dealing with this.

We have a large deployment of iPads (1500) on our campus. somewhat evenly 
distributed across iPad Air 2, iPad Air, iPad 4 and iPad 3 and almost all are 
running iOS 8.x.

We had an issue crop up this fall when a group of iPads all connected to the 
same access point all go to sleep at the same time.  The access point seems to 
lose track of which devices are asleep and which aren't and it ends up 
overwhelming the RF space with RTS packets to iPads that don't respond, thus 
rendering every other client on the access point almost non-functional.

Has anyone seen wireless transmit issues related to iOS "sleep" mode? The 
packet captures indicate that the iPads seem to oscillate quickly between 
"sleep" and "awake" and eventually end up asleep will the AP thinks that they 
are still awake.

Obviously, I'm in the middle of a bit of finger pointing between the wireless 
vendor and Apple and other data points can only help.

Thanks,
Christopher

Christopher Butler
Assistant Head of School. Information Services
St. John's Preparatory School
http://www.stjohnsprep.org
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--
Joe Roth
Network Manager
Binghamton University
Ph. 607-777-7528
Fax 607-777-4009
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and 

RE: Android marshmallow 802.1X

[trent . hurt]

I just tested Nexus 7 w/ Android 6 Peap w/MS-CHAPv2 using Cisco ISE.  It 
connected successfully

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, October 09, 2015 11:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Android marshmallow 802.1X

I retract/amend my last message: both of our users are on fine with Android 6, 
using Cisco ACS and PEAP w/ MS-CHAPv2.

Lee Badman | Network Architect
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Friday, October 09, 2015 10:12 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Android marshmallow 802.1X


​Is interesting- I have one user who says he broke after the upgrade, and one 
that is confirmed good. I've put no analysis into either yet, but both are 
trusted tech folks.






Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Trent Hurt 
<trent.h...@louisville.edu<mailto:trent.h...@louisville.edu>>
Sent: Friday, October 9, 2015 7:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Android marshmallow 802.1X

Issue 188867 - android - peap eap mschapv2 android M not working - Android Open 
Source Project - Issue Tracker - Google Project 
Hosting<https://urldefense.proofpoint.com/v2/url?u=https-3A__code.google.com_p_android_issues_detail-3Fid-3D188867=AwMFaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=7zavXXu1MPyIeKsBU11CubvbajlcMx0DCxxUzAg9i8E=LD9sieEHlScHnuK6WY7iwogxRHVp7AnA9qy81BRls4Y=>












Issue 188867 - android - peap eap mschapv2 android M not working - Android Open 
Source Project 
-...<https://urldefense.proofpoint.com/v2/url?u=https-3A__code.google.com_p_android_issues_detail-3Fid-3D188867=AwMFaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=7zavXXu1MPyIeKsBU11CubvbajlcMx0DCxxUzAg9i8E=LD9sieEHlScHnuK6WY7iwogxRHVp7AnA9qy81BRls4Y=>
Status:  Assigned Owner:  
sya...@google.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__google.com_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=dDfFZCWbDOApszQzO6pV9NiF9zHBhu88WxplFhXleMs=CwEJNlJar7mqW4_1_QTglYbhTVgc3KlJi460Ve23CVQ=>
 Cc:  
sya...@google.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__google.com_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=dDfFZCWbDOApszQzO6pV9NiF9zHBhu88WxplFhXleMs=CwEJNlJar7mqW4_1_QTglYbhTVgc3KlJi460Ve23CVQ=>
 Type-Defect Priority-Small ReportedBy-User Component-Networking Sign in to add 
a comment


View on 
code.google.com<https://urldefense.proofpoint.com/v2/url?u=https-3A__code.google.com_p_android_issues_detail-3Fid-3D188867=AwMFaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=7zavXXu1MPyIeKsBU11CubvbajlcMx0DCxxUzAg9i8E=LD9sieEHlScHnuK6WY7iwogxRHVp7AnA9qy81BRls4Y=>

Preview by Yahoo





Seems like there is an issue with  latest anroid OS (Marshmallow) when it comes 
to 802.1X wireless.

Sent from my iPhone
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=dDfFZCWbDOApszQzO6pV9NiF9zHBhu88WxplFhXleMs=QfDzm4bODXtJlYLksdZd2HLeoSiNKlN1oLln_HtFkAA=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=dDfFZCWbDOApszQzO6pV9NiF9zHBhu88WxplFhXleMs=QfDzm4bODXtJlYLksdZd2HLeoSiNKlN1oLln_HtFkAA=>.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=dDfFZCWbDOApszQzO6pV9NiF9zHBh

Android marshmallow 802.1X

[trent . hurt]

Issue 188867 - android - peap eap mschapv2 android M not working - Android Open 
Source Project - Issue Tracker - Google Project 
Hosting












Issue 188867 - android - peap eap mschapv2 android M not working - Android Open 
Source Project 
-...
Status:  Assigned Owner:  sya...@google.com Cc:  
sya...@google.com Type-Defect Priority-Small 
ReportedBy-User Component-Networking Sign in to add a comment


View on 
code.google.com

Preview by Yahoo




Seems like there is an issue with  latest anroid OS (Marshmallow) when it comes 
to 802.1X wireless.

Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco WLC software upgrade

[trent . hurt]

Watch out for false dfs events.  Various bugs throughout 8 code

Sent from my iPhone

> On Sep 23, 2015, at 11:04 AM, Philip C Theruvakattil 
>  wrote:
> 
> We are currently running 8.0.120.0 on our production pair of Cisco 5508 
> controllers. APs are primarily 3500, 1142, 1131 and just starting to deploy 
> 2700s. 
> 
> It has been a month and a half since we upgraded to 8.0.120.0 and have not 
> experienced any problems. 
> 
> Phil T
> Network Engineer 
> Phillips Andover Academy
> 
> 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bruce Curtis
> Sent: Tuesday, September 22, 2015 4:47 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Cisco WLC software upgrade
> 
>  We have been running 8.0.120.0 on our 8510 HA Pair and haven't had any major 
> issues.
> 
>  We had some strange behavior that we mistakenly thought might be related to 
> 8.0.120.0 but we finally found that the real issue was MAC table exhaustion 
> on switches in the Residence Halls.  (The APs there are in flex connect mode.)
> 
>> On Sep 22, 2015, at 10:44 AM, Entwistle, Bruce 
>>  wrote:
>> 
>> We are currently running version 7.6.130.30 on our pair of Cisco 5508 
>> controllers and have been dealing with an issue where the clean air sensor 
>> on the APs will randomly crash.  The APs are primarily model 3500 and 3600.  
>> I have been informed that the solution is to upgrade to version 8.0.120.0.  
>> I was looking to see what others have experienced in there upgrade from 
>> 7.6.130.30 to version 8.0.120.0.
>> 
>> Thank you
>> Bruce Entwistle
>> Network Manager
>> University of Redlands
>> 
>> 
>> ** Participation and subscription information for this EDUCAUSE 
>> Constituent Group discussion list can be found 
>> athttp://www.educause.edu/groups/.
> 
> ---
> Bruce Curtis bruce.cur...@ndsu.edu
> Certified NetAnalyst II701-231-8527
> North Dakota State University
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIFAg=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=HiCvEDgQpcQr8_C1ZTwMJUuHZjGGeu4FRrVd6X_enC0=tDaPC8rt0vMNK5nYLG_a_PtMir4bEAvujCXcQ-WRQnw=
>  .
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIFAg=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=HiCvEDgQpcQr8_C1ZTwMJUuHZjGGeu4FRrVd6X_enC0=tDaPC8rt0vMNK5nYLG_a_PtMir4bEAvujCXcQ-WRQnw=
>  .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: UT Austin Biennial Network Report

[trent . hurt]

Thanks for the awesome insight into your network.  I have a question about this 
statement...

“The 5GHz spectrum has experienced problems.  In fall of 2014, ITS had to 
reduce the number of channels utilized due to FCC-mandated radar avoidance 
mechanisms in our vendor’s equipment.  This halved the available channels, and 
required us to reduce channel bandwidth for 802.11n/ac from 40MHz to 20MHz 
(reducing both capacity and speed).  End users noticed and commented on the 
speed reduction (which had not been anticipated).  New software this fall may 
allow ITS to re-enable 40MHz channels."


Is this related to all the various dfs bugs in the cisco wifi code?  I have 
heard and read about others fighting false dfs events and I'm seeing dfs issues 
as well with various code versions.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Green, William C
Sent: Thursday, September 17, 2015 7:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] FYI: UT Austin Biennial Network Report

Below is UT Austin's biennial network report.  I encourage others to provide 
their operational reports for everyone’s benefit.




https://urldefense.proofpoint.com/v2/url?u=https-3A__utexas.box.com_s_hh3lplbqoca66th2v820ougkmkexmx5v=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=XLigqItalEUeEaGAicCEZFLcdLkY0hmPRc_Jvv9TIoE=a0AAHc8bvr95wgORH5TSZVsu9KDCjLaTXi8XwQKB6Kg=
 







--

William C. Green  e-mail:  gr...@austin.utexas.edu

Director, Networking and Telecommunications   phone:   +1 512-475-9295

ITS (Information Technology Services) fax: +1 512-471-2449

University of Texas

1 University Station Stop C3800

Austin, TX  78712













**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=XLigqItalEUeEaGAicCEZFLcdLkY0hmPRc_Jvv9TIoE=V6VK1iHLZAhZEM-G57kmDU-10DpEjm5r4R7-8qRytRc=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: FYI: UT Austin Biennial Network Report

[trent . hurt]

Thanks, so are you all only using UNII-1 and UNII-3 for now?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Green, William C
Sent: Friday, September 18, 2015 9:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] FYI: UT Austin Biennial Network Report

> I see that you use Cisco as the primary Core, but what do you use for edge 
> switches, wireless and controller software.



> Bradley University

> T. Shayne Ghere

Cisco edge switches (a variety of models, lately the 2960X line), WISM2 
wireless controllers in 6509s, Aruba Airwave for wireless reporting (locally 
developed software for provisioning).



> Is this related to all the various dfs bugs in the cisco wifi code?  I have 
> heard and read about others fighting false dfs events and I'm seeing dfs 
> issues as well with various code versions. 

Yes, we’ve been working closely with Cisco utilizing our “rich environment” for 
data collection and testing.







-William









**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=Sx_goD7f3uxsx-geiMzlC7pqfNsroNEC-pnOLi6yd5U=4XbOQCSHcr7yWmkR8wwVzvYRZHse-xOBLFXjXUl3rBo=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the dorms- quick Survey

[trent . hurt]

Both ruckus and aerohive offer similar tech with dynamic psk or ppsk.

http://2.bp.blogspot.com/-XhUW84JOJj4/TdZdX3YbIJI/AAA/BpQ7LDfc5Yo/s1600/comparison%2Bbetween%2BPPSK.jpg



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Steve Bohrer
Sent: Thursday, September 10, 2015 6:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

I’m assuming “PPSK” is some sort of WPA2-Personal implementation that uses 
individual passwords per user, rather than a single PSK? I think I’ve heard of 
this from Aerohive and Ruckus; are there other vendors who have it?

Steve Bohrer
Network Admin, ITS
Bard College at Simon's Rock
413-528-7645

On Sep 10, 2015, at 11:06 AM, Paul Sedy 
> wrote:

I will do the same and log a request with Cisco on PPSK type technology… I 
would love to see a simpler solution that we could deploy as well.

Paul Sedy
The Master’s College
Director of IT Operations
21726 Placerita Canyon Rd, Santa Clarita, CA 91321
661.362.2340 | rps...@masters.edu
#private

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook
Sent: Wednesday, September 09, 2015 11:47 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

I’ve launched a  request at Cisco to implement something like PPSK. Perhaps if 
enough places request this from there vendors we might get something in. I’ve 
logged a TAC case, spoken to the local cisco team and an operations manager, 
not sure what other paths there is.

It does seem to be something that provides a reasonable solution to fall-back 
to when 802.1x isn’t an option. We currently do it with a PSK but I’m waiting 
on that day when the key needs changing. Not so worried about the dorms, I 
think we can manage that as we can contact the users very easily (though PPSK 
would still be a better option).

But the on-campus random devices which is still only a handful could be quite a 
pain to track them all down and there would be a good period of time with 
certain devices not working. There’s nothing major relying on this, but it is 
still work that will need to be done that wouldn’t have to be if they were 
802.1x or we had a PPSK like option.

--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Saturday, 5 September 2015 6:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

Is the student’s “residence” in this case any different than a VP who travels 
and uses hotel WiFi, the hotel being their residence most of the time? Are we 
asking the student to do something we wouldn’t require of the VP in the hotel?

This is why something like Areohive’s PPSK (private pre-shared key) is 
interesting to me, in that it provides something that is “good enough” without 
all the hassles around WPA-ent. We get the user off of an open network, but 
provide easy on-boarding for the user and their devices.

I agree that students may not know they should care, but I’m not sure it’s the 
university’s job to educate them i.e. they are adults, and we don’t go round 
them up to make sure they attend class. Our students only care about connecting 
to the WiFi, and even if we try to explain why it’s better, there is only a 
small percentage that care… the same can be said for staff/faculty.

I also shy away from saying, “…provide the secure option.” since it implies 
everything they do is now secure, which it is not.

I do agree that providing both options is a good idea, but my own evidence 
shows that if the user’s chrome-cast is in the device-net, they will put their 
laptop there to so that they have access to it.

Jeff

From: 
"wireless-lan@listserv.educause.edu" 
on behalf of "Coehoorn, Joel"
Reply-To: 
"wireless-lan@listserv.educause.edu"
Date: Friday, September 4, 2015 at 1:31 PM
To: 
"wireless-lan@listserv.educause.edu"
Subject: Re: [WIRELESS-LAN] Supporting "those other Wi-Fi devices" in the 
dorms- quick Survey

The difference between us and a McDonalds or Starbucks is that we are the 
student's residence. They can't as easily just wait or go elsewhere in order to 
do things that really should not be done on an open wifi connection.

Additionally, this is the first encounter with the issue for many students. 
They haven't yet had a chance 

RE: Eduroam authentication question with AD

[trent . hurt]

http://www.my80211.com/home/2011/11/8/cisco-acs-5x-radius-proxy-server-to-strip-prefix-or-suffix-u.html



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Thursday, September 03, 2015 4:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Eduroam authentication question with AD

We have one issue with eduroam and AD authentication. We authenticate eduroam 
users to Active Directory using PEAP-mschap-v2. The issue relies at our AD 
domain name which is a sub domain called cfs.uoguelph.ca. If users try to login 
with username use...@uoguelph.ca, the authentication will fail as the domain 
name does not match. We had to strip the "@uoguelph.ca" suffix on our ACS 4.2 
to make it work but the same suffix stripping functionality does not exist in 
ACS 5.x so we have to find other alternatives. I would to know if it is a 
common issue in universities that the AD domain does not match the main domain? 
If you have the same issue, what are your solutions? Thanks.

---
Dennis Xu, MASc, CCIE #13056
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwICaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=ZGNGEwI7MuX6ZYb8zI2OPHTjBPbrVb6lKgssAE646gU=0jLcqQro-UDEbuxgwokCI63P6yj9DcGA3-grmtL4vX4=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Special characters mschapv2

[trent . hurt]

This happens with special characters at beginning or end of password.


https://discussions.apple.com/thread/6659195


Sent from my iPhone

On Aug 13, 2015, at 4:04 PM, Matthew Newton 
m...@leicester.ac.ukmailto:m...@leicester.ac.uk wrote:

On Thu, Aug 13, 2015 at 06:42:45PM +, Trent Hurt wrote:
Peap mschapv2 w/ Cisco ise auth to ad. Anyone ever hear of folks
not auth on wifi due to use of certain special characters in
user password?  Like @ or !

https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.freeradius.org_pipermail_freeradius-2Dusers_2014-2DMay_072038.htmld=AwIDAwc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=fkg8hwuaJOPVLYLFIrpgBZXgOsqGp1ODV55RU5eq-xQs=rnQV5RQYeUBxtKzHyXkJ2yJCENNK5sqwizfRzBwFnuAe=

The link above talks about OS X possibly having issues
calculating the password hash when using certain characters

Those characters are all outside the standard ASCII range. We get
occasional problems with people using the pound sterling sign (£),
though I can't remember specifically with PEAP/MS-CHAPv2 - it's
usually when people are authenticating against LDAP.

There's nothing special about @ or !, and I've never heard of any
issues with them in a password. But then, we're a FreeRADIUS site,
not ISE.

Matthew


--
Matthew Newton, Ph.D. m...@le.ac.ukmailto:m...@le.ac.uk

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 
ith...@le.ac.ukmailto:ith...@le.ac.uk

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwIDAwc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=fkg8hwuaJOPVLYLFIrpgBZXgOsqGp1ODV55RU5eq-xQs=kN1JfBFlcb1mTnYVrLrg3VBHwhxtPA1vx9BnV-Bfxh0e=
 .

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] AW: Ekahau Site Survey + Tablet

[trent . hurt]

I know a few folks who use surface 3 for surveying without issues.  Here is a 
nice blog with some performance recommendations for ekahau

http://www.ekahau.com/wifidesign/blog/2015/07/24/boosting-ekahau-site-survey-and-3d-planner-performance/

Sent from my iPhone

On Jul 31, 2015, at 8:22 AM, Sachse, Hartmut 
sac...@pdv-sachsen.netmailto:sac...@pdv-sachsen.net wrote:

Ask Jussi from Ekahau via Twitter @jussikiviniemi. If i remember right the 
recommend Surface Pro 3.


Best Regards

Hartmut Sachse
Systems Engineer




Von: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] Im Auftrag von Eric T. Barnett
Gesendet: Donnerstag, 30. Juli 2015 23:57
An: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Betreff: [WIRELESS-LAN] Ekahau Site Survey + Tablet

Good afternoon,

I was wondering if anyone out there was running Ekahau’s site survey software 
on a tablet and which ones that they’ve had good luck with. I’m looking at a 
Surface Pro 3, but I wonder if the Pro 2 would be sufficient. Of course, I’ll 
take cheaper alternatives if there are any!

Thanks,
Eric

[Description: Description: Description: 
http://area51.astate.edu/e-footer/wolf.jpg]https://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=

Eric Barnett
Senior Network Engineer/Wireless Administrator
Information and Technology Services

P.O. Box 1140 | State University, AR 72467
Office: (870) 680-4243 | Fax: (870) 972-3011
ebarn...@astate.edumailto:ebarn...@astate.edu | 
http://www.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=bF3T55wJ5Kd2n5OUDNpcUNPji4-X8fcrijMGRvOQHgUe=
http://wireless.astate.eduhttps://urldefense.proofpoint.com/v2/url?u=http-3A__wireless.astate.edu_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=MFw9vbn7a5HM8TjvMTVHCunEmrhL2Gon2xmzVb8ssJEe=



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=3K-TeXjoajK7gyLj6g2pluEg_M_5jjcTI_G30IjdsUke=.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=svIa5a4TJmPjW6sJO9CQ8FsIwV38bOzloF6TG8VvH5Qs=3K-TeXjoajK7gyLj6g2pluEg_M_5jjcTI_G30IjdsUke=.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

New Wi-Fi technology will make phones ‘aware’ of their surroundings

[trent . hurt]

http://fortune.com/2015/07/14/wi-fi-technology-aware/


Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: WLAN Trouble Shooting and Design_Chapter Excerpt.pdf

[trent . hurt]

That pdf came from this post

https://community.aerohive.com/aerohive/topics/download-a-free-booklet-about-wlan-troubleshootinghttps://community.aerohive.com/aerohive/topics/download-a-free-booklet-about-wlan-troubleshooting?rfm=1topic_submit=true

Big thanks to Aerohive for making this available for free.  :D

On May 5, 2015, at 9:20 PM, Hurt,Trenton W. 
twhur...@exchange.louisville.edumailto:twhur...@exchange.louisville.edu 
wrote:



WLAN Trouble Shooting and Design_Chapter Excerpt.pdf





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

TAC Recommended AireOS 7.6 and 8.0 - 2Q CY15

[trent . hurt]

https://supportforums.cisco.com/document/12481821/tac-recommended-aireos-76-and-80-2q-cy15


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Very High Density 802.11ac Networks Validated Reference Design

[trent . hurt]

http://community.arubanetworks.com/t5/Validated-Reference-Design/Very-High-Density-802-11ac-Networks-Validated-Reference-Design/ta-p/230891


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

[trent . hurt]

I would consider yourself lucky if you're running 8.0.110.0  on 5508 without 
issue.  Lots of folks I know have seen issue with 5508 crash/reboot but no 
crash log and the wlc either will revert back to its secondary image or not 
come back at all.  I have opened tac case and received esc image that fixes the 
reboot bug.   .115 has the reboot bug as well so need esc image.


https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week


https://tools.cisco.com/bugsearch/bug/CSCuq74491  --  bug info for 5508 reboot


http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr1dot5.pdf
  -- release notes for .115 which lists the bug too



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Tuesday, April 07, 2015 10:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

We came across a bug in 7.6.130.0 that was determined they were not going to 
fix it in 7.6.130.23, but did fix it in 8.0.110.8.

7.6.130.23 fix for CSCus94968
8.0.110.8 fix for CSCus94968 and CSCur56103




From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Tuesday, April 07, 2015 9:29 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

We've been running two 5508s with 8.0.110.0 for quite some time now. 
Controllers are the most stable that I've seen them in several versions.

Regards,

Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Tuesday, April 07, 2015 8:19 AM
To: 
wireless-...@listserv..educause.edumailto:wireless-...@listserv..educause.edu
Subject: [WIRELESS-LAN] Should I upgrade to WLC Version 8 in May

I am thinking of upgrading from version 7.6.122.12 to version 8.0.115.0 in May 
but have heard many comments about ver 8 crashing and folks going back to 
version 7.x. Would I be wiser to wait until July or August or stay where I am 
for the Fall semester. Any thoughts?

-Jeff Legge
Radford University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=.
!DSPAM:911,5523e9a2174617860181752!
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwMFAgc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=BYLyxF2TTTXEnYkel_J6YhBlz23JLVxgN8yK8H_R2EUs=G3VOsOaqV6-hBuWndHhMddjvRBa2TteTRl5L5KBwyoYe=.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Measuring wall attenuation

[trent . hurt]

From: Hurt,Trenton W.
Sent: Tuesday, March 24, 2015 10:07 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE: Measuring wall attenuation

Great webinar which outlines the methodology behind getting attenuation and 
lots of other good survey tips.

https://www.brighttalk.com/webcast/5522/148939


Brightalk does require registration to watch but doesn’t validate the email or 
the form entries.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, March 11, 2015 1:53 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Measuring wall attenuation

I read some of these tips online regarding measuring rf attenuation and 
measuring in the field.  I thought it was very good info so sharing here with 
the group.

For getting wall attenuation, you need to measure 3-5m of free space loss, 
then the exact same distance with free space and the wall in question. It is 
the difference between the two. Do a couple and average.  You have to get away 
from near field and first Fresnel zone issues. Check w/ just free-space then w/ 
walls at same distance as the free-space data point.  Be sure to do multiples 
though, one might be anomaly, like right at a metal stud.  You do not need to 
use exact ap you will be installing or power level. This is all about the 
differential.  The FSPL is to set a baseline, then the additional readings are 
to measure target wall's attenuation.

This is the ap some suggested to help with measuring attenuation of building 
materials.

http://www.buffalotech.com/products/wireless/dual-band-routers/airstation-ac433-wireless-travel-router





Sent from my iPhone

RE: [WIRELESS-LAN] LAP/WLC MIC lifetime expiration causes DTLS failure

[trent . hurt]

https://supportforums.cisco.com/document/12453081/lightweight-ap-fail-create-capwaplwapp-connection-due-certificate-expiration



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Monday, March 23, 2015 2:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] LAP/WLC MIC lifetime expiration causes DTLS failure

https://tools.cisco.com/bugsearch/bug/CSCuq19142

---
Dennis Xu, MASc, CCIE #13056
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_d=AwICaQc=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlkr=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vsm=29nrwDzeIN70jmn1CqBWWVx9KXi9f9ZEi99NhJdzQHQs=CxxpNvgy4EDIcDYA4zcAXUPojHY0NmzeOgY6Gc98htoe=
 .

RE: Measuring wall attenuation

[trent . hurt]

Great webinar which outlines the methodology behind getting attenuation and 
lots of other good survey tips.

https://www.brighttalk.com/webcast/5522/148939


Brightalk does require registration to watch but doesn’t validate the email or 
the form entries.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, March 11, 2015 1:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Measuring wall attenuation

I read some of these tips online regarding measuring rf attenuation and 
measuring in the field.  I thought it was very good info so sharing here with 
the group.

For getting wall attenuation, you need to measure 3-5m of free space loss, 
then the exact same distance with free space and the wall in question. It is 
the difference between the two. Do a couple and average.  You have to get away 
from near field and first Fresnel zone issues. Check w/ just free-space then w/ 
walls at same distance as the free-space data point.  Be sure to do multiples 
though, one might be anomaly, like right at a metal stud.  You do not need to 
use exact ap you will be installing or power level. This is all about the 
differential.  The FSPL is to set a baseline, then the additional readings are 
to measure target wall's attenuation.

This is the ap some suggested to help with measuring attenuation of building 
materials.

http://www.buffalotech.com/products/wireless/dual-band-routers/airstation-ac433-wireless-travel-router







Sent from my iPhone

RE: 1GBE as a bottleneck to APs?

[trent . hurt]

Lots of varying opinions out there on this.

http://www.revolutionwifi.net/revolutionwifi/2015/1/multi-gigabit-ap-backhaul-do-you-need-it

http://www.theruckusroom.net/2014/02/will-80211ac-stab-you-in-the-backhaul.html



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hinson, Matthew P
Sent: Tuesday, March 24, 2015 10:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] 1GBE as a bottleneck to APs?

I've seen a few articles here and there regarding possible solutions for the 
gigabit bottleneck as it pertains to .11ac access points. Said solutions 
include Cisco's forthcoming protocols for 2.5G and 5G over CAT5 cabling as well 
as LACP'ing two gigabit ports per switch and AP as some vendors suggest...

My question for the group is: Has anyone actually seen a throughput issue using 
gigabit to the edge? Certainly your distribution layer gear could be a 
limitation if it's not specced correctly, but I've just never seen a situation 
where I've wished for more than 1000BASE-T to an AP. Our fastest 802.11ac 
access points can only hit 600-700mbit/s real TCP throughput, and that's in 
ideal, almost laboratory conditions.

Thoughts?

Thank you!
Matthew Hinson
Network Operations
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Looking for interest among Wi-Fi professionals

[trent . hurt]

Of course using cisco gear I use the cisco support community site, but I also 
frequently read the airheads forums as well.  Yes I mostly gloss over much of 
the aruba specific parts but lots of good rf knowledge sharing happening on 
airheads too.  RF is rf



Just few examples of

http://community.arubanetworks.com/t5/Technology-Blog/Wireless-NICs-External-USB-Hubs-and-Noise/bc-p/213999

http://community.arubanetworks.com/t5/Technology-Blog/802-11-Packet-Capture-Skillz-To-Pay-The-Bills/ba-p/149414

http://community.arubanetworks.com/t5/Technology-Blog/Tools-for-Troubleshooting-from-the-Client-Apple-Edition/bc-p/218857



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Thursday, March 19, 2015 7:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

Personally, I do not use Airheads (Aruba Social) much. I usually get any 
assistance I need from our account team  the responsive Aruba support.


Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Chuck Enfield [mailto:chu...@psu.edu]
Sent: Wednesday, March 18, 2015 4:17 PM
Subject: Re: Looking for interest among Wi-Fi professionals

I asked exactly that question just a few weeks ago, but I didn't use this list. 
 Between Airheads and more intimate peer groups, I don't usually raise those 
questions here.  FWIW, I've also been asked this question off-list by people 
from other edu's.

To be honest, I'm interested to hear whether or not people think this is the 
best venue for vendor-specific issues.  I sometimes feel like I spend too much 
time deleting Cisco posts on this list.  While I've never thought it was 
inappropriate to discuss those things here, it is why I tend to take Aruba 
issues to forums where I know the other participants use Aruba.  On the other 
hand, there are plenty of people from Aruba shops on this list that may not a 
have access to the forums I use and would benefit from seeing the discussion 
here.  So, should I be posting Aruba-specific questions and comments on this 
list, or should that stay on Airheads?

Chuck Enfield
Manager, Wireless Systems  Engineering
Telecommunications  Networking Services
The Pennsylvania State University
110H, USB2, UP, PA 16802
ph: 814.863.8715
fx: 814.865.3988

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Wednesday, March 18, 2015 3:42 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Looking for interest among Wi-Fi professionals

I could be useful IF it is not dominated with Cisco Wi-Fi issues. Although 
Cisco is the largest vendor, they must have the most issues.
When was the last time people were asking whether to upgrade to a GA version of 
ArubaOS?, for instance?


Bruce Osborne
Wireless Engineer
IT Infrastructure  Media Solutions

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Wednesday, March 18, 2015 1:49 PM
Subject: Looking for interest among Wi-Fi professionals

This is not meant to self-promote, apologies if it seems that way. Looking for 
interest on whether those on the list would get value out of a potential new 
wireless-oriented discussion board, as described here:

https://wirednot.wordpress.com/2015/03/18/hey-wireless-professionals-would-you-use/

Won't hurt my feelings either way, but could be kind of valuable if you picture 
it widely used.

Regards-

Lee Badman



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: WLC 5508 Reboots- 8.0.110.0 Code

[trent . hurt]

Do I need to get escalation image from TAC to fix this?  I have had a few 
reboots on different 5508's that I have on 8.0.110.0 The bug page shows this 
version as fix 8.1(10.191) Are they offering to give you that?


Also I know that there are many cisco folks that monitor this listserv.  This 
message is to you...


PLEASE PLEASE PLEASE

Stability over features.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, March 18, 2015 9:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WLC 5508 Reboots- 8.0.110.0 Code

Sigh... just kick me.

Our latest Cisco WLAN fun comes in the form of 5508 spontaneous reboots on 
8.0.110.0 code. Has anyone else on the list experienced this?

I do find this Support Community thread:  
https://supportforums.cisco.com/discussion/12411926/wlc-5508-automatically-restarting-twice-week#comment-10362606

And this related bug: https://tools.cisco.com/bugsearch/bug/CSCuq74491

Have had one reboot today, and found that another had done so last week quick 
enough where monitoring and alerting didn't catch it. Now going through all of 
them to see if there might have been others missed.

TAC case open and I see that 8.0.110.0 is no longer available to download, with 
8.0.115.0 recommended.

-Lee Badman



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: ResHall Wireless

[trent . hurt]

Both ruckus and aerohive offer similar tech with dynamic psk or ppsk.

http://2.bp.blogspot.com/-XhUW84JOJj4/TdZdX3YbIJI/AAA/BpQ7LDfc5Yo/s1600/comparison%2Bbetween%2BPPSK.jpg

But both have limits and may not work for larger schools with higher client 
counts

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Williamson
Sent: Wednesday, March 11, 2015 11:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

Matthew,

My guess is you already have an infrastructure in place, but Ruckus does a self 
activation portal which creates a dynamic PSK for each device.

Hope that info helps,
Bob Williamson
Network Administrator
Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | 
www.aw.orghttp://www.aw.org/
D: 253.272.2216 | F: 253.572.3616 | 
bob_william...@aw.orgmailto:bob_william...@aw.org

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, March 11, 2015 7:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless

We’re still investigating this as well.  Our wishlist would be a randomized PSK 
for each user, sort of like an authenticated guest network.  We haven’t seen 
anything that can pull that off though.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Christopher Michael 
Allison
Sent: Wednesday, March 11, 2015 10:31 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ResHall Wireless


We use a seperate SSID currently but they have an IP similar to the other 
wireless on campus. We have had talks about DMZing our Residence halls from 
main campus including their wireless.

​


CHRISTOPHER ALLISON
Network Engineer I

Information Technology
Mail Code 4622
625 Wham Drive
Carbondale, Illinois 62901

chris.m.alli...@siu.edumailto:%20chris.m.alli...@siu.edu
P: 618 / 453 - 8415
F: 618 / 453 - 5261
INFOTECH.SIU.EDUhttp://infotech.siu.edu/
[http://asset.siu.edu/_assets/images/email_sig/SIU_email_2line.gif]

Choose a job you love, and you will never have to work a day in your life.
Confucius

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
on behalf of Hector J Rios hr...@lsu.edumailto:hr...@lsu.edu
Sent: Wednesday, March 11, 2015 8:47 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] ResHall Wireless

I’m wondering how many of you treat the wireless in the ResHalls differently 
from the wireless on the rest of your campus. In terms of geography, we have 21 
ResHalls that are in the perimeter of our campus. Some of these buildings are 
next to academic or administrative buildings. Eduroam is our main SSID. So, for 
the longest time it has only made sense to broadcast eduroam everywhere. Now, 
on the wired side of the house, our ResHalls have a dedicated connection that 
gives them direct, non-firewall access to the internet (for access to campus 
resources, a student must VPN). This came about as a request from the students 
to have more freedom in their residence. Makes sense. But wireless is different 
as it goes through our campus core, traverses our perimeter firewall, and goes 
out our main internet connection.

I’ve struggled to find an alternative solution to this. We recognize that 
students in ResHalls are different in the sense that they pay for a place to 
live and should get an internet service that is similar to their home service. 
However, any alternatives that we have considered (separate SSID, dynamic VLAN 
assignment, user groups) just seem to complicate the setup.

Any good ideas out there or creative ways in which you have tackled this 
challenge?

Thanks,

Hector Rios, CCNP, CCA
Assistant Director, Network Engineering
Dept. of Networking and Infrastructure
Information Technology Services
Louisiana State University

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Measuring wall attenuation

[trent . hurt]

I read some of these tips online regarding measuring rf attenuation and 
measuring in the field.  I thought it was very good info so sharing here with 
the group.

For getting wall attenuation, you need to measure 3-5m of free space loss, 
then the exact same distance with free space and the wall in question. It is 
the difference between the two. Do a couple and average.  You have to get away 
from near field and first Fresnel zone issues. Check w/ just free-space then w/ 
walls at same distance as the free-space data point.  Be sure to do multiples 
though, one might be anomaly, like right at a metal stud.  You do not need to 
use exact ap you will be installing or power level. This is all about the 
differential.  The FSPL is to set a baseline, then the additional readings are 
to measure target wall's attenuation.

This is the ap some suggested to help with measuring attenuation of building 
materials.

http://www.buffalotech.com/products/wireless/dual-band-routers/airstation-ac433-wireless-travel-router





Sent from my iPhone

Apple watch wifi

[trent . hurt]

How Apple watch will use wifi. Doesn't actually connect to network.

http://iphone.appleinsider.com/articles/14/09/15/apple-watch-airdrop-ibeacon-continuity-coax-advanced-features-from-bluetooth-wifi

Sent from my iPhone

Re: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm chipset | PCWorld

[trent . hurt]

I'm seeing things like this trying to get put in classrooms.  Wifi cameras for 
streaming/conferencing using 5GHz.Did some spectrum analysis with these and 
channel utilization gets as high as 90%.


http://switcherstudio.com/en/


http://cdn2.hubspot.net/hub/418770/file-2519353365-pdf/HuddleCamHD_Brochure_r5.pdfhttp://cdn2.hubspot.net/hub/418770/file-2519353365-pdf/HuddleCamHD_Brochure_r5.pdf?__hssc=261769938.1.1425047014885__hstc=261769938.7644f4455c47befb47af99a0aa6dd417.1425047014885.1425047014885.1425047014885.1hsCtaTracking=3fdeac58-278e-42a7-8b03-b1e84469aedd%7C1ed8fd3a-de8f-4e65-acad-6ac72141e5d8

Sent from my iPhone

On Feb 27, 2015, at 8:45 AM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:

All I can say is that if we continue down this path, the 5GHz band will 
eventually turn into the mess that the 2.4GHz band is today. There might be 
more channels available in the 5GHz band, but there is a colossal parade of 
devices that are on their way to invade it, and it's not going to be pretty.

Now, off to find fight rogues.

Hector Rios
Louisiana State University


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Thursday, February 26, 2015 7:15 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] LTE can mooch off of Wi-Fi spectrum with new Qualcomm 
chipset | PCWorld

http://www.pcworld.com/article/2889792/lte-can-mooch-off-of-wifi-spectrum-with-new-qualcomm-chipset.html

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Tuning Cisco WLC for High Density Deployments -

[trent . hurt]

Nice guide...


https://www.wjcomms.co.uk/wp-content/uploads/2014/11/Tuning-Cisco-WLC%E2%80%99s-for-High-Density-Deployments-v3.pdf


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

android 5 lollipop PMF

[trent . hurt]

Anyone having issues with random android 5 devices connecting to PEAP/MASCHAPV2 
wlan with Cisco gear?  I have lots of working android devices on campus with 5, 
but I have had 4 that all can't connect to since update.  All have the same 
issue can't get dhcp address.  They will show that they passed auth in radius 
but the wlc shows them in DHCP_REQ state.  It seems in reading things online 
that there are some issues with possibly android 5 having pmf turned on in the 
wpa_supplicant file.  It seems you can copy the file off and change the setting 
but I'm just confused why other android 5 are working fine on the same wlan.  
The devices I have seen this on so far are Galaxy S5 (2) Nexus 7 (1), and 
galaxy tab 2 (1)


http://forum.xda-developers.com/google-nexus-5/help/android-5-0-wlan-bug-peap-maschapv2-t2938281/page4

http://www.reddit.com/r/Nexus5/comments/2pdv2y/wifi_authentication_issues_with_nexus_5_after/


https://code.google.com/p/android/issues/detail?id=78702  -- comments 
30,39,52,53,78


http://w1.fi/cgit/hostap/commit/?id=9f6a7cddc42811883d6035032854089475f2fc65






Trenton Hurt, CWNA, CWSP, CCNP(W), CCNA(W), CCNA(V), CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.eduwireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco MSE Alternatives

[trent . hurt]

I'm very interested in how you use mse for e911.  Did you develop something in 
house from the API

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Thursday, February 26, 2015 9:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

We are using the MSEs almost exclusively for E911 for our handful of wireless 
VoIP phones.  A secondary use for us is to aid in tracking stolen devices, 
though we've only recovered a handful of them.  We aren't really doing anything 
with them other than that.  Which makes me question why we are keeping them 
around, especially if there is some third party product out there that can do 
something similar.

How about you?  What are you getting from them?

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, February 25, 2015 2:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

Just out of curiosity and also someone who has an MSE.  I'm wondering how you 
utilize the mse and  the info you get from it?  Is your network setup for 
location services?  Anything with the new analytics stuff?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, February 25, 2015 2:03 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco MSE Alternatives

We need to upgrade our MSEs and I'm just curious if anyone knows if there are 
any third party alternative to the MSE.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco MSE Alternatives

[trent . hurt]

I'm very interested in discussing this possibly with you and e911 folks.   I 
also help manage voip network here at uofl and with that the e911 system too.  
Would you email off list to discuss some of the details?

trent.h...@louisville.edumailto:trent.h...@louisville.edu


Thanks
Trent


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Thursday, February 26, 2015 4:38 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

We've created an event definition in Prime and tied those definitions to our 
MSEs so that when a location change is recorded, a TRAP is sent to our E911 
service.

Everything we've done is out-of-the-box capability in Prime and the MSEs that 
our E911 platform can integrate with.  However, I have no idea what the E911 
folks are doing on their end to enable this sorcery.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Thursday, February 26, 2015 1:09 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

I'm very interested in how you use mse for e911.  Did you develop something in 
house from the API

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Thursday, February 26, 2015 9:10 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

We are using the MSEs almost exclusively for E911 for our handful of wireless 
VoIP phones.  A secondary use for us is to aid in tracking stolen devices, 
though we've only recovered a handful of them.  We aren't really doing anything 
with them other than that.  Which makes me question why we are keeping them 
around, especially if there is some third party product out there that can do 
something similar.

How about you?  What are you getting from them?

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, February 25, 2015 2:46 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco MSE Alternatives

Just out of curiosity and also someone who has an MSE.  I'm wondering how you 
utilize the mse and  the info you get from it?  Is your network setup for 
location services?  Anything with the new analytics stuff?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, February 25, 2015 2:03 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco MSE Alternatives

We need to upgrade our MSEs and I'm just curious if anyone knows if there are 
any third party alternative to the MSE.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Cisco MSE Alternatives

[trent . hurt]

Just out of curiosity and also someone who has an MSE.  I'm wondering how you 
utilize the mse and  the info you get from it?  Is your network setup for 
location services?  Anything with the new analytics stuff?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Williams, Matthew
Sent: Wednesday, February 25, 2015 2:03 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Cisco MSE Alternatives

We need to upgrade our MSEs and I'm just curious if anyone knows if there are 
any third party alternative to the MSE.

Respectfully,

Matthew Williams
IT Manager, Wireless
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

HP is reportedly trying to buy Aruba Networks

[trent . hurt]

http://mvnoblog.com/hp-is-reportedly-trying-to-buy-aruba-networks/

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Wlpc vids from Dallas

[trent . hurt]

http://vimeo.com/keithrparsons


Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Cisco APs flooding RTS messages

[trent . hurt]

What was the proposed workaround?  Any specific clients that this happens too?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frans Panken
Sent: Tuesday, February 03, 2015 4:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Cisco APs flooding RTS messages

We use 3702 APs (and run v8MR1 on the controller) and experience these 
RTS-storms. The workaround proposed by Cisco reduces the duration of the storms 
but do not prevent them from taking place.
-Frans
Trent Hurt schreef op 02/02/15 om 23:03:
It says 2700 for the affected product but in title at top it says AP3702.  Is 
this just typo or is this both 2700/3700?



On Feb 2, 2015, at 3:38 AM, Frans Panken 
frans.pan...@surfnet.nlmailto:frans.pan...@surfnet.nl wrote:
All those who installed the new 2700 series Cisco access points
experience the problem that APs execute a Denial of Service attack by
flooding RTS messages, see: https://tools.cisco.com/quickview/bug/CSCus49126

The effect is that active clients who are associated to this AP (or a
one nearby) loose their Wi-Fi connection. Surprisingly, I have been told
that only a single case has been initiated. This also means that the
priority to fix this remains low.

-Frans

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Cisco APs flooding RTS messages

[trent . hurt]

It says 2700 for the affected product but in title at top it says AP3702.  Is 
this just typo or is this both 2700/3700?




On Feb 2, 2015, at 3:38 AM, Frans Panken 
frans.pan...@surfnet.nlmailto:frans.pan...@surfnet.nl wrote:

All those who installed the new 2700 series Cisco access points
experience the problem that APs execute a Denial of Service attack by
flooding RTS messages, see: https://tools.cisco.com/quickview/bug/CSCus49126

The effect is that active clients who are associated to this AP (or a
one nearby) loose their Wi-Fi connection. Surprisingly, I have been told
that only a single case has been initiated. This also means that the
priority to fix this remains low.

-Frans

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

[trent . hurt]

It would be nice to have things like this posted to the listserv.  I have to 
say that one of the best resources besides this listserv of course has been 
social media.  (twitter mostly and blogs)  Lots of very engaging conversations 
regarding wifi happen all the time on twitter.   Some of the very best in wifi 
(including Lee @wirednot ) are always posting the latest updates/opinions on 
wireless technologies.  This link is a compiled list of folks twitter handles 
that are attending WLPC.


http://www.mostlynetworks.com/2015/01/unofficial-wlpc-twitter-attendee-list/


I'm not attending due to budgetary issues.  But I'm looking forward to the 
videos being posted afterward.


http://www.wlanpros.com/wlan-pros-summit-2014-videos/  --   vids from WLPC in 
Austin 2014

http://www.wlanpros.com/wlpc-europe-2014-videos/   -- vids from WLCP in Europe 
2014





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Thursday, January 29, 2015 10:44 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Maybe a bit more advance notice on the list (if there was notice, I missed it, 
that's for sure).  I wanted to go last year, and couldn't because I found out a 
week before...   sniff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, January 29, 2015 9:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Hi Bob-

It's an incredible event for people who do wireless. No sales, no vending, no 
fluff. All how-to and real-world case studies from many of the absolute best in 
the WLAN industry. For those of us in the business of WLAN, it's really one of 
the best I've been to as far as take-away value.

Not your average fluffy conference.

-Lee

Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Brown
Sent: Thursday, January 29, 2015 10:35 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Interesting, didn't even know there was such an event




Bob Brown

Online Executive Editor, News

T: 508.766.5418
LinkedInhttp://www.linkedin.com/in/bobbrownboston | Twitter: 
@alphadoggshttps://twitter.com/alphadoggs | Facebook 
profilehttps://www.facebook.com/NetworkWorld | Google + 
profilehttps://plus.google.com/104712908618368674642/posts | 
Instagramhttp://instagram.com/nwwinstagram


NETWORK WORLD

492 Old Connecticut Path | PO Box 9002 | Framingham, MA 01701-9002

NetworkWorld.comhttp://www.networkworld.com | Media 
Kithttp://www.networkworldmediakit.com | Conferences  
Eventshttp://events.networkworld.com

An IDG Enterprisehttp://www.idgenterprise.com/ Brand


From: Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, January 29, 2015 at 10:17 AM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Roll Call- Who's going to WLPC from higher ed?

Just curious how many on the list are going to the Wireless LAN Pro Conference 
next week? Bruce Boardman and myself from Syracuse will be there- would be nice 
to connect with our friends from other schools during the event.

-Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,54ca5472242731869818032!
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco Bug: CSCuq19142 - LAP/WLC MIC lifetime expiration causes DTLS failure

[trent . hurt]

https://tools.cisco.com/quickview/bug/CSCuq19142


Sent from my iPhone

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Field Notice: FN - 63916 - Cisco Aironet 1530, 1550, 1600, 1700, 2600, 2700, 3500, 3600 and 3700 Series - AireOS 8.0.100.0

[trent . hurt]

http://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63916.html

Trenton Hurt, CWNA, CWSP, CCNP(W), CCNA(W), CCNA(V), CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.eduwireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] New Device Activation WLAN

[trent . hurt]

7.6 and up have dns acl feature…

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110101.html#concept_AEEDD6D25578413784092B48A4636163



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Britton Anderson
Sent: Thursday, January 08, 2015 8:42 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] New Device Activation WLAN

These devices prompt for a wireless network during the activation process, but 
won't let a webauth succeed.

I like Hunter's idea of adding the Apple/Google/Antivirus sites to the 
pre-webauth ACL. Cisco WLC's won't let you use DNS names for ACL entries, d'oh! 
Is there a known list of these hosts somewhere before I go sniffing wireless 
traffic?

Thanks,
Britton


Britton Andersonmailto:blanders...@alaska.edu |

 Senior Network Communications Specialist |

 University of Alaskahttp://www.alaska.edu/oit |

 907.450.8250



On Thu, Jan 8, 2015 at 4:24 PM, Mike King 
m...@mpking.commailto:m...@mpking.com wrote:
Maybe I'm over simplifying this, but for the average user, don't those 
devices have to be activated BEFORE you can see the settings screen?

Mike

On Thu, Jan 8, 2015 at 6:31 PM, Hunter Fuller 
hf0...@uah.edumailto:hf0...@uah.edu wrote:

This is what we do. While not authenticated to wireless you can still get to a 
few places - Microsoft, apple, Google search, antivirus vendors.

--
Hunter Fuller
OIT

Sent from my phone.
On Jan 8, 2015 5:11 PM, Frank Sweetser f...@wpi.edumailto:f...@wpi.edu 
wrote:
We already have an unencrypted ssid for students to get to our onboarding 
system (Cloudpath). Our plan for this summer is to poke enough firewall holes 
for students to also run through the device activation process. If we were to 
try to impose any kind of device security policies, we would do it in the 
onboarding process.
On January 8, 2015 5:54:01 PM EST, Britton Anderson 
blanders...@alaska.edumailto:blanders...@alaska.edu wrote:
I just wanted to ask the question to see what all of you are doing at your 
institutions to handle users activating new devices. New iOS devices for 
example have to reach out to iCloud to validate themselves and make sure 
they're not stolen. Android now with version 5 is very similar, having to reach 
out to the mothership and join to a Google account.

Are any of you doing an SSID-Activate WLAN, or requiring clients to bring it 
by your respective Help Desks for activation?

Right now, we are requiring anyone that wants a device activated to have our 
Desktop techs touch it and give them pointers to secure it. However, we've lost 
some budget, and some employees, and they can't keep a guy in the office to 
handle that influx of people anymore. And I don't want the headache of a wide 
open WLAN everywhere, and none of the devices will allow the webauth 
transaction to happen before the device ! is activated.

Thanks,
--Britton

Britton Andersonmailto:blanders...@alaska.edu |

 Senior Network Communications Specialist |

 University of Alaskahttp://www.alaska.edu/oit |

 907.450.8250tel:907.450.8250


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

802.11k,r,u,v,w, support for a number of phones/tablets

[trent . hurt]

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/device_classification_guide.html


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Fwd: OSX Yosemite - Update

[trent . hurt]

Sent from my iPhone

Begin forwarded message:

From: Stobbs, Darren d.sto...@warwick.ac.ukmailto:d.sto...@warwick.ac.uk
Date: November 25, 2014 at 12:04:53 PM EST
To: wireless-ad...@jiscmail.ac.ukmailto:wireless-ad...@jiscmail.ac.uk
Subject: OSX Yosemite - Update
Reply-To: Wireless Issues in the JANET community 
wireless-ad...@jiscmail.ac.ukmailto:wireless-ad...@jiscmail.ac.uk

The following workaround and write-up written by Mario Ciabarra has started 
appearing on Social Media related to the Yosemite Wi-Fi issues.

https://medium.com/@mariociabarra/wifried-ios-8-wifi-performance-issues-3029a164ce94

The description of the cause of the issue seems very plausible. Although the 
article refers to IOS8, it does conclude the same reasons for the issues in 
Yosemite. A workaround for Yosemite is included in the article. For brevity, 
I've included the workaround below.

The interface name in the ifconfig command is lowercase A W D L and number zero.

To carry out the workaround:


1.   Open a Terminal window. (Applications  Utilities  Terminal).


2.   At the command prompt, type the following command and press Enter.

sudo ifconfig awdl0 down


3.   Close the Terminal window.

To undo the workaround and go back to normal:


1.   Open a Terminal window. (Applications  Utilities  Terminal).


2.   At the command prompt, type the following command and press Enter.

sudo ifconfig awdl0 up


3.   Close the Terminal window.

Impact of the workaround.

This workaround disables Apple Wireless Direct Link. AWDL is required to use 
features like Airdrop or Airplay. These features will no longer work whilst the 
workaround is implemented but it does mean that you should have stable Wi-Fi.



Darren Stobbs
Network Services
University of Warwick

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

OS X 10.10.1

[trent . hurt]

http://support.apple.com/kb/DL1779

cisco ise 1.3 realm strip (eduroam)

[trent . hurt]

It's now called identity rewrite

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#concept_477DBF7BF0164628B0F2A471CEF445D5



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W.
Sent: Monday, December 02, 2013 12:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ISE as RADIUS server with eduroam

ISE 1.2 patch 4 adds the capability to strip domain

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp433101



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Wednesday, August 14, 2013 1:47 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ISE as RADIUS server with eduroam

All,

I have contacted Cisco directly to try to accelerate the availability of the 
REALM stripping feature.
Same with Microsoft and IAS (REALM stripping issue, and I'm also contacting 
them directly as well)

Hope it will work!

Philippe

Philippe Hanset
www.eduroam.ushttp://www.eduroam.us


On Aug 14, 2013, at 12:44 PM, Curtis K. Larsen (UIT-Network) 
curtis.k.lar...@utah.edumailto:curtis.k.lar...@utah.edu
 wrote:

The status of the enhancement request is open.  In talking with TAC it 
appears it might take several months.  We use MSCHAPv2, participate in eduroam, 
and rely on stripping the realm to put users in different vlans today so this 
is quite problematic for us.  We are also running ISE 1.2.


Thanks,

Curtis

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] 
on behalf of Joe Roth [jr...@binghamton.edumailto:jr...@binghamton.edu]
Sent: Wednesday, August 14, 2013 10:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ISE as RADIUS server with eduroam
Correct, the SSID that we were using LDAP with did not use MSCHAPv2.

Did they happen to mention what version that bug was fixed in?

We upgraded to 1.2 and it has been stable for us so far.

On Wed, Aug 14, 2013 at 11:17 AM, Curtis K. Larsen (UIT-Network) 
curtis.k.lar...@utah.edumailto:curtis.k.lar...@utah.edu wrote:
Joe,

Thanks for the reply.  I am guessing you are not using PEAP-MSCHAPv2 is that 
correct?  I have just come across the following from Cisco :
CSCuc52361 Bug Details
ISE should allow domain modification/stripping for AD external store

Symptom:
Currently ISE does not allow modifying the domain name before authentication 
when the external identity store used is AD. This is a problem in an 
environment like Eduroam where the specification enforces a particular username 
format (user@realm). Generally the username stored in the AD UPN field is not 
in the same format as the one supplied for authentication. It would be good to 
allow the modification of the AD username prior to authentication, or at least 
support suffix/prefix stripping, since this would be sufficient for local 
domain authentication (this would still break cross forest).

Conditions:
Trying to modify the domain name of the user before AD authentication.

Workaround:
Use LDAP for basic stripping (Does not currently work for MSCHAPv2)



Thanks,

Curtis

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] 
on behalf of Joe Roth [jr...@binghamton.edumailto:jr...@binghamton.edu]
Sent: Tuesday, August 13, 2013 6:58 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] ISE as RADIUS server with eduroam
Curtis,
We are not using eduroam but we are a cisco ISE user. When you connect to AD 
via LDAP in ISE I believe that you can accomplish what you are looking to do. 
If you create a new LDAP identity source look under the directory structure 
tab. You can strip the subject name based on a dividing character. You can 
leave your current AD identity source in place and add the LDAP one as well, 
they will run side by side.

On Tue, Aug 13, 2013 at 7:05 PM, Curtis K. Larsen (UIT-Network) 
curtis.k.lar...@utah.edumailto:curtis.k.lar...@utah.edu wrote:
Hello,

I am just wondering if anyone on the list that participates in eduroam uses ISE 
for RADIUS.  We are playing with ISE, and finding difficulty getting it to 
strip off the realm suffix before authenticating against AD.  I can't imagine 
there isn't a way to do this since I assume that would prevent any eduroam 
customers from using ISE as their primary RADIUS server.  Hopefully we are just 
missing something simple.  Let me know.

Thanks,

Curtis Larsen
University of Utah
Network Engineer

**
Participation and subscription information for this EDUCAUSE 

Cisco PI 2.2 upgrade

[trent . hurt]

No inline upgrade option for any version of PI

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/quickstart/guide/cpi_qsg.html#pgfId-113783




Sent from my iPhone

RE: WLAN design presentation tips?

[trent . hurt]

I have tried many things with rf profiles, tpc, data rates, and rx-sop to try 
and make the hallway placements work but it really never has for me.  In either 
drywall or cinder block construction buildings.  And you can't really increase 
capacity because the aps are in the halls stacked on top of each other.  At 
least rf-wise they are.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Wednesday, October 22, 2014 1:53 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

You can raise the Minimum Power Level Assignment in TPC as well. However, you 
are causing issues with CCI. If your 5ghz radios are running at the lowest 
settings then you are not getting very much coverage at all. (4 for UNII-1(6mw) 
and 7 for UNII-3(3mw))

Here is a great document to know what your 3700's are transmitting at for a 
given channel.

RRM doesn't behave well in a hallway deployment from my experience.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stewart, Joe
Sent: Wednesday, October 22, 2014 12:37 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

Peter,

Anti-theft. I know it's not common because who wants to shoot themselves in the 
foot. It has happened before though once the semester was over and students 
left for a few months.

Ian,

Yes I'm in the process of manually increasing power levels at this time.

--Joe

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Peter P Morrissey
Sent: Wednesday, October 22, 2014 10:31 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

What would be the purpose of the enclosures?
Pete Morrissey

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Stewart, Joe
Sent: Wednesday, October 22, 2014 1:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

We recently renovated some of our dorm buildings.  Prior to the renovation we 
only had about approximately 4 access points per building due to legacy/lack of 
infrastructure.  We received tons of complaints as the demand for wireless 
continued to grow each year.  We have tripled the amount of access points since 
I've been employed here. With this in mind we wanted to just blanket the dorms 
with access points (15-20 per dorm, Cisco 3602E  3702E).  One thing I've 
noticed with this deployment strategy is that the access points are 
transmitting between power levels 7 and 8.  We  were stuck with deploying all 
of our hardware above the drop ceiling in the hallway.  I prefer to put them in 
the rooms but we they are all hard lid and we always like to keep them out of 
sight. Hallway deployments are not ideal with all the mechanical crap in the 
ceilings not to mention I have to break tiles to even get to my hardware which 
makes upgrades/replacements a complete headache.  I'm noticing that the access 
points have more overlap with hallway deployments as they have more clear line 
of site with each other compared to being inside a room, which is why the power 
levels aren't changing much even when I'm turning off radios.  

We have had some students complain saying they can't maintain a stable 
connection and when they leave their room and enter the hallway all is fine.  
I'm in the process of evaluating things and turning access points off and 
trying to line things up staggered across several floors to bump up the power 
levels.  In dorm rooms that haven't been renovated where students are 
experiencing lack of coverage I've been installing a temp access points inside 
the room mounted to the wall using a master lock and this has been working out 
great. This allows me to gain statistics and proceed with a plan moving 
forward.  I'm also exploring the following Oberon enclosure for inside rooms: 
https://urldefense.proofpoint.com/v1/url?u=http://oberonwireless.com/WebDocs/Model1031-00_Spec_Sheet.pdfk=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0Ar=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0Am=1%2FTwtROXGu0wbcBn9oh0LiACe00iXTaPfO9HR8JeKck%3D%0As=cfd943bdd8fc51ad4bad95fde0d727f6880ceb4e85324465fe5191956d64d227

Joe Stewart
Network Specialist II
Claremont McKenna College



-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Wednesday, October 22, 2014 4:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WLAN design presentation tips?

Re: Vandalism, just charge the room members for 

Re: [WIRELESS-LAN] Wireless in Dorms

[trent . hurt]

I have seen most hp printers coming with 2 modes of wifi now.  You have to 
disable the wireless like normal.  That makes the adhoc go away.  You also have 
to disable wifi direct option as well.  They are 2 separate options within the 
printers.  One shows up as adhoc and the wifi direct appears as an 
Infrastructure wlan.

Sent from my iPhone

On Oct 21, 2014, at 2:22 PM, McNett, Loren 
lmcn...@mansfield.edumailto:lmcn...@mansfield.edu wrote:

FYI: on top of all this, we’ve found that disabling wireless on certain 
printers (looking at you HP!)  only turns off the wireless LED, signal is still 
sent out.   We’ve had to tear the printers apart to physically remove the card 
to stop the interference.

As Thomas Carter pointed out below, not only do the students not realize it, 
they may even think they’ve turned it off.

-Loren McNett
Sr. Network Engineer
Mansfield University


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, October 21, 2014 1:50 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless in Dorms

But how does that help avoid the initial problem discussed concerning devices 
(especially HP printers) causing interference by broadcasting wireless 
networks? These printers broadcast these networks straight out of the box and 
most students don’t even realize it.

Thomas Carter
Network and Operations Manager
Austin College
903-813-2564
image001.gif

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Tuesday, October 21, 2014 10:20 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless in Dorms

2. Wireless dorms no not need a wired LAN, so the SSID can be campus-wide. That 
is what we do, but with an open mac auth network that is also used for 
onboarding to the 802.1X secure network. We do not support wireless printing. 
You would need DHCP reservations to insure the printer would always get the 
same ip address.

Bruce Osborne
Network Engineer – Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Monday, October 20, 2014 11:11 AM
Subject: Re: Wireless in Dorms

To me, wireless printers are absolutely the worst offenders. If they could be 
eliminated, the rest may be manageable. In one version of the dorm world I 
envision, I’d do something like this:


1.   Develop a per dorm central printing solution that was free (as long as 
it wasn’t abused), effective, and easy. Then, I’d pass a “no printers allowed” 
policy but sell it hard as “no printers needed”

2.   Per dorm, create a consumer-gadget friendly PSK network that only has 
Internet access. There’d be MAC registration, and this WLAN would be shared 
with the per-dorm wired network that students also have access to. We’d 
campaign the heck out of how hard we’re trying to “be like home” and emphasize 
the need for good citizenship (with a reminder that bad behavior is trackable)

3.   The secure WLAN would also be available, and would be required for 
access to campus resources

Or put another way- try to identify all of the reasons the offending devices 
are there to begin with, and flex the standard “secure campus WLAN model” to 
accommodate/eliminate as many of the offending devices as possible with 
friendlier networking. Patrolling and removal isn’t cost effective, and leads 
to mutual bad feelings.

Not sure how this would all work in the real world, but I contemplate more each 
semester.

-Lee


Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Monday, October 20, 2014 9:37 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless in Dorms

I posted something very similar a month or so ago. I feel your pain – as a 
small school with limited manpower, we have the same issue. So far I haven’t 
seen a good answer – we quickly got rid of all of the wireless routers, but 
there are so many devices that do not plug into the network that interfere. 
Trying to locate all of them is more time than we have. Pushing things into 
5GHz seems like a temporary solution as, has already been mentioned, things 
will being utilizing that spectrum as well.  802.11ad will introduce new 
spectrum, but I feel like the fox constantly on the run from the hounds.

Thomas Carter
Network and Operations Manager
Austin College
903-813-2564
image001.gif

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Cisco 7.6.120.0 removed from cco

[trent . hurt]

Just received a deferral notice regarding 7.6.120.0.  Might be time to upgrade 
if anyone still running this version.  



http://software.cisco.com/download/release.html?mdfid=282600534softwareid=280926587release=7.6.120.0


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] windows client intermittent drops of connection wlc 7.6

[trent . hurt]

20MHz for both 2.4 and 5.  Give me more channels.  Also I remember reading this 
a few months ago.  Not 7.6 but some good info.  Seems it ended up being sleep 
settings with the nic

http://www.linkedin.com/groups/Default-Gateway-not-available-on-101641.S.5853455742639575043?trk=groups_items_see_more-0-b-ttl

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
Sent: Thursday, October 02, 2014 3:06 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

20MHz on the 2.4GHz
40MHz on the 5GHz


On Thu, Oct 2, 2014 at 2:50 PM, Danny Eaton 
dannyea...@rice.edumailto:dannyea...@rice.edu wrote:
We’re at 20 Mhz for the 2.4 band, and 40 Mhz for the 5.2 band.  (regardless of 
the AP type, 1142, 1252, 3502 or 3702).



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, October 02, 2014 1:40 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

What are people using for Channel width settings on the Cisco WLC? 20, 40 or 80?

-Matt

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 3:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

I had this exact scenario happen today on my Macbook air.  I left my office to 
go to the Dorm to troubleshoot.  The student wasn't in their room so I went 
into the common area and turned on my Air.  I was associated and authenticated 
but couldn't get anywhere. I looked at my routing table (netstat -nr) and sure 
enough, no default gateway.  I disabled and reenabled WiFi and it was fine.

That's the first time I've seen that behavior.

-dan


Dan Brisson

Network Engineer

University of Vermont

(Ph) 802.656.8111

dbris...@uvm.edumailto:dbris...@uvm.edu
On 10/2/2014 1:50 PM, Ashfield, Matt (NBCC) wrote:
A real oddity we see with this is the fact the ARP table on the client has no 
entry for the gateway when its losing its connectivity. Is anyone else seeing 
that? Generally this is when the laptop is coming back from some form of sleep. 
We still see it authenticated and associated. We do have DHCP Required option 
enabled.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, October 02, 2014 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

Dan,

Do you have DHCP Addr. Assignment Required on? I’m seeing a similar issue since 
going to 7.6 and also see it on 8.0.

I can’t access your case, so if you could update me offline that would be 
wonderful.

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 7:38 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

Very interesting b/c we are getting complaints from students with both Mac and 
Windows clients.  I disabled band select  load balancing and that seems to 
have helped, but I still have students who complain that they get dropped 
randomly.  We're on 7.6.120.  I've pressed multiple TAC engineers about going 
to 7.6.130, but none of them will commit to that as being the fix.

We also have only WPA2-AES enabled for our main ssid.  Our TAC case is 63665837 
for reference.

One thing that I have noticed is that when the students complain of dropping, 
it seems be due to the fact that they have roamed from one AP to another and 
the roam is taking so long that some clients end up needing to go through the 
DHCP process again.  The odd thing is that when I look at the RSSI for the 
client, it's in the high -60s/low -70s, so I don't know why the are roaming.

-dan


Dan Brisson

Network Engineer

University of Vermont

(Ph) 802.656.8111

dbris...@uvm.edumailto:dbris...@uvm.edu
On 10/1/2014 7:18 PM, Britton Anderson wrote:
We've had the same issues regardless of Mac or Windows clients. We tracked it 
down with TAC on our controllers (running either 7.6.122.9 or 7.6.130.0) as an 
issue with both WPAWPA2 enabled along side client band select/load balancing. 
Band select and load balancing are obviously big ones, but disabling WPA and 
leaving only WPA2-AES layer 2 security has remediated the problem 

RE: [WIRELESS-LAN] windows client intermittent drops of connection wlc 7.6

[trent . hurt]

Here is the last 2 things from that thread that seemed to help this issue for 
him

Dear all. After intensive and thorough investigations done by Cisco and 
ourselves, we found out that it is the client that stops sending data after the 
laptop has been in power save mode (has gone to sleep). The problem only 
occurs when a client is associated to an Access Point that is on one of the 
Extended UNII-2 channels 100,104 or 108. After the client comes back from power 
save, it gradualy starts to stop sending data to the AP until it completely 
stops. This is why the yellow exclamation mark (eventually) appears over the 
WiFi icon in the systemtray.

We tested with the latest DELL drivers and they all kept gining the problem. 
When we tested with the latest Intel driver, the problem did not occurr anymore.

The solution is to install the latest Intel driver on all laptops.

I would like to thank everyone in this thread for his / her contribution to the 
solution of this problem. All of you were very helpful !



Then he did this…

It seems that installing the latest Intel driver did not fix the issue !

In the Windows device manager, what is required is to uncheck this box on the 
NIC:
allow the computer to shut down this device to save power

Once this box is unchecked, the problem stops occurring.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Thursday, October 02, 2014 3:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

20MHz for both 2.4 and 5.  Give me more channels.  Also I remember reading this 
a few months ago.  Not 7.6 but some good info.  Seems it ended up being sleep 
settings with the nic

http://www.linkedin.com/groups/Default-Gateway-not-available-on-101641.S.5853455742639575043?trk=groups_items_see_more-0-b-ttl

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman
Sent: Thursday, October 02, 2014 3:06 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

20MHz on the 2.4GHz
40MHz on the 5GHz


On Thu, Oct 2, 2014 at 2:50 PM, Danny Eaton 
dannyea...@rice.edumailto:dannyea...@rice.edu wrote:
We’re at 20 Mhz for the 2.4 band, and 40 Mhz for the 5.2 band.  (regardless of 
the AP type, 1142, 1252, 3502 or 3702).



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Ashfield, Matt (NBCC)
Sent: Thursday, October 02, 2014 1:40 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

What are people using for Channel width settings on the Cisco WLC? 20, 40 or 80?

-Matt

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Dan Brisson
Sent: Thursday, October 02, 2014 3:14 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

I had this exact scenario happen today on my Macbook air.  I left my office to 
go to the Dorm to troubleshoot.  The student wasn't in their room so I went 
into the common area and turned on my Air.  I was associated and authenticated 
but couldn't get anywhere. I looked at my routing table (netstat -nr) and sure 
enough, no default gateway.  I disabled and reenabled WiFi and it was fine.

That's the first time I've seen that behavior.

-dan

Dan Brisson

Network Engineer

University of Vermont

(Ph) 802.656.8111

dbris...@uvm.edumailto:dbris...@uvm.edu
On 10/2/2014 1:50 PM, Ashfield, Matt (NBCC) wrote:
A real oddity we see with this is the fact the ARP table on the client has no 
entry for the gateway when its losing its connectivity. Is anyone else seeing 
that? Generally this is when the laptop is coming back from some form of sleep. 
We still see it authenticated and associated. We do have DHCP Required option 
enabled.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Thursday, October 02, 2014 10:28 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] windows client intermittent drops of connection wlc 
7.6

Dan,

Do you have DHCP Addr. Assignment Required on? I’m seeing a similar issue since 
going to 7.6 and also see it on 8.0.

I can’t access your case, so if you could update me offline that would be 
wonderful.

Thanks

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN

Fwd: Issues with recent Intel chipsets with 5GHz 802.11n Greenfield?

[trent . hurt]

Fyi

Forwarding this from another list in case anyone encounters this

Sent from my iPhone

Begin forwarded message:

From: Robin Breathe rbrea...@brookes.ac.ukmailto:rbrea...@brookes.ac.uk
Date: September 25, 2014 at 8:26:13 AM EDT
To: wireless-ad...@jiscmail.ac.ukmailto:wireless-ad...@jiscmail.ac.uk
Subject: Issues with recent Intel chipsets with 5GHz 802.11n Greenfield?
Reply-To: Wireless Issues in the JANET community 
wireless-ad...@jiscmail.ac.ukmailto:wireless-ad...@jiscmail.ac.uk

Afternoon all,

We've recently identified an problem with the Intel Dual-Band Wireless-AC 7260 
chipset (and likely other recent Intel Centrino chipsets), as found in a range 
of recent laptops, including the Dell Latitude E7740, leading to difficulty 
associating to our eduroam SSID followed by sporadic and recurring 
dropoutshttps://communities.intel.com/community/tech/wireless or all-out 
failure to associate and/or complete authentication. It seems we're not alone 
as Portsmouth also have a support page on the topic 
(http://ithelp.port.ac.uk/questions/385/Known+issues+connecting+to+the+wireless+network+(Eduroam))
 where they appear to haven given up on getting devices with the 7260 to 
connect to eduroam at all, and others on the Intel forums seem to be having 
similar problems extending even to Linux clients. The latest Windows drivers 
(17.1.0) on Windows 7 at least appear to make no difference.

Troubleshooting at our site, where we have a significant deployment of Aerohive 
APs offering eduroam over both 2.4G (802.11g/n clients only) and 5G (802.11n 
clients only) radios (gently band-steering to 5G), we have so far identified 
two workarounds. The first – truly vile – was to disable VHT/HT modes in the 
driver and so force 2.4G/802.11g operation in our environment. The second is 
simply unfortunate and involves configuring the driver to prefer the 2.4G band. 
The nature of both workarounds leads me to hypothesise that the root cause of 
issues with the latest Intel chipsets may be that their current drivers are not 
be coping with 802.11n Greenfield; having the client prefer 2.4G simply 
sidesteps the issue as its not in Greenfield mode.

Has anyone else experienced these or similar problems with the latest batch of 
Intel chipsets (with or without 802.11n Greenfield), or have any alternate 
hypotheses as to the root cause of this behaviour? Has anyone else identified a 
superior workaround (short of disabling Greenfield mode)?

Regards,
Robin
--
Robin Breathe
Chief Technology Officer, OBIS, Oxford Brookes University – 01865 483685

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability

[trent . hurt]

http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash


Sent from my iPhone
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Apple iOS 8 WiFi Scanning Returns

[trent . hurt]

The 4s is 2.4GHz only.  The iphone 5 and up are 5GHz capable

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, September 24, 2014 10:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple iOS 8 WiFi Scanning Returns

This works in iOS 7 as well, but I don't see 5GHz on my 4S.


Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Tuesday, September 23, 2014 7:58 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Apple iOS 8 WiFi Scanning Returns

http://community.arubanetworks.com/t5/Technology-Blog/Apple-iOS-8-WiFi-Scanning-Returns/ba-p/203015



Trenton Hurt, CWNA, CWSP, CCNP(W), CCNA(W), CCNA(V), CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.eduwireless.louisville.edu

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Apple iOS 8 WiFi Scanning Returns

[trent . hurt]

http://community.arubanetworks.com/t5/Technology-Blog/Apple-iOS-8-WiFi-Scanning-Returns/ba-p/203015



Trenton Hurt, CWNA, CWSP, CCNP(W), CCNA(W), CCNA(V), CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.eduwireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] iOS 8 drops tomorrow

[trent . hurt]

I'm seeing the same issue with attachments via webmail clients too

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dennis Xu
Sent: Thursday, September 18, 2014 2:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow

I noticed one issue with IOS 8. When trying to add attachment to the message 
while using web based email(Yahoo Mail and our UoG web mail), it takes forever. 
I can add attachment while using the email App without issue. I was using an 
IPAD 3. I see the same issue in both our Cisco and Aruba wireless deployments. 

Anyone see the same issue? 

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

- Original Message -
From: Jeffrey Sessler j...@scrippscollege.edu
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Thursday, September 18, 2014 11:25:02 AM
Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow

That requirement is only for OTA updates. If those users connected directly to 
the computer with iTunes, the requirement is far less.


Jeff



 Matt O'Brien  09/18/14 7:30 AM 
It looks like the space requirements for the IOS update to 8.0 kept a high 
percentage of devices from being able to get the update. Lots of upset IOS 
device owners on our campus, especially the ones with 16GB IOS devices.
Looks like the update requires roughly 4.4GB of space before it will allow the 
device to download the update.

Matt,

On Thu, Sep 18, 2014 at 8:06 AM, Craig Eyre  wrote:

 We didn't notice an out of control increase like iOS 7 but I did note
that
 my phone didn't prompt me for the update, I had to go into the
software
 update area and look for it. This might have kept the bandwidth down
or it
 could be just my phone :)


 Craig

 On Thu, Sep 18, 2014 at 6:44 AM, Peter P Morrissey
 wrote:

  Same here. Overall traffic peaks were higher, but our base levels
grow
 quite a bit every year, so I would say the percentage of increase
wasn’t as
 high as last year, but the traffic increase was significant. We saw
peaks
 on our Internet connection of about a gig higher than normal for time
of
 day but they were well within our burstable limit, and another gig or
so
 increase in Akamai traffic. This persisted on and off until around
midnight.



 Pete Morrissey



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jason Wang
 *Sent:* Thursday, September 18, 2014 12:24 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 We didn't see as sharp of an increase for this, but overall traffic 
 reached about the same level for us on iOS 8 as it did last year for
iOS 7.

 This is what we saw for iOS 8:
 [image: ios8_20140917]


 And this is what we saw for iOS 7 last year:
 [image: ios7_20130918]


 Jason


  On 9/17/14, 3:32 PM, Entwistle, Bruce wrote:

 We have not seen as significant of an increase in traffic with the
iOS 8
 release as we did with the iOS 7 release.



 Bruce Entwistle

 Network Manager

 University of Redlands



 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 ] *On Behalf Of *Peter P Morrissey
 *Sent:* Wednesday, September 17, 2014 11:38 AM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow



 Thanks Lee for digging up the link for Akamai signup.



 The Akamai caching definitely kicked in for us, offloading up to over
a
 Gig’s worth.



 If you look at a graph of our Internet traffic versus Akamai server 
 traffic (don’t know if they’ll come through the listserv) you can see
that
 our Internet traffic took a little jump right at 1:00 PM, but then
settled
 down to normal levels when the Akamai server traffic spiked up,
taking over
 the load. Overall though, so far today, the traffic levels from IOS8 
 haven’t been too bad. Maybe we’ll see more when the kiddies get out
of
 class.



 Pete

 *`Daily' Graph (5 Minute Average) Internet *

 [image: day]

 *Max*

 *Average*

 *Current*

 *In*

 3924.1 Mb/s (39.2%)

 1843.2 Mb/s (18.4%)

 3296.3 Mb/s (33.0%)

 *Out*

 615.0 Mb/s (6.2%)

 323.8 Mb/s (3.2%)

 420.6 Mb/s (4.2%)





 *`Daily' Graph (5 Minute Average) Akamai*

 [image: day]





 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [ 
 mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 ] On Behalf Of Peter P Morrissey
 Sent: Wednesday, September 17, 2014 2:09 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: Re: [WIRELE From: The EDUCAUSE Wireless Issues Constituent 
 Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 ] On Behalf Of John Center

 Sent: Wednesday, September 17, 2014 1:57 PM

 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

 Subject: Re: [WIRELESS-LAN] iOS 8 

problem of 802.11d and Mac OSX

[trent . hurt]

https://community.ja.net/groups/wireless-admin/article/problem-80211d-and-mac-osx



Trenton Hurt, CWNA, CWSP, CCNP(W), CCNA(W), CCNA(V), CCNA(R/S)
Wireless Network Administrator
University of Louisville
Phone (502) 852-1513
FAX (502) 852-1424
Wireless.louisville.eduwireless.louisville.edu


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[trent . hurt]

It's a manual add if your on PI 1.4.  Which is what I had to do myself as well. 
 Sorry forgot to mention that.  I'm unfortunately in the habit lately if going 
direct to wlc since 1.4 lacks so many if the new features that 7.6.130.0 has.  
I'm actually planning on standing up a new PI 2.1 and migrate everything to it. 
 Tired of waiting for the forked code to come back together at 2.2. Also been 
told it's the recommended since the underlying o/s has had major overhaul under 
the hood.  I hope Cisco never chooses to separate code trains again.  Major 
headache and confusion. I just hope 2.1 is as good as some folks I know have 
told me.  Hearing far more stable/reliable than 1.x code.  Will see I guess.

Sent from my iPhone

On Sep 17, 2014, at 9:21 AM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:

Lee,

My security guys did the actual tests and from what I remember, it dropped the 
applications as soon as we enabled them.

BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 16, 2014 8:16 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...


Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:
On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That’s all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don’t have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I’m doing analysis of our 5508 WLCs’ ability to perhaps replace 
a dedicated appliance solution.

I see that we’re not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I’m more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet “control” or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[trent . hurt]

It shows up in the wlc GUI either in the other category or in the file sharing 
category depending on wlc version and protocol pack.  For me it was introduced 
in 7.6 code

Sent from my iPhone

On Sep 17, 2014, at 9:32 AM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:

From the WLC GUI. But I just checked our version for the product pack, and it 
looks like we need to upgrade. I’ll do that and confirm if I see it after.

-Hector


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, September 17, 2014 8:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Are saying you cant see it from PI, or from WLC GUI?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Wednesday, September 17, 2014 9:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Lee,

My security guys did the actual tests and from what I remember, it dropped the 
applications as soon as we enabled them.

BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 16, 2014 8:16 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...


Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:
On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That’s all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don’t have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I’m doing analysis of our 5508 WLCs’ ability to perhaps replace 
a dedicated appliance solution.

I see that we’re not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I’m more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet “control” or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 

Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[trent . hurt]

I haven't updated any protocol packs separately.  I'm just using what's built 
into 7.6.130.0

Sent from my iPhone

On Sep 17, 2014, at 11:09 AM, Alan Nord 
an...@macalester.edumailto:an...@macalester.edu wrote:

I was looking to see if NBAR2 version 11 will work on WLC 7.6 - according to 
this compatibility chart it is only for WLC code 8.0.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/11-0-0/b-nbar2-prot-pack-1100/b-nbar2-prot-pack-1100_chapter_010110.html

On Wed, Sep 17, 2014 at 8:34 AM, Trent Hurt 
trent.h...@louisville.edumailto:trent.h...@louisville.edu wrote:
It shows up in the wlc GUI either in the other category or in the file sharing 
category depending on wlc version and protocol pack.  For me it was introduced 
in 7.6 code

Sent from my iPhone

On Sep 17, 2014, at 9:32 AM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:

From the WLC GUI. But I just checked our version for the product pack, and it 
looks like we need to upgrade. I’ll do that and confirm if I see it after.

-Hector


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Wednesday, September 17, 2014 8:26 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Are saying you cant see it from PI, or from WLC GUI?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hector J Rios
Sent: Wednesday, September 17, 2014 9:21 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Lee,

My security guys did the actual tests and from what I remember, it dropped the 
applications as soon as we enabled them.

BTW, I also do not see BittorrentNetwork. We are running 7.6.120.0

-H

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, September 16, 2014 8:16 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...


Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:
On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That’s all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don’t have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I’m doing analysis of our 5508 WLCs’ ability to perhaps replace 
a dedicated appliance solution.

I see that we’re not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I’m more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet “control” or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003tel:315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http

RE: [WIRELESS-LAN] iOS 8 drops tomorrow

[trent . hurt]

http://www.akamai.com/html/partners/network_program.html

Thanks Lee for the link

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Center
Sent: Wednesday, September 17, 2014 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] iOS 8 drops tomorrow

Hi Pete,

Do you have a link for Akamai?  After reading this, I tried to find out where 
to apply, but I couldn't find it.

Thanks.

-John

On 09/16/2014 03:20 PM, Peter P Morrissey wrote:
 We have one and it helped us tremendously for the Apple event last 
 week, about a gig worth of traffic. We are counting on it to help us 
 tomorrow as well. It is easy to apply, they just have to determine 
 that they can offload enough traffic to justify their expense of 
 sending and supporting the servers.

 Pete Morrissey

 *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey 
 Sessler
 *Sent:* Tuesday, September 16, 2014 2:57 PM
 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 *Subject:* Re: [WIRELESS-LAN] iOS 8 drops tomorrow

 For those of you impacted by such things, have you considered asking 
 Akamai to install a local caching appliance on your campus? We did a 
 number of years ago, it was free, and greatly reduces the impact on 
 our commodity internet while boosting update speeds significantly.

 I know Apple is starting to roll out their own CDN, but for now, there 
 are a lot of companies besides Apple using Akamai, so it's worth it.

 We also just established free direct peering with Netflix. Big 
 improvement there too.

 Jeff

 On Tuesday, September 16, 2014 at 10:31 AM, in message 
 1dc7671d-3395-41d4-907c-fb06281ad...@uiowa.edu
 mailto:1dc7671d-3395-41d4-907c-fb06281ad...@uiowa.edu, Johnson, 
 Neil M neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu wrote:


 We've add some additional bandwidth to the links between our wireless 
 nets and campus in anticipation of heavy traffic tomorrow.

 -Neil

 --
 Neil Johnson
 Network Engineer
 The University of Iowa
 Phone: 319 384-0938
 Fax: 319 335-2951
 E-Mail: neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu




 **
 Participation and subscription information for this EDUCAUSE 
 Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.
 http://www.educause.edu/groups/

 ** Participation and subscription information for this 
 EDUCAUSE Constituent Group discussion list can be found at 
 http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

[trent . hurt]

Double check you have BitTorrent, encrypted BitTorrent, and also BitTorrent 
networking.  I had to add the BitTorrent networking to mine in addition to the 
others that are in Hector's list to stop it.  Although as we all know this is 
complete cat and mouse and they will always find a way.  But I have had good 
success with this for the general user community.

Sent from my iPhone

On Sep 16, 2014, at 9:16 PM, Lee H Badman 
lhbad...@syr.edumailto:lhbad...@syr.edu wrote:

Hector,

Any idea if it took time for the 5508s to learn the traffic before dropping 
started? I did some testing from a single client and was able to pull down 
half-dozen torrents on a WLAN configured to block it with AVC before I restored 
our other defenses. AVC didn't touch simple BitTorrent for 5-10 minutes I tried 
it. Did verify configs...
Thanks,

Lee

Sent from my iPad

On Sep 12, 2014, at 5:53 PM, Hector J Rios 
hr...@lsu.edumailto:hr...@lsu.edu wrote:

On our main SSID, we drop the applications listed below. Those were the ones 
our security group wanted us to drop. We have this on our WiSM2s which have 
about 800 WAPs each. We have not seen any issues related to high CPU so far. 
That’s all the information I can give you. I hope this helps.

I wish I could actually give stats on how many times the controller has 
actually detected and dropped those applications, but the requires another toys 
we don’t have money for.

Encryptep-emule
Bittorrent
Encrypted-bittorrent
Edonkey-static
Gnutella

Hector Rios
Louisiana State University

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Thursday, September 11, 2014 1:26 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] AVC on Cisco WLC- Blocking P2P (Revisiting)

Re-opening the topic of using controllers to classify and control traffic- in 
particular P2P. I’m doing analysis of our 5508 WLCs’ ability to perhaps replace 
a dedicated appliance solution.

I see that we’re not exactly 1 for 1 on services recognized by WLC compared to 
the dedicated appliances, but I’m more concerned with what might happen to a 
busy WLC with 500 APs and thousands of clients if we ask it to start dropping a 
couple of dozen P2P protocols. For those already doing this sort of thing- did 
CPU climb appreciably when you turned the drop function? Any issues noted? Our 
controllers tend to coast for CPU and memory, but I gotta ask.

Also, does anyone know if the 5760s can yet “control” or are they still limited 
to the AV in AVC? Any idea if 5760 protocol packs (or whatever the signatures 
are called on the 5760) are the same as that for the 5508 WLC?

Thanks-

Lee



Lee Badman
Wireless/Network Architect
ITS, Syracuse University
315.443.3003
(Blog: http://wirednot.wordpress.com)



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] IO7 devices not connecting to wireless

[trent . hurt]

If your using cisco wifi then have a look at enabling fast ssid change on the 
controller

https://supportforums.cisco.com/document/12068941/common-apple-ios-and-cisco-wireless-related-issues




-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Todd Hall
Sent: Tuesday, September 09, 2014 10:08 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] IO7 devices not connecting to wireless

I'm not sure about your devices but we've noticed problems with iOS devices 
that might be related.

Here is the scenario:
The device connects to one of our SSIDs, usually the open web-auth network.  
When we then try to connect to our 802.1x network it fails to connect.  Turns 
out this happens whenever we try to change SSIDs with an iOS device where the 
previous network is still visible to the device.

Workaround: Click on the little info button next to the other networks and if 
any of them have a Forget this Network button, click it.  Then try to connect 
to the network you are wanting to connect to.  This has worked in every case 
where we have run into this problem.

I hope this helps.


On Mon, 8 Sep 2014, James Andrewartha wrote:

 Date: Mon, 8 Sep 2014 22:05:54 -0500
 From: James Andrewartha jandrewar...@ccgs.wa.edu.au
 Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv
 WIRELESS-LAN@listserv.educause.edu
 To: WIRELESS-LAN@listserv.educause.edu
 Subject: Re: [WIRELESS-LAN] IO7 devices not connecting to wireless
 
 On 09/09/14 01:08, Muraca, Peppino P. wrote:
 Hi, I was wondering if anyone has been having issues being able to 
 connect some IO7 devices iphone or ipad.

 We have been seeing some devices just not connect to either open or 
 secure ssid?s . we have plenty of iphones and ipads that seem to 
 connect fine, but I have a good amount that cannot. From everything I 
 have found it seems io7 does have some wireless issues, but I haven?t 
 been able to pinpoint a cause or find a solution to get these devices 
 connected.

 I can't comment on your particular case, but I'll note that Apple has 
 some profiles you can install to get debugging information from iOS 
 devices. If you have a developer account they're at 
 https://developer.apple.com/bug-reporting/ios/wi-fi/ otherwise your 
 vendor should be able to pass them on. Note that you have to email the 
 profile or download it directly on the device, they don't work with 
 Apple Configurator or an third-party MDM.



--
Todd M. Hall
Sr. Network Analyst
Information Technology Services
Mississippi State University
t...@msstate.edu
662-325-9311 (phone)

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

[trent . hurt]

We are doing it via Bluetooth with wired apple tv.  I also have some doing 
wired apple tv using the mdns features on the cisco controller.  We also have a 
very small few doing it all wifi with the apple tv wireless (802.1X) and of 
course the client is wireless.  The last option is the worst as far as the 
spectrum usage and from a support standpoint.  The Bluetooth doesn't scare me 
as much as the high rf utilization when mirroring hd content is occurring. 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Legge, Jeffry
Sent: Monday, September 08, 2014 3:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We are using Bluetooth to discover apple tvs that are on a wired connection. We 
also have some connected wirelessly using WPA2 

Jeff Legge
Network Services
Radford University
(540)-831-7727

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Heffner
Sent: Monday, September 08, 2014 1:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired

We found the BT discovery does work ok with wired LAN. A few of the network 
guys weren’t too happy about the inability to disable the Apple Sleep Proxy 
Service. It can cause a little bit of bonjour hell, as they called it, if 
bonjour is enabled on the LAN. The BT discovery we found was a bit unreliable. 
It would work most of the time, but when testing we found there are times that 
we couldn’t get an iPad to find the AppleTV till it was rebooted and we were 
concerned with distance. IMO it works better for conference rooms and possibly 
smaller classrooms if you don’t mind it broadcasting. We are still using our 
Mirror App though.

Yosemite still doesn’t have support for BT discovery yet, though I’d assume 
that is coming. I wonder if AirServer/Reflector will add it at some point too. 
I’ve been watching the iOS betas for the new features coming that will utilize 
WiFi-direct.

Jason

 On Sep 8, 2014, at 1:38 PM, Michael Dickson mdick...@nic.umass.edu wrote:
 
 Thanks Lee. Yes I believe you are correct. No ATV discovery over BLE yet for 
 MacOSX. I misspoke about that earlier. Maybe this will be announced tomorrow 
 and we'll forget all about the lack of iWatch announcement! ;-)
 
 Mike
 
 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639 
 
 On Sep 8, 2014, at 1:30 PM, Lee H Badman lhbad...@syr.edu wrote:
 
 This is exactly what we're doing, and so far our biggest Appleheads are 
 happy. But... only works from iOS so far, no BTE pairing from OSX yet 
 (unless something changed very recently).
 
 -Lee Badman
 
 -Original Message-
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Michael Dickson
 Sent: Monday, September 08, 2014 1:26 PM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Apple TV BLE discovery when connected via wired
 
 Apple TV discovery over Bluetooth Low Energy  is a welcome workaround for 
 enterprises which block mDNS on their wireless networks. I see plenty of 
 discussion about ATV discovery using BLE over wireless. What about when the 
 ATV is connected to the wire?
 
 I'm curious if anyone has successfully used ATV BLE discovery when the Apple 
 TV is connected to a wired Ethernet jack instead of wirelessly. In this 
 scenario, the MacBook or iPad would be connected wirelessly, just not the 
 ATV. The iPad would discover the ATV using BLE then the partnership would be 
 handed off would be via IP. Seems this should be ok if all done via layer 3 
 post-discovery.
 
 We have an opportunity to add a dedicated wired jack for some ATV's going in 
 classrooms and I'm in the camp of wired when you can, wireless when you 
 must for these types of end points. 
 
 Thanks,
 Mike
 
 Michael Dickson
 Network Analyst
 Office of Information Technologies
 University of Massachusetts Amherst
 Voice 413.545.9639 
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[trent . hurt]

Mr3 is 7.6.130.0 and is on cco

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia
Sent: Friday, September 05, 2014 10:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

MR3 isn't generally available.  You need to call and ask and justify need for 
it.

I called, asked, was told wait for 8 it's coming soon.  It came, but we can't 
go to it because of the version of ncs we're running.

If anyone from Cisco is listening, those of using using prime 1.4 and 7.6 mr2 
would like to go to 8 soon, please.  :-)

On 9/5/2014 10:27 AM, John York wrote:
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced.

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff

 On Thursday, September 04, 2014 at 10:21 AM, in message 
 CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail.gmail.commailto:CAHm2qBu2x_5x6xwKjwa2EQipW=61swi_hrrzdegstae_mh0...@mail.gmail.com,
  Britton Anderson blanders...@alaska.edumailto:blanders...@alaska.edu 
 wrote:
We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out.

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.


Britton Andersonmailto:blanders...@alaska.edu |

Senior Network Communications Specialist |

University of Alaskahttp://www.alaska.edu/oit |

907.450.8250



On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt 
trent.h...@louisville.edumailto:trent.h...@louisville.edu wrote:
There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0
Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.
We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode. However, the active 
“secondary” still showed standby hot, so we did a failover – which caused an 
outage (uh oh). While consoled in, we got the maintenance moded primary back 
up, and was bringing the secondary back up, when we found this:
pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4)
this entry's previous access was by: file(capwap_ac_sm.c), line(7393)
(pmallocProcessMemoryCorruption): 
pmallocGenericCrashInfo=(++PMALLOC_POISONED_AREA_CORRUPTION)
(pmallocProcessMemoryCorruption): thread ID(349256224)
(pmallocProcessMemoryCorruption): thread name(Unknown task name, task id = 
(349256224

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[trent . hurt]

I have been on it since the morning it was released.  I haven't seen any big 
issues that I can point to something specific with the code.  I was running all 
the beta/esc images of 7.6 up to the release of 7.6mr3 so it was just natural 
progression for me to go with it.  Prior to 7.6mr3 I was running 7.6.122.21.  I 
have it on 5508s and 2504s some with HA as well

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Friday, September 05, 2014 10:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Can anyone running MR3 (.130) speak to the stability of the code? Any issues 
you have seen? How long have you been on it?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Friday, September 05, 2014 9:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

For engineering builds, you need to ask TAC for them. If you have a good 
relationship with your local Cisco wireless SE, he/she can probably get it as 
well.


I only have the build for the 5508.


Jeff

 John York  09/05/14 7:27 AM 
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced.

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff

 On Thursday, September 04, 2014 at 10:21 AM, in message , Britton
Anderson  wrote:
We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out.

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.


Britton Anderson |

Senior Network Communications Specialist |

University of Alaska |

907.450.8250



On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt  wrote:
There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0
Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.
We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode.
However, the active “secondary” still showed standby hot, so we did a failover 
– which caused an outage (uh oh). While consoled in, we got the maintenance 
moded primary back up, and was bringing the secondary back up, when we found 
this:
pmallocProcessMemoryCorruption called by file(rrmSocket_wlc.c), line(128), for 
size(2048), failureType = (4) this entry's previous access was by: 
file(capwap_ac_sm.c), line(7393)
(pmallocProcessMemoryCorruption

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[trent . hurt]

Also I have lots of different model aps on it as well.

1252
1142
3502
3502p
3602
2602
3702

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Friday, September 05, 2014 10:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I have been on it since the morning it was released.  I haven't seen any big 
issues that I can point to something specific with the code.  I was running all 
the beta/esc images of 7.6 up to the release of 7.6mr3 so it was just natural 
progression for me to go with it.  Prior to 7.6mr3 I was running 7.6.122.21.  I 
have it on 5508s and 2504s some with HA as well

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Friday, September 05, 2014 10:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Can anyone running MR3 (.130) speak to the stability of the code? Any issues 
you have seen? How long have you been on it?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Friday, September 05, 2014 9:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

For engineering builds, you need to ask TAC for them. If you have a good 
relationship with your local Cisco wireless SE, he/she can probably get it as 
well.


I only have the build for the 5508.


Jeff

 John York  09/05/14 7:27 AM 
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced.

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff

 On Thursday, September 04, 2014 at 10:21 AM, in message , Britton
Anderson  wrote:
We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out.

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.


Britton Anderson |

Senior Network Communications Specialist |

University of Alaska |

907.450.8250



On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt  wrote:
There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0
Is anyone seeing controller crashes on 7.6.120.0 with a high load? We upgrade 
to 7.6.120.0 in May, but haven’t had a real load (over 5,000 clients, say) 
until this past two weeks.
We had “something” happen on Friday. We did do a “therapeutic reboot” on 
Saturday morning (at oh my God it’s 3:30 in the morning!). However, today it 
repeated. While investigating, we discovered the primary in one of the clusters 
apparently failed and went into maintenance mode.
However, the active “secondary” still showed standby hot, so we did a failover 
– which

RE: [WIRELESS-LAN] WiSM-2 and 7.6.120.0....

[trent . hurt]

No I haven't.  I have 2 webauth wlans, 1 is just a passthrough w/aup and the 
other is cwa w/ise.

There were quite a few bugs for webauth that I previously had encountered on 
earlier 7.6 releases that are resolved in mr3

CSCuq18025
CSCuq36902
CSCup40557
CSCuo86819


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John York
Sent: Friday, September 05, 2014 11:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Has anyone seen web auth problems in .130?  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Friday, September 5, 2014 10:57 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I have been on it since the morning it was released.  I haven't seen any big 
issues that I can point to something specific with the code.  I was running all 
the beta/esc images of 7.6 up to the release of 7.6mr3 so it was just natural 
progression for me to go with it.  Prior to 7.6mr3 I was running 7.6.122.21.  I 
have it on 5508s and 2504s some with HA as well

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas
Sent: Friday, September 05, 2014 10:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

Can anyone running MR3 (.130) speak to the stability of the code? Any issues 
you have seen? How long have you been on it?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Friday, September 05, 2014 9:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

For engineering builds, you need to ask TAC for them. If you have a good 
relationship with your local Cisco wireless SE, he/she can probably get it as 
well.


I only have the build for the 5508.


Jeff

 John York  09/05/14 7:27 AM 
The only 7.6 choices I see on the download site are 7.6.130.0, 120.0 and 110.0. 
 Is 7.6MR3 the same as 7.6.130.0, or does TAC have to give that to you?
John

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler
Sent: Thursday, September 4, 2014 2:24 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] WiSM-2 and 7.6.120.0

I'm running 7.6.120.12 engineering build on 5508 - We're just about done 
swapping all of our AP's to the 3700 series, and with students back, they've 
been rock solid. Hundreds of 802.11ac clients running around, and 802.11n 
performance is far better vs the 1252 series we replaced.

There was a problem in 7.6.120.0 with webauth - that was fixed in 7.6.120.6, 
but introduced another webauth CPU hog issue. That was this resolved in 
7.6.10.12. Not sure if 7.6MR3 includes the webauth CPU issue fix or not, thus 
I'm going to stick with the engineering release for now.

Jeff

 On Thursday, September 04, 2014 at 10:21 AM, in message , Britton
Anderson  wrote:
We had 7.6.120.0 on a 5508 controller that we stood up specifically for new 
3700's we put in a building we rewired which failed miserably with our webauth 
network. TAC gave us an engineering build of 7.6.122.9 which resolved that 
issue, then our eduroam network started having issues keeping clients connected 
with Client Band Select enabled. Fortunately, the old APs were just disabled 
while we were rolling this out.

I installed 7.6MR3 on the 5508, which resolved the band select issue in my test 
AP I stood up, but I'm leaving the 3700's in the aforementioned building turned 
off until we get through the first two weeks of our semester start.

Also, food for thought. According to our TAC engineer, 5508's and WiSM-2's use 
the exact same code. As I'm told, validating using a 5508 WLC should mimic 
exactly that of production WiSM-2's.

Cheers.


Britton Anderson |

Senior Network Communications Specialist |

University of Alaska |

907.450.8250



On Thu, Sep 4, 2014 at 7:20 AM, Trent Hurt  wrote:
There are a quite a few bugs with that release. I experienced a few of them 
that caused high cpu and controller crash and they were webauth related. I 
would recommend 7.6mr3 and not 8.0 unless you have specific need for the newer 
features it has in it. I’m running 7.6mr3 on 5508’s and 2504’s and have some HA 
pairs and so far it seems to be pretty stable.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Wednesday, September 03, 2014 7:34 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] WiSM-2 and 7.6.120.0
Is anyone seeing controller crashes

RE: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

[trent . hurt]

I’m running 1.2.1 patch 1 and I haven’t had these issues. (fingers crossed)  I 
have 4 psns with the controllers configured to balance the load.  Have you 
applied patch 1 to your 1.2.1?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Joe Roth
Sent: Thursday, September 04, 2014 10:39 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

Eric,

Are you running 1.2 fully patched, or 1.2.1? We are seeing some serious issues 
right now with 1.2.1. We ended the Spring semester on 1.2 and things worked 
great, but our start up with 1.2.1 has gone terrible. We are seeing high 
radius/PEAP latency on our policy nodes. What is odd is that if we reboot a 
policy node and it comes back up but cannot synchronize, there is no latency at 
all, authentications go through.

On Tue, Sep 2, 2014 at 5:14 PM, Eric T. Barnett 
ebarn...@astate.edumailto:ebarn...@astate.edu wrote:
You are right, that command can cause some serious problems.

The good news is that we moved to a Microsoft RADIUS server as a temporary 
check. It works great! I still need to wait until tomorrow morning for full 
peak, but during medium load today it worked perfectly. It wasn’t working well 
even during this load with ISE. The bad news is apparently something is very 
wrong with our ISE installation. At least I’ve got my users off of my back for 
a bit while we figure out what’s wrong with ISE.

--Eric

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Jeffrey Sessler
Sent: Tuesday, September 02, 2014 9:46 AM

To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

I don't know if it was mentioned here, but you may want to look at this if you 
have defined more than on raidus server on your controlers:

config radius aggressive-failover disable

This turns off the aggressive failover of RADIUS - this prevents the situation 
where a unknown user attempts to connect, and the controllers consider the 
delay in response (or no response) as a failure. The controller will then 
switch to the other RADIUS server. This results in a ping-pong between radius 
servers. With the feature disabled, the controller only fails over to the next 
AAA server if there are three consecutive clients that fail to receive a 
response from the RADIUS server.

Jeff

 On Tuesday, September 02, 2014 at 5:21 AM, in message 
 3433991e2e615c4ba28c92ba2132849e2668c...@wpvexcmbx04.purdue.lclmailto:3433991e2e615c4ba28c92ba2132849e2668c...@wpvexcmbx04.purdue.lcl,
  Case, Brandon J ca...@purdue.edumailto:ca...@purdue.edu wrote:
Don,

Yep the Timeout Requests counter on the controllers ticks up for the particular 
RADIUS server they’re talking to. I’ve also noticed the Pending Request timer 
increase at times but eventually it drops back to 0 when usage levels go down. 
Which vendor supported RADIUS appliances did you switch to?

Thanks,
Brandon

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Wright, Don
Sent: Monday, September 01, 2014 9:17 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

Brandon,
 Can you see any radius issues based on stats on your controllers, 
timeouts, etc.  We were seeing these on our FR servers last fall before we 
moved to our vendor support radius appliances.
-
Don Wright
Lead Network Operations Engineer
Brown University


On Wed, Aug 27, 2014 at 3:21 PM, Case, Brandon J 
ca...@purdue.edumailto:ca...@purdue.edu wrote:
Would you be able to elaborate on the improvements you did over the summer? We 
have a similar setup with regards to the backend, although ours is just 
freeradius - ldap without the F5. Our usage levels are just a bit higher than 
yours but we're receiving lots of user reports of the inability to authenticate 
but nothing consistent enough to isolate and test repeatedly.

Thanks,
Brandon

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 On Behalf Of Wang, Yu
Sent: Wednesday, August 27, 2014 3:15 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

Where are all your user accounts hosted? What kind of user database that serves 
the wireless system? Do you have a rough number of how many concurrent users at 
peak time?

We had peak time wireless authentication failure issues in the past Spring 
semester. We did performance tests in the summer and found out it was the 
backend (F5 + LDAP). We 

RE: Authentication failures at peak times (Cisco)

[trent . hurt]

What version of wlc code and ise are you using?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

We've got a relatively small deployment compared to many on this list, but 
we've run into a problem we just can't put our finger on. We're using 5508s and 
ISE as a RADIUS server and we're having HUGE latencies on WPA2-Enterprise PEAP 
authentication. There's times when almost no one can authenticate. What's 
really weird is that the controllers show AAA Authentication Error when this 
happens even though the username and password is correct. None of the devices 
seem distressed and there's no network problems we can see. Anyone ever seen 
this before or have any ideas how to troubleshoot? TAC so far has been not 
incredibly useful but they have only been on the case for a day or so now. I 
can hear my users sharpening the pitchforks...

Thanks,

Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Authentication failures at peak times (Cisco)

[trent . hurt]

Do things clear up of you reboot one of the psn servers?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

7.6.120.0 for the controller and 1.2 fully patched.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, August 27, 2014 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

What version of wlc code and ise are you using?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

We've got a relatively small deployment compared to many on this list, but 
we've run into a problem we just can't put our finger on. We're using 5508s and 
ISE as a RADIUS server and we're having HUGE latencies on WPA2-Enterprise PEAP 
authentication. There's times when almost no one can authenticate. What's 
really weird is that the controllers show AAA Authentication Error when this 
happens even though the username and password is correct. None of the devices 
seem distressed and there's no network problems we can see. Anyone ever seen 
this before or have any ideas how to troubleshoot? TAC so far has been not 
incredibly useful but they have only been on the case for a day or so now. I 
can hear my users sharpening the pitchforks...

Thanks,

Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Authentication failures at peak times (Cisco)

[trent . hurt]

I was hitting this ise bug occasionally until I upgraded to 1.2.1 w/patch 1

CSCun25815

It was related to ad cache within ISE.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

7.6.120.0 for the controller and 1.2 fully patched.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, August 27, 2014 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

What version of wlc code and ise are you using?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

We've got a relatively small deployment compared to many on this list, but 
we've run into a problem we just can't put our finger on. We're using 5508s and 
ISE as a RADIUS server and we're having HUGE latencies on WPA2-Enterprise PEAP 
authentication. There's times when almost no one can authenticate. What's 
really weird is that the controllers show AAA Authentication Error when this 
happens even though the username and password is correct. None of the devices 
seem distressed and there's no network problems we can see. Anyone ever seen 
this before or have any ideas how to troubleshoot? TAC so far has been not 
incredibly useful but they have only been on the case for a day or so now. I 
can hear my users sharpening the pitchforks...

Thanks,

Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: Authentication failures at peak times (Cisco)

[trent . hurt]

Here is more info regarding that bug as its not public

https://supportforums.cisco.com/discussion/12264836/ise-ad-8021x-authentication-failure-all-sudden

Probably not the same thing you are facing but still might be something to look 
at.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, August 27, 2014 3:29 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

I was hitting this ise bug occasionally until I upgraded to 1.2.1 w/patch 1

CSCun25815

It was related to ad cache within ISE.  

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:44 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

7.6.120.0 for the controller and 1.2 fully patched.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Trent Hurt
Sent: Wednesday, August 27, 2014 1:14 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

What version of wlc code and ise are you using?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eric T. Barnett
Sent: Wednesday, August 27, 2014 2:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Authentication failures at peak times (Cisco)

We've got a relatively small deployment compared to many on this list, but 
we've run into a problem we just can't put our finger on. We're using 5508s and 
ISE as a RADIUS server and we're having HUGE latencies on WPA2-Enterprise PEAP 
authentication. There's times when almost no one can authenticate. What's 
really weird is that the controllers show AAA Authentication Error when this 
happens even though the username and password is correct. None of the devices 
seem distressed and there's no network problems we can see. Anyone ever seen 
this before or have any ideas how to troubleshoot? TAC so far has been not 
incredibly useful but they have only been on the case for a day or so now. I 
can hear my users sharpening the pitchforks...

Thanks,

Eric Barnett
Wireless Administrator
Information and Technology Services
Arkansas State University
870 680 4243

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[trent . hurt]

I have this working on 2 702w with 8.0.  I just had to set switchport to trunk, 
make the native vlan the wireless management vlan, and allow any other vlans 
that I want to tag on the ap ports.   Then go to the ap click on the interface 
tab and enable the ports you want and type the vlan number and then save.  If 
you want the poe out port you must connect to 802.3at switch for power.


http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/702WAccessPointDG/CiscoAironetSeries_702w_AP_DG.html#pgfId-65312



The one issue I have found is that the poe output port doesn't seem to deliver 
full 802.3af class 0 (15.4w) to a device.  Mine seem to be limited to  802.3af 
class 2 (7w)

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tony Juarez
Sent: Thursday, August 21, 2014 11:01 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

Kitri

Have you had any luck getting this setup on the 702W's I have one on my dev 
controller and have not been able to get it working.

Tony

From: Kitri Waterman ki...@uoregon.edumailto:ki...@uoregon.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu
Date: Monday, August 18, 2014 at 11:30 AM
To: 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu 
WIRELESS-LAN@listserv.educause.edumailto:WIRELESS-LAN@listserv.educause.edu
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

 VLAN tagging on AP700W-Allows you to define individual VLAN tags for each 
individual Ethernet port available on Cisco Aironet 700W Series Access Points. 
This feature allows traffic to be separated not only between wireless and wired 
networks, but also among the four Ethernet ports.

Finally.


Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon



On 8/18/14, 7:13 AM, Mike King wrote:
Let's see how the mailing list treats this:

http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg
[http://www.riders4helmets.com/wp-content/uploads/2011/01/mouseinhelmet1.jpg]


On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton 
dannyea...@rice.edumailto:dannyea...@rice.edu wrote:
Early bird gets the worm but second mouse gets the cheese...


I'll put it in my lab.

 Original message 
From: Anders Nilsson
Date:18/08/2014 08:08 (GMT-06:00)
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

Nobody remembers a coward!!!  ;)

Cheers
Anders

Från: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
 För Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code released

Now who's feeling brave enough to run this on production wism2s?!

Oli

On 18 August 2014 13:18, Trent Hurt 
trent.h...@louisville.edumailto:trent.h...@louisville.edu wrote:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html



--
Oliver Elliott
Network Specialist
IT Services
University of Bristol
e: oliver.elli...@bristol.ac.ukmailto:oliver.elli...@bristol.ac.uk
t: 0117 92 (87861)
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
!DSPAM:911,53f1fabf213627805617502! ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

[trent . hurt]

I'm pretty sure its fixing this bug CSCar04580

http://www.my80211.com/cisco-field-alerts/2012/7/23/web-auth-redirect-doesnt-work-when-client-uses-a-https-url-c.html


I have tested the 8.0 code with my webauth wlans and https urls now get 
redirected correctly.  


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dan Brisson
Sent: Tuesday, August 19, 2014 10:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code released

Isn't the client's browser going to complain about a domain name mismatch b/c 
of the redirect to the https WebAuth page?  There's no way to fix that, is 
there?

-dan


Dan Brisson
Network Engineer
University of Vermont
(Ph) 802.656.8111
dbris...@uvm.edu

On 8/19/14, 9:54 PM, Vlade Ristevski wrote:
 I really want to run this code because of the https redirect
 fix:

 If a client requests a web page through HTTPS, the client is 
 redirected to the WebAuth login page.

 but am still licking my wounds from our 7.6.120.0 debacle.

 We do a web redirect to our onboarding page and with so many homepages 
 set to google and facebook (which use https) it's a big deal for us.


  Original message 
 Date: Mon, 18 Aug 2014 09:30:13 -0700
 From: The EDUCAUSE Wireless Issues Constituent Group Listserv
 WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU (on behalf of Kitri Waterman 
 ki...@uoregon.edu)
 Subject: Re: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco 8.0 code
 released
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU

 VLAN tagging on AP700W—Allows you to define
individual VLAN tags for each individual Ethernet
port available on Cisco Aironet 700W Series Access
Points. This feature allows traffic to be separated
not only between wireless and wired networks, but
also among the four Ethernet ports.

Finally.

Kitri Waterman
--
Network Engineer (Wireless)
University of Oregon

On 8/18/14, 7:13 AM, Mike King wrote:

  Let's see how the mailing list treats this:
  http://www.riders4helmets.com/wp-
 content/uploads/2011/01/mouseinhelmet1.jpg
  On Mon, Aug 18, 2014 at 9:22 AM, Danny Eaton
  dannyea...@rice.edu wrote:

Early bird gets the worm but second mouse gets
the cheese...
I'll put it in my lab.

 Original message 
From: Anders Nilsson
Date:18/08/2014 08:08 (GMT-06:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] SV: [WIRELESS-LAN] Cisco
8.0 code released

Nobody remembers a coward!!!  ;)

 

Cheers

Anders

 

Från: The EDUCAUSE Wireless Issues Constituent
Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] För
Oliver Elliott
Skickat: den 18 augusti 2014 14:59
Till: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Ämne: Re: [WIRELESS-LAN] Cisco 8.0 code
released

 

Now who's feeling brave enough to run this on
production wism2s?!

 

Oli

 

On 18 August 2014 13:18, Trent Hurt
trent.h...@louisville.edu wrote:


 http://www.cisco.com/c/en/us/td/docs/wireless/controller/relea
 se/notes/crn80.html
 

--

Oliver Elliott
Network Specialist
IT Services
University of Bristol
e: oliver.elli...@bristol.ac.uk
t: 0117 92 (87861)

** Participation and subscription
information for this EDUCAUSE Constituent Group
discussion list can be found at
http://www.educause.edu/groups/.

!DSPAM:911,53f1fabf213627805617502! **
Participation and subscription information for
this EDUCAUSE Constituent Group discussion list
can be found at http://www.educause.edu/groups/.

  ** Participation and subscription
  information for this EDUCAUSE Constituent Group
  discussion list can be found at
  http://www.educause.edu/groups/.

** Participation and subscription
information for this EDUCAUSE Constituent Group
discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Cisco 8.0 code released

[trent . hurt]

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html