Re: [WIRELESS-LAN] Wireless in Dorms
I have seen most hp printers coming with 2 modes of wifi now. You have to disable the wireless like normal. That makes the adhoc go away. You also have to disable wifi direct option as well. They are 2 separate options within the printers. One shows up as adhoc and the wifi direct appears as an Infrastructure wlan. Sent from my iPhone On Oct 21, 2014, at 2:22 PM, McNett, Loren lmcn...@mansfield.edumailto:lmcn...@mansfield.edu wrote: FYI: on top of all this, we’ve found that disabling wireless on certain printers (looking at you HP!) only turns off the wireless LED, signal is still sent out. We’ve had to tear the printers apart to physically remove the card to stop the interference. As Thomas Carter pointed out below, not only do the students not realize it, they may even think they’ve turned it off. -Loren McNett Sr. Network Engineer Mansfield University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Tuesday, October 21, 2014 1:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms But how does that help avoid the initial problem discussed concerning devices (especially HP printers) causing interference by broadcasting wireless networks? These printers broadcast these networks straight out of the box and most students don’t even realize it. Thomas Carter Network and Operations Manager Austin College 903-813-2564 image001.gif From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W (Network Services) Sent: Tuesday, October 21, 2014 10:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms 2. Wireless dorms no not need a wired LAN, so the SSID can be campus-wide. That is what we do, but with an open mac auth network that is also used for onboarding to the 802.1X secure network. We do not support wireless printing. You would need DHCP reservations to insure the printer would always get the same ip address. Bruce Osborne Network Engineer – Wireless Team IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Lee H Badman [mailto:lhbad...@syr.edu] Sent: Monday, October 20, 2014 11:11 AM Subject: Re: Wireless in Dorms To me, wireless printers are absolutely the worst offenders. If they could be eliminated, the rest may be manageable. In one version of the dorm world I envision, I’d do something like this: 1. Develop a per dorm central printing solution that was free (as long as it wasn’t abused), effective, and easy. Then, I’d pass a “no printers allowed” policy but sell it hard as “no printers needed” 2. Per dorm, create a consumer-gadget friendly PSK network that only has Internet access. There’d be MAC registration, and this WLAN would be shared with the per-dorm wired network that students also have access to. We’d campaign the heck out of how hard we’re trying to “be like home” and emphasize the need for good citizenship (with a reminder that bad behavior is trackable) 3. The secure WLAN would also be available, and would be required for access to campus resources Or put another way- try to identify all of the reasons the offending devices are there to begin with, and flex the standard “secure campus WLAN model” to accommodate/eliminate as many of the offending devices as possible with friendlier networking. Patrolling and removal isn’t cost effective, and leads to mutual bad feelings. Not sure how this would all work in the real world, but I contemplate more each semester. -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Monday, October 20, 2014 9:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms I posted something very similar a month or so ago. I feel your pain – as a small school with limited manpower, we have the same issue. So far I haven’t seen a good answer – we quickly got rid of all of the wireless routers, but there are so many devices that do not plug into the network that interfere. Trying to locate all of them is more time than we have. Pushing things into 5GHz seems like a temporary solution as, has already been mentioned, things will being utilizing that spectrum as well. 802.11ad will introduce new spectrum, but I feel like the fox constantly on the run from the hounds. Thomas Carter Network and Operations Manager Austin College 903-813-2564 image001.gif From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN
Re: [WIRELESS-LAN] Wireless in Dorms
I've never known a NAT gateway to send BPDUs out of its WAN port, and so I've never seen BPDU guard work in this scenario. When these home gateways first came out, the cable ISPs only allowed one computer to be used on their service. So, the gateways are very good at emulating a single computer. The detection is going to be very iffy, and require a lot of human interaction. Largely speaking, the devices don't look any different than some Linux box... if you can even tell the OS. Such is my experience, anyhow. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Mon, Oct 20, 2014 at 6:52 AM, Osborne, Bruce W (Network Services) bosbo...@liberty.edu wrote: That will not work with the gateway providing the address NATing it. On Cisco, bpdu-guard will block this, though. *Bruce Osborne* *Network Engineer – Wireless Team* *IT Network Services* *(434) 592-4229 %28434%29%20592-4229* *LIBERTY UNIVERSITY* *Training Champions for Christ since 1971* *From:* Ian McDonald [mailto:i...@st-andrews.ac.uk] *Sent:* Thursday, October 16, 2014 12:00 PM *Subject:* Re: Wireless in Dorms Dhcp snooping? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Benedick, Jason *Sent:* 16 October 2014 16:45 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Justin Pederson *Sent:* Thursday, October 16, 2014 11:27 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups
RE: [WIRELESS-LAN] Wireless in Dorms
I posted something very similar a month or so ago. I feel your pain – as a small school with limited manpower, we have the same issue. So far I haven’t seen a good answer – we quickly got rid of all of the wireless routers, but there are so many devices that do not plug into the network that interfere. Trying to locate all of them is more time than we have. Pushing things into 5GHz seems like a temporary solution as, has already been mentioned, things will being utilizing that spectrum as well. 802.11ad will introduce new spectrum, but I feel like the fox constantly on the run from the hounds. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [cid:image001.gif@01CFEC40.905A1AC0] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 10:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
To me, wireless printers are absolutely the worst offenders. If they could be eliminated, the rest may be manageable. In one version of the dorm world I envision, I’d do something like this: 1. Develop a per dorm central printing solution that was free (as long as it wasn’t abused), effective, and easy. Then, I’d pass a “no printers allowed” policy but sell it hard as “no printers needed” 2. Per dorm, create a consumer-gadget friendly PSK network that only has Internet access. There’d be MAC registration, and this WLAN would be shared with the per-dorm wired network that students also have access to. We’d campaign the heck out of how hard we’re trying to “be like home” and emphasize the need for good citizenship (with a reminder that bad behavior is trackable) 3. The secure WLAN would also be available, and would be required for access to campus resources Or put another way- try to identify all of the reasons the offending devices are there to begin with, and flex the standard “secure campus WLAN model” to accommodate/eliminate as many of the offending devices as possible with friendlier networking. Patrolling and removal isn’t cost effective, and leads to mutual bad feelings. Not sure how this would all work in the real world, but I contemplate more each semester. -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Monday, October 20, 2014 9:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms I posted something very similar a month or so ago. I feel your pain – as a small school with limited manpower, we have the same issue. So far I haven’t seen a good answer – we quickly got rid of all of the wireless routers, but there are so many devices that do not plug into the network that interfere. Trying to locate all of them is more time than we have. Pushing things into 5GHz seems like a temporary solution as, has already been mentioned, things will being utilizing that spectrum as well. 802.11ad will introduce new spectrum, but I feel like the fox constantly on the run from the hounds. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [AusColl_Logo_Email] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 10:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan
RE: [WIRELESS-LAN] Wireless in Dorms
1) We have this. We have printers in labs on every other floor of residence halls. We even have a web-based solution where students can print directly to the printer from their personal PCs without messing with drivers, etc. We discourage personal printers, yet students (or their parents) still think they “need” their own printer. 2) I’d extend this by trying to encourage stationary devices off of wireless and on to wired. This is something I’m trying to work on; every dorm room has 2 wired ports. I’m beginning to encourage students to move gaming devices, Apple TVs, Rokus, etc to use the wired ports as they will give the best performance / viewing / gaming experience. My frustration stems from the importance now placed on wireless and our relatively (relative to the wired world) limited amount of control over the clients, spectrum, and environment. We’ve had complaints about academics being affected because a student couldn’t get good wireless signal in their favorite study spot in the library. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [cid:image001.gif@01CFEC56.F5EEBC40] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, October 20, 2014 10:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms To me, wireless printers are absolutely the worst offenders. If they could be eliminated, the rest may be manageable. In one version of the dorm world I envision, I’d do something like this: 1. Develop a per dorm central printing solution that was free (as long as it wasn’t abused), effective, and easy. Then, I’d pass a “no printers allowed” policy but sell it hard as “no printers needed” 2. Per dorm, create a consumer-gadget friendly PSK network that only has Internet access. There’d be MAC registration, and this WLAN would be shared with the per-dorm wired network that students also have access to. We’d campaign the heck out of how hard we’re trying to “be like home” and emphasize the need for good citizenship (with a reminder that bad behavior is trackable) 3. The secure WLAN would also be available, and would be required for access to campus resources Or put another way- try to identify all of the reasons the offending devices are there to begin with, and flex the standard “secure campus WLAN model” to accommodate/eliminate as many of the offending devices as possible with friendlier networking. Patrolling and removal isn’t cost effective, and leads to mutual bad feelings. Not sure how this would all work in the real world, but I contemplate more each semester. -Lee Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter Sent: Monday, October 20, 2014 9:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms I posted something very similar a month or so ago. I feel your pain – as a small school with limited manpower, we have the same issue. So far I haven’t seen a good answer – we quickly got rid of all of the wireless routers, but there are so many devices that do not plug into the network that interfere. Trying to locate all of them is more time than we have. Pushing things into 5GHz seems like a temporary solution as, has already been mentioned, things will being utilizing that spectrum as well. 802.11ad will introduce new spectrum, but I feel like the fox constantly on the run from the hounds. Thomas Carter Network and Operations Manager Austin College 903-813-2564 [cid:image001.gif@01CFEC56.F5EEBC40] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 10:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all
RE: [WIRELESS-LAN] Wireless in Dorms
Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. signature.asc Description: Message signed with OpenPGP using GPGMail
Re: [WIRELESS-LAN] Wireless in Dorms
If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
We have only allowed one mac address per switch port in our Residence Halls for a long time now. Our wireless seems to work fairly well here. -- Kevin Kelly Director, Network Technology Whitman College - Original Message - From: Justin Pederson justinpeder...@caspercollege.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Thursday, October 16, 2014 8:26:56 AM Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU ] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ . -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
RE: [WIRELESS-LAN] Wireless in Dorms
Anyone ever think about adding a PSK SSID per dorm and letting them have a go with the toys? Allowing only Internet access of course. Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason Sent: Thursday, October 16, 2014 11:45 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
RE: [WIRELESS-LAN] Wireless in Dorms
Dhcp snooping? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Benedick, Jason Sent: 16 October 2014 16:45 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That would work if the student plugs into one of the LAN switch ports on the wireless router (when they do a lot of times that causes problems with rogue DHCP servers), but we more often see them plugging it into the internet port so we only see 1 MAC/IP address. This also wouldn’t solve the slew of broadcasting WiFi devices we’re seeing this year such as Rokus, Chromecasts, printers, gaming headsets, etc. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Justin Pederson Sent: Thursday, October 16, 2014 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
Re: [WIRELESS-LAN] Wireless in Dorms
As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.nethttp://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
x2 on the NAT issue. Especially since wireless routers are way more popular and available in store than wireless APs. I think it's going to take a multi-tiered approach to finding the APs/routers: In place of an expensive NAC that will most likely use of client to detect a NAT device I'm looking at a combination of : 1) I was playing with p0f (http://lcamtuf.coredump.cx/p0f3/) last year for possibly detecting wireless routers. There is some promise there but false positives exist in my experience with this software. 2) DHCP fingerprinting. We use Infoblox and it's built into the system. 3) Check your dhcp logs for known default AP/Router hosts names. For instance, by default, you'll see the string airport in your DHCP logs for airport express. Linksys used WAP for APs and WRT for routers. The model numbers change and will need to be updated. A csv can be kept of known model numbers and alerting can be easily scripted. If you use DHCP snooping, looking in the files in your TFTP directory should give you the switch port easily once you have the mac/IP. The wireless controller system will tell you where the rogues are and narrow down where to look for the switch port using the 3 methods above. With some development time, the whole process can be automated . On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in Dorms
This our first year introducing wireless in the dorms and in the past we let students bring their own APs from a limited list of approved AP's that we tested (routers not allowed) to make up for us not providing wifi. You're going to run into the same issues in typical dense dorm rooms but much worse. AP's same channel transmitting max power, you have no control over placement and connections will still get dropped and of course your network will still get blamed for it. So you're going to run into the same issues compounded without the visibility and management tools that you need to address them. On top of that, students expect colleges to provide wifi so you'll get flac for not making available. The plus, of course, is not having to worry about 802.1x client compatibility. On 10/16/2014 11:10 AM, T. Shayne Ghere wrote: Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart Sent: Thursday, October 16, 2014 12:04 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.nethttp://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne
Re: [WIRELESS-LAN] Wireless in Dorms
+1 to USB free USB cables as one of the more effective tools for combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide a service to your community and for free. Just make sure that you only block channels that you are using (and a few around to guarantee non overlapping) and not ALL of them! And don't use containment on the coffee shop next door ;-) My 1.99 cents, Philippe Philippe Hanset www.anyroam.net http://www.anyroam.net On Oct 16, 2014, at 11:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have
RE: [WIRELESS-LAN] Wireless in Dorms
We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them from interfering with the University Wi-Fi on University grounds. As I wrote above, the Marriott case is being taken way too literally and being blown out of proportions. I doubt that the FCC will come to you because you are actually trying to provide
Re: [WIRELESS-LAN] Wireless in Dorms
Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edu mailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.uk mailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* 16 October 2014 16:11 *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481 tel:%28307%29268-2481 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in Dorms
That’s a good one. I actually never thought about that. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edumailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481tel:%28307%29268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.*
Re: [WIRELESS-LAN] Wireless in Dorms
Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around. BTW, rogue containment is usually not jamming. Jamming requires to interfere with the spectrum. Some of those smart containment software don't actually jam the frequency but send a disassociation frame to a specific client. Also a lot of us are preventing rogue APs that are actually interfering with the University Infrastructure on the same frequencies. Those students are actually the jammers in this case and I don't see why you couldn't protect yourself by preventing them
RE: [WIRELESS-LAN] Wireless in Dorms
DHCP fingerprinting is another method for detecting the connected device type, assuming you mandate DHCP. If you're cunning you can even not give addresses to things you know what are.. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Benedick, Jason [bened...@stevenscollege.edu] Sent: 16 October 2014 18:39 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms That’s a good one. I actually never thought about that. Thanks, Jason R. Benedick IT Generalist Thaddeus Stevens College of Technology Office: (717) 391-6957 Cell: (717) 587-9065 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:37 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Also forgot to mention that you can look at TTL in the IP packets as an indicator of a NAT router. Routers are required to decrement the TTL so that's another possible method of detection. On 10/16/2014 11:40 AM, Hunter Fuller wrote: If the user connects a home gateway box (or anything else doing PAT) then the university equipment will only see one MAC and one IP, unfortunately :( On Oct 16, 2014 10:36 AM, Justin Pederson justinpeder...@caspercollege.edumailto:justinpeder...@caspercollege.edu wrote: From a technical standpoint, why not just use port security on you wired networks to only allow 1 MAC address at a time. There should be no rouge APs and the students could still use the wireless and wired networks. I have been rolling this around in my head for a little while now. The only thing you should have to cover is cellular tethering, but from my experience, most of these devices don't have much power behind the radio. On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald i...@st-andrews.ac.ukmailto:i...@st-andrews.ac.uk wrote: Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know this topic has come up in the past, but this year is one of the worst we’ve seen, and the students are getting restless. We have the ability to quarantine rogue Wireless clients, however according to a recent Court case against a large Hotel Chain, it was decided that on an open free wireless spectrum, we would be breaking the law in jamming it. How have you addressed this issue? I’m about ready to ask upper management to remove the AP’s in all the Dorm buildings and let the students bring their own AP’s if they want wireless. Has anyone resorted to this? Thanks for your input Shayne ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Thanks, Justin Pederson IT Network Coordinator Casper College (307)268-2481tel:%28307%29268-2481 [http://i47.photobucket.com/albums/f181/wrenchp/CCNP_med.jpg?t=1402930230] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. *This electronic communication from TSCT is confidential and intended solely for use by the individual to whom it is addressed. If you are not the named recipient do not forward, propagate or replicate this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and remove from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action dependent upon the contents of this email or attachment is strictly prohibited.* ** Participation and subscription information
RE: [WIRELESS-LAN] Wireless in Dorms
Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying more APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 11:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan Controllers and Cisco WCS. The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have been spaced accordingly by Cisco and by us during the introduction of wireless in the Dorms, Greeks and Single housing. We are having a heck of a time with all the interference that the students bring with them making our wireless nearly unusable. I know
RE: [WIRELESS-LAN] Wireless in Dorms
We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output. ~James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling
Re: [WIRELESS-LAN] Wireless in Dorms
One thing that helps is the fact that 11ac is not defined in the 2.4 band. Instead of trying to teach them about dual band devices, you can just tell them to look for the ac logo on the box, and they're guaranteed to get a dual band device. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. On October 16, 2014 2:05:02 PM EDT, Joann Williamson joa...@usca.edu wrote: Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying more APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: Thursday, October 16, 2014 11:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ian McDonald Sent: Thursday, October 16, 2014 10:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things isn’t a disciplinary matter? And can’t be fixed with your disciplinary system? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of T. Shayne Ghere Sent: 16 October 2014 16:11 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in Dorms Good morning. Let me say first off, we’re nearly a complete Cisco shop other than our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan
Re: [WIRELESS-LAN] Wireless in Dorms
Thanks for the capture. This is really interesting! -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Thu, Oct 16, 2014 at 1:27 PM, Trent Hurt trent.h...@louisville.edu wrote: Xbox one controller is on 5GHz. Here is pic of it from spectrum analyzer. Also the wii u has miracast from console to controller and it is on 5GHz as well. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Joann Williamson *Sent:* Thursday, October 16, 2014 2:05 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Here is what we are thinking since we “enjoy” a similar situation at USCA. We have two WISMs, 1142’s 1252’s 2602’s, Cisco NCS Infrastructure reporting, and the ability to triangulate the rogue devices. I hate the amount of time our one network engineer has to put into finding about 89 rogue devices in our housing area that has about 1000 beds. Faculty/staff wireless on campus is rock solid, too. They are not the ones really utilizing BYOD. So, our plan of attack is going to be encouraging everyone to use 5Ghz because that’s the larger spectrum with more room. We plan to tell students to bring dual band devices for doing their assignments in their room. We noticed most all activity is on the 2.4Ghz side of things. Is that the case with most of you? We plan to put those recommended laptops and tablets for our students on our website so they don’t have to try to find a dual band device on their own. Most of the airport cards have been dual band for a while, the 3rd generation iPad has dual band, and the problem can really be seen in student’s brining single band laptops, single band bargain tablets and older smartphones to housing. Additionally, we plan on deploying *more* APs and possibly turning down the 2.4Ghz frequency. We want to increase our lowest connection speed (for the clients) to 36mbps or 48mbps in the WISM on the 2.4Ghz side. I am hoping this is going cause the students with Bluetooth speakers/headphones, mobile hotspots, microwaves, older analog wireless phones, and wireless printers not to interfere as greatly as they are now. 5Ghz is just less crowded, but I am worried that the feat of telling students to bring a dual band device is going to make their eyes glaze over. That’s going to be a challenge for us in this plan. Does anyone have any thoughts about our plan? I am open to suggestions. Has anyone seen a 5ghz wireless printer, yet? Thanks! Joann L. Williamson Director of Network Systems, Architecture, Infrastructure Computer Services Department at USC Aiken phone: 803-641-3473 http://www.usca.edu *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *T. Shayne Ghere *Sent:* Thursday, October 16, 2014 11:29 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Our policy states if a device interferes with our network, then we reserve the right to have that device removed. The problem is that the WCS and Controllers are seeing over 712 devices. We can triangulate the “area” the device might be, but that would be going door to door. We don’t have the man power to spend that much time searching for them. Quite a few are wireless printers and mobile hotspots, but they usually get turned off when they aren’t in use. By sending a DoS attack to the device doesn’t solve the wireless interference that it’s causing, but only degrades the service the 2-3 AP’s are providing to other students. We have a Dorm/Greek/Singles living area of around 3,000 students and covers acres of land. I’ve seen some schools putting an AP in each room, some removing all wireless out of the dorms and others fighting the same battle I am. At what point to you just deal with it and say “yeah our wireless sucks because the students didn’t listen when they went through orientation.” On the Academic side we have very very few rogues and the Wireless is rock solid. Upper administration just doesn’t get it, I think, but we’re left to deal with it. There are two of us that maintain everything network related and no student help. It’s becoming a 24/7/365 work schedule, and we’re getting burned out fast. *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ian McDonald *Sent:* Thursday, October 16, 2014 10:13 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms Breach of your written policy prohibiting such things
Re: [WIRELESS-LAN] Wireless in Dorms
Thanks! On 10/16/2014 2:12 PM, James Elliott wrote: We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output. ~James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: We have a homegrown tool that uses some of the features of the Cisco Rogue Locator Tool, without needing the infringing wireless network to be open. We have cisco snmp mac -notification setup for all ports on campus, so we are able to identify each where each device is plugged in on our network. We take the mac address of the observed rogue AP and add 1 to the mac, and subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is plugged into the network. Once the port is identified, we get an email of the device wireless mac, wired mac, switch and port it is connected to, and even the IP address it pulled from DHCP. At this point, we use our maps to identify the room number, turn off all the ports in the room and notify Res Life of the infraction. We were able to get most of the wireless routers on campus using this technique. James Elliott -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser Sent: Thursday, October 16, 2014 1:16 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in Dorms +1 to USB free USB cables as one of the more effective tools for +combating wireless printers. More and more, it's not a case of people deciding to use wireless over wired, but instead it simply never occurs to them that they can get internet through that funny rectangularish hole. There's not much you can do for that except free cables and a constant, consistent education campaign. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 10/16/2014 12:15 PM, Peter P Morrissey wrote: That has been our approach. We have 100% coverage in residences and there isn’t usually a good reason to have an offending device with the exception of devices that just won’t work on our Enterprise network that Lee had mentioned. We have found that once we explain the situation to students, they are fine with turning them off or allowing us to help them turn them turn off the WiFi feature and find a better way to connect. Most devices have wired connections that can be utilized, and from what I understand, for a gamer this gives them a slight advantage due to lower latency. (I could be wrong about that though as I am not a gamer). We also attempt to do a lot of education before and during opening, and have a large stash of extra long USB cables that we give out freely. We have people helping students move in and nip a lot of this in the bud from the beginning. You can get USB cables very cheap in bulk BTW. I’m not saying it is perfect, but we don’t get any performance complaints at all, although it is certainly possible that there are complaints that don’t get to us. Pete Morrissey *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Heath Barnhart *Sent:* Thursday, October 16, 2014 12:04 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms As I read the case, sending deauth's is exactly what the Marriot's system was doing. We used don't have that bad of a rogue issue since we upgraded our WiFi in the dorms three years ago. I think I had 3 this year, and I just track them down the best I can (by me I mean my student worker), and have a polite conversation with the offender. I haven't had a problem with this method, though I've never been faced with 700 rogues. What types of devices are being classified as rogues? -- Heath Barnhart ITS Network Administrator Washburn University 785-670-2307 On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: I think that the Marriott court case needs to be put into perspective. Many of us have been quarantining rogue APs without any trouble. The Marriott case is somewhat different. They were preventing all Wi-Fi from being enabled and they were selling theirs as the only Wi-Fi around
RE: [WIRELESS-LAN] Wireless only dorms, advice?
You mean like this? http://www.arubanetworks.com/product/aruba-ap-93h-access-point/ Zach Jennings Senior Network Server Manager Aruba Certified Mobility Professional, Airheads MVP West Chester University of PA 610-436-1069 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, January 18, 2012 2:24 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Though slightly off topic, I gotta chime in. I wish all major vendors offered an in-wall wireless AP option- very empowering for environments with lots of unused UTP. Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Harry Rauch Sent: Wednesday, January 18, 2012 2:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Dorms are a bear to implement wireless, especially legacy buildings. We have had wireless APs in dorms for 6 years and have made several upgrades after discovering the weaknesses of different schemes. Our two most difficult dorms are multi-bed apartments that are two-story inside the apartment. We elected to go with the Ruckus 2075 in-wall AP with four additional ports. The coverage has been excellent and we have only needed one per apartment. You may want to think of in-wall options similar to hotels. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 1/18/12 1:51 PM, Rick Brown wrote: Sara, We have not moved that way but are looking at implementing wireless in the dorms. We have decided to factor in several things in determining the density of wireless. You'll need to consider the fact that students are coming in with 3-4 wireless devices per person these days with at least a couple being used simultaneously. You'll also want to factor in the residence hall layouts. We've determined that we'll probably need to place at least one per suite. This is due both to multiple devices per user but also due to construction material and layout of the suites. If you want to take full advantage of 802.11N technology you'll also want to design based on 5GHz coverage with also reduces your coverage area. Even in our older residence halls where there are two people per room and 4 to 5 bedrooms per suite one AP is going to be pushing it and we may find that we need two to a 8-10 person suite. Our residence halls tend to be constructed with concrete block with drastically reduces the coverage area of 5GHz. I'm sure others that have already implemented wireless only can provide actual results but these are some of the things we're trying to factor in. Rick On 1/18/2012 1:05 PM, Laird, Sara M wrote: Hello, I am looking for anyone who has moved to wireless only dorms. We have fast track dorm construction project that is starting and our CIO would like to make it wireless only. I am wondering if anyone has done this and if so what kind of advice or comments can you share. We will be using Cisco waps. Also I am wondering what kind of ratio you based your access points on, how many devises per person. Best Regards, Sara Sara M. Laird Network Administrator Mount Saint Mary's University 301.447.5014 Faith * Discovery * Leadership * Community ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- [cid:image001.png@01CCD5EE.D8E6D140] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.png
Re: [WIRELESS-LAN] Wireless only dorms, advice?
On Wed, 18 Jan 2012, Lee H Badman wrote: Though slightly off topic, I gotta chime in. I wish all major vendors offered an in-wall wireless AP option- very empowering for environments with lots of unused UTP. Seems to be getting better. Aruba have just announced something (wall-to-wall wifi), HP introduced something last year, and Brocade's rebadged Motorola solution has had one for a while, and it seems Ruckus too. Dunno about Cisco, but if not now it is probably coming. Need to keep an eye on the capabilites of them though; some may or may not offer 11n, or maybe only at 2.4G. Jethro. Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Harry Rauch Sent: Wednesday, January 18, 2012 2:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Dorms are a bear to implement wireless, especially legacy buildings. We have had wireless APs in dorms for 6 years and have made several upgrades after discovering the weaknesses of different schemes. Our two most difficult dorms are multi-bed apartments that are two-story inside the apartment. We elected to go with the Ruckus 2075 in-wall AP with four additional ports. The coverage has been excellent and we have only needed one per apartment. You may want to think of in-wall options similar to hotels. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 1/18/12 1:51 PM, Rick Brown wrote: Sara, We have not moved that way but are looking at implementing wireless in the dorms. We have decided to factor in several things in determining the density of wireless. You'll need to consider the fact that students are coming in with 3-4 wireless devices per person these days with at least a couple being used simultaneously. You'll also want to factor in the residence hall layouts. We've determined that we'll probably need to place at least one per suite. This is due both to multiple devices per user but also due to construction material and layout of the suites. If you want to take full advantage of 802.11N technology you'll also want to design based on 5GHz coverage with also reduces your coverage area. Even in our older residence halls where there are two people per room and 4 to 5 bedrooms per suite one AP is going to be pushing it and we may find that we need two to a 8-10 person suite. Our residence halls tend to be constructed with concrete block with drastically reduces the coverage area of 5GHz. I'm sure others that have already implemented wireless only can provide actual results but these are some of the things we're trying to factor in. Rick On 1/18/2012 1:05 PM, Laird, Sara M wrote: Hello, I am looking for anyone who has moved to wireless only dorms. We have fast track dorm construction project that is starting and our CIO would like to make it wireless only. I am wondering if anyone has done this and if so what kind of advice or comments can you share. We will be using Cisco waps. Also I am wondering what kind of ratio you based your access points on, how many devises per person. Best Regards, Sara Sara M. Laird Network Administrator Mount Saint Mary's University 301.447.5014 Faith * Discovery * Leadership * Community ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- [cid:image001.png@01CCD5EC.D565F9D0] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless only dorms, advice?
Yeah- but even better are single-gang flush mount. http://www.extremenetworks.com/products/altitude-4511.aspx who makes it is irrelevant to my point- just calling out the power of not running new wire for wireless on the ceiling when lots of it is sitting there unused in the wall. But you do help make the point! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jennings, Zachariah E. Sent: Wednesday, January 18, 2012 2:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? You mean like this? http://www.arubanetworks.com/product/aruba-ap-93h-access-point/ Zach Jennings Senior Network Server Manager Aruba Certified Mobility Professional, Airheads MVP West Chester University of PA 610-436-1069 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, January 18, 2012 2:24 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Though slightly off topic, I gotta chime in. I wish all major vendors offered an in-wall wireless AP option- very empowering for environments with lots of unused UTP. Lee H. Badman Wireless/Network Engineer Information Technology and Services Adjunct Instructor, iSchool Syracuse University 315 443-3003 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Harry Rauch Sent: Wednesday, January 18, 2012 2:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Dorms are a bear to implement wireless, especially legacy buildings. We have had wireless APs in dorms for 6 years and have made several upgrades after discovering the weaknesses of different schemes. Our two most difficult dorms are multi-bed apartments that are two-story inside the apartment. We elected to go with the Ruckus 2075 in-wall AP with four additional ports. The coverage has been excellent and we have only needed one per apartment. You may want to think of in-wall options similar to hotels. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 1/18/12 1:51 PM, Rick Brown wrote: Sara, We have not moved that way but are looking at implementing wireless in the dorms. We have decided to factor in several things in determining the density of wireless. You'll need to consider the fact that students are coming in with 3-4 wireless devices per person these days with at least a couple being used simultaneously. You'll also want to factor in the residence hall layouts. We've determined that we'll probably need to place at least one per suite. This is due both to multiple devices per user but also due to construction material and layout of the suites. If you want to take full advantage of 802.11N technology you'll also want to design based on 5GHz coverage with also reduces your coverage area. Even in our older residence halls where there are two people per room and 4 to 5 bedrooms per suite one AP is going to be pushing it and we may find that we need two to a 8-10 person suite. Our residence halls tend to be constructed with concrete block with drastically reduces the coverage area of 5GHz. I'm sure others that have already implemented wireless only can provide actual results but these are some of the things we're trying to factor in. Rick On 1/18/2012 1:05 PM, Laird, Sara M wrote: Hello, I am looking for anyone who has moved to wireless only dorms. We have fast track dorm construction project that is starting and our CIO would like to make it wireless only. I am wondering if anyone has done this and if so what kind of advice or comments can you share. We will be using Cisco waps. Also I am wondering what kind of ratio you based your access points on, how many devises per person. Best Regards, Sara Sara M. Laird Network Administrator Mount Saint Mary's University 301.447.5014 Faith * Discovery * Leadership * Community ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- [cid:image001.png@01CCD5EF.85543490] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list
RE: [WIRELESS-LAN] Wireless only dorms, advice?
We purchased a few older apartment buildings which we converted to dorms and are doing wireless only in them. For the wireless we’re using Cisco 1142i and put one per apartment (some apartments are 2 beds, some are 4). As mentioned you definitely want to do PoE on the switches to provide better power visibility and have a good UPS. Since you’re going Cisco as well I’d suggest N+N controller redundancy as this will be their only network connectivity. If I were doing it now I’d go with a 3500 series for CleanAir, but that wasn’t available at the time. The only issue we’ve really ran into are gaming systems which wanted to use lower rates or couldn’t handle our captive portal authentication. Also starting in the Fall in our other residence halls we shut down all wired jacks prior to move in and only activated them upon request (no charge). All the dorms have 802.11n (mostly Cisco 3502i) installed in the hallway (densely) with the exception of a handful with APs in the rooms. I created a couple web-forms for the students to use. One activates the port + creates an 802.1x exception for a gaming device (known gaming OUIs), the other just activates the port for computer usage. While we have had a lot of gaming device activations, we have seen very few activations for computer usage. So as such it seems that our users have pretty much gone wi-fi only for their computers and are just using the wired ports for gaming at this point. But personally if I were in charge of new construction I would still want one cabled drop in addition to the AP in the room and would do activations upon request as Philippe mentioned. Josh Robertson Network Systems Senior Engineer Old Dominion University Office of Computing Communications Services (757)683-5046 j2rob...@odu.edumailto:j2rob...@odu.edu http://occs.odu.edu/ [cid:image001.jpg@01CCD5F4.13A504A0] From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Voll, Toivo Sent: Wednesday, January 18, 2012 2:48 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? I pretty much second Rick’s comments. We also don’t have wireless-only dorms yet, but the next one will have much less wire than our existing ones. One AP per suite is what we’ve done, but you have to also consider non-RF placement issues – vandalism concerns, maintenance access and residents complaining about blinky lights above their beds. Does the architect have issue with visible APs? If the APs are above ceiling / behind walls, do indeed check the materials and placement of ventilation ducts. Also, plan on PoE switches (and UPSes?) so power-cycling capability and visibility into the gear are improved. Keep in mind that the tiling of 2.4 GHz and 5 GHz doesn’t have to be the same, nor power levels, since the number of non-overlapping channels differs. I’d try to find as many carrots as possible to steer people to 5 GHz. 2.4 GHz is a pain, with game console controllers, microwaves and number of other consumer devices adding to the lack of channels. Depending on your vendor, having a good ability to sniff the air / do spectrum analysis can be helpful in figuring out whether a wing just lost connectivity due to a microwave, misbehaving AP or rogue AP. Other design decisions – do you plan to support broadcast/multicast discovery (wireless printers, time capsules etc.) or legacy devices that require low data rates (i.e. Nintendo). Toivo Voll Network Administrator Information Technology Communications University of South Florida From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Brown Sent: Wednesday, January 18, 2012 13:52 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless only dorms, advice? Sara, We have not moved that way but are looking at implementing wireless in the dorms. We have decided to factor in several things in determining the density of wireless. You'll need to consider the fact that students are coming in with 3-4 wireless devices per person these days with at least a couple being used simultaneously. You'll also want to factor in the residence hall layouts. We've determined that we'll probably need to place at least one per suite. This is due both to multiple devices per user but also due to construction material and layout of the suites. If you want to take full advantage of 802.11N technology you'll also want to design based on 5GHz coverage with also reduces your coverage area. Even in our older residence halls where there are two people per room and 4 to 5 bedrooms per suite one AP is going to be pushing it and we may find that we need two to a 8-10 person suite. Our residence halls tend to be constructed with concrete block
Re: [WIRELESS-LAN] Wireless in dorms
On Mon, 19 Sep 2011, Lee H Badman wrote: At the risk of being seen as shameless in self-promotion, I just wrote a brief piece about Extreme Networks Snap On WiFi (built on Motorola under the hood) Altitude 4511. If you buy into the philosophy, and under the right conditions I would, no additional wiring needed beyond the Cat 5 already installed for Ethernet. There are a growing number of ways to skin the wireless cat, and if you are new to wireless the options are many and interesting beyond the controller based stuff. See http://www.networkcomputing.com/wireless/231601558 Sounds like the Brocade product, which I believe is also Motorola under the hood. We were shown it a few months back. It's a nice idea, although I agree with your comments that dual-band would be more useful. I wonder how far the time is before we say N is the future, b/g are no longer specifically provisioned and let it die off. My other concern is for those cases where you have a mix of wifi vendor technologies. For example you might like this Motorola product in some deployments, but otherwise be running C-word wireless or A-word wireless. Or perhaps with T-word wireless, you also want to deploy a Xirrus box in a particularly dense environment. How do you deal with managing these two sets of wireless network? Are there integration tools? Is roaming possible (or desirable?). Or, do we just say that we already have a number of management tools for different bits of the network anyway, so one more won't make much difference. To address some of the other points: we have just deployed one small wireless installation in half of one dorm that was refurbished this summer. Otherwise, while the residents might get a signal bleeding from surrounding buildings, there is a officially no wireless provision. In this day and age that's not a happy proposition, but we're looking to replace our wireless generally so do not want to spend large amounts of money we don't have until that's in progress. For the wired connections, we specifically prohibit the connection of anything other than an edge device to the network. We currently do dhcp-snooping, need to look at other things like unknown unicast limiting and port security for number of MACs. And we suffer from the dreaded IPv6 RA problem too, unfortunately our current switch hardware does not give us a built-in mechanism to filter those out, which means a tedious exercise of tracking the offender when we get the internet is down calls (when the network is otherwise clearly functional). Jethro. And Extreme's page on these at http://extremenetworks.com/products/altitude-4511.aspx Given that wiring can be as expensive as the APs, this sort of solution is at least interesting. -Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oakes, Carl W Sent: Monday, September 19, 2011 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Depending on your switch vendor, you can setup DHCP Trust, which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco 3750). As for our wireless, we have Aruba deployed in our newer locations, and are in progress on the older buildings. Actually looking to use the students wired jack to activate the AP. We discourage via policy BYO Access Points campus wide, but don't enforce heavily in the non covered Res Hall areas, that will change as the Aruba deployment expands. Carl Oakes Network Architect California State University Sacramento (916) 278-5551 / oake...@csus.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 9:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edumailto:r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac
RE: [WIRELESS-LAN] Wireless in dorms
Lee this is a really interesting article, and something we've been looking at as a UK Extreme networks customer. Have you experienced rolling these out to a dorm yet, as I'm quite interested to find out how low the DBI output can be dropped to, to see if is it practical to install 1 per room (with alternate 2.4Ghz and 5 Ghz radios.) so that on a corridor of dorms you have a large number of APs with signal limited (as much as possible) per AP to just a couple of rooms. Many Thanks Peter Mr Peter Methven, Network Specialist Information Technology (IT) Allen McTernan Building, Edinburgh Campus Tel: +44 (0)131 451 3516 For IT support queries or requests, please email ith...@hw.ac.uk mailto:ith...@hw.ac.uk or +44 (0)131 451 4045, with full details of your query or request and your contact details. http://www.hw.ac.uk/it From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: 19 September 2011 18:12 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms At the risk of being seen as shameless in self-promotion, I just wrote a brief piece about Extreme Networks Snap On WiFi (built on Motorola under the hood) Altitude 4511. If you buy into the philosophy, and under the right conditions I would, no additional wiring needed beyond the Cat 5 already installed for Ethernet. There are a growing number of ways to skin the wireless cat, and if you are new to wireless the options are many and interesting beyond the controller based stuff. See http://www.networkcomputing.com/wireless/231601558 And Extreme's page on these at http://extremenetworks.com/products/altitude-4511.aspx Given that wiring can be as expensive as the APs, this sort of solution is at least interesting. -Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oakes, Carl W Sent: Monday, September 19, 2011 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Depending on your switch vendor, you can setup DHCP Trust, which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. J (Our access layer is Cisco 3750). As for our wireless, we have Aruba deployed in our newer locations, and are in progress on the older buildings. Actually looking to use the students wired jack to activate the AP. We discourage via policy BYO Access Points campus wide, but don't enforce heavily in the non covered Res Hall areas, that will change as the Aruba deployment expands. Carl Oakes Network Architect California State University Sacramento (916) 278-5551 / oake...@csus.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 9:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space
RE: [WIRELESS-LAN] Wireless in dorms
Hi Peter, I cannot stand behind the 4511 from experience at Syracuse University, as we are a very large Cisco lightweight wireless environment (with a 35 AP Meraki deployment in our London facility). I covered the 4511 as the wireless/mobility blogger for Network Computing, where I have the good fortune of being introduced first hand to a wide-range of hardware and applications by product managers, CTO types, and those who actually develop the products. As someone who has been in the business of wireless design and deployment since 2001, and who has also been writing about various solutions for just as long, I have come to the conclusion that there are advantages and disadvantages to pretty much any WLAN solution. This is a space where marketing departments have an absolute field day sparkly-eying potential customers and vendors constantly one-up each other with lab tests that the typical customer would be hard-pressed to verify in the real world. My bottom line recommendation: keep an open mind to the right solution FOR YOU for different scenarios. Greenfield and brownfield situations allow you to be far more flexible in your choices. If you like the way a solution looks, but it's not from a market leader, get as many real testimonials as you can, do an eval, try not to hurry to conclusions, and drive for a good price if you ultimately commit. Back to the 4511- the ability to use existing wiring and provide Ethernet pass-through with a low-cost 2x2 11n AP that flush mounts in a low profile way does deserve consideration. As I mentioned, I'd love to see other vendors including Cisco provide this form factor. I'm a fan of Motorola's WiNG 5 approach and features that are under Extreme's hood (I have come to appreciate most approaches that reduce the reliance on a big honkin' controller and provide robust client support tools built in to the AP) and would personally give the solution consideration if I was looking at well-wired buildings that didn't yet have wireless in them. But I would start with an eval and have to get happy that both the wireless client experience and system admin halves of the equation were a good fit with the rest of my IT environment (auth, NAC, quarantine, etc) and that scaling to my ultimate largest would be OK before signing. Lee H. Badman (In this case, Network Computing Magazine blogger) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Methven, Peter J [p.j.meth...@hw.ac.uk] Sent: Tuesday, September 20, 2011 6:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Lee this is a really interesting article, and something we’ve been looking at as a UK Extreme networks customer. Have you experienced rolling these out to a dorm yet, as I’m quite interested to find out how “low” the DBI output can be dropped to, to see if is it practical to install 1 per room (with alternate 2.4Ghz and 5 Ghz radios.) so that on a corridor of dorms you have a large number of APs with signal limited (as much as possible) per AP to just a couple of rooms. Many Thanks Peter Mr Peter Methven, Network Specialist Information Technology (IT) Allen McTernan Building, Edinburgh Campus Tel: +44 (0)131 451 3516 For IT support queries or requests, please email ith...@hw.ac.ukmailto:ith...@hw.ac.uk or +44 (0)131 451 4045, with full details of your query or request and your contact details. http://www.hw.ac.uk/it From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: 19 September 2011 18:12 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms At the risk of being seen as shameless in self-promotion, I just wrote a brief piece about Extreme Networks “Snap On WiFi” (built on Motorola under the hood) Altitude 4511. If you buy into the philosophy, and under the right conditions I would, no additional wiring needed beyond the Cat 5 already installed for Ethernet. There are a growing number of ways to skin the wireless cat, and if you are new to wireless the options are many and interesting beyond the controller based stuff. See http://www.networkcomputing.com/wireless/231601558 And Extreme’s page on these at http://extremenetworks.com/products/altitude-4511.aspx Given that wiring can be as expensive as the APs, this sort of solution is at least interesting. -Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oakes, Carl W Sent: Monday, September 19, 2011 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Depending on your switch vendor, you can setup “DHCP Trust”, which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. ☺ (Our
Re: [WIRELESS-LAN] Wireless in dorms
On 09/20/2011 04:06 AM, Jethro R Binks wrote: My other concern is for those cases where you have a mix of wifi vendor technologies. For example you might like this Motorola product in some deployments, but otherwise be running C-word wireless or A-word wireless. Or perhaps with T-word wireless, you also want to deploy a Xirrus box in a particularly dense environment. How do you deal with managing these two sets of wireless network? Are there integration tools? Is roaming possible (or desirable?). Or, do we just say that we already have a number of management tools for different bits of the network anyway, so one more won't make much difference. I've heard good things about the AirWave product (formally independent, now owned by Aruba) for this sort of thing; it was actually designed as a control console for multiple vendor gear, so as long as you're dealing with relatively common equipment, you should be able to manage everything from one place with it. (No hands-on experience, just demos before Aruba bought it up.) -- Matt Gracie (716) 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in dorms
The dorms are a lose-lose situation. We have 100% coverage, but the dorms require more support than any other buildings, when things don't work (it's Wireless, after all) we get flooded with calls (especially from mommy and daddy) AND then the students bring in their own devices (against the Acceptable Use Policy). I'm kind of liking the Wild West approach, if the DHCP situation can be controlled. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Garry Peirce [pei...@maine.edu] Sent: Monday, September 19, 2011 3:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms 2 cents from someone in a similar boat. Unfortunately, some of our campuses have been unable to support ubiquitous wireless in dorms due to cost. In some cases they have only common areas covered. That being the case , with wireless being the preferred access method along with a lack of local campus policy in this regard they’ve understandably connected SOHO wireless routers. Some our of ResHalls caused us significant problems on the wired side at the start of this semester. Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we weren’t able to corral an issue until implementing blocking of unknown unicast (cisco UUFB) on the ResHall subnets. This being a wireless forum, I’ll omit the details but in a nutshell, the issues were ICMP redirect/ARP-amplification related and would intermittently peg the attaching campus router’s CPU. I think efforts to searchfix offending devices or train students is entering a never ending battle. As cheaper devices will not have A radios (not that many clients will either….) co-channel interference is likely common. Add in interference , ex. assuming a fair # of microwave ovens, and I’d think their wireless experience is less than spectacular with no one to reach out to for insight/support. I feel such devices in ResHalls add an unmanaged infrastructure that not only underserves the users but may also have consequences for the managed infrastructure it connects to. I suppose by allowing them to use such devices, one can remove themselves from wireless infrastructure/client support, but I’d rather be in a position where we could supply the needed wireless service in a managed way and avoid their need to use them. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 11:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in dorms All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. thanks, ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edumailto:r...@selu.edu http://r-a-y.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in dorms
We have gone the route of enhancing our wireless in the dorms. Our dorms hold approx. 125+ students per bldg. We provide wired - 100mB and Gigabit as well as wireless. We've upgraded our APs to increase coverage every year including this year. The replacing of the Ciscos to Ruckus has resulted in greater coverage with less devices; it's been a set it and forget it type of transition so our network calls from the dorms has dropped by over 90% from two years ago. Each complex of 5 bldgs. and has a separate vlan with a full outside Class C address set. We control bandwidth and applications with an Exinda box to prevent Bit torrent and other types of no-no applications. The students also have video game machines as well as IP tvs. We require that any device attached to our network must be NetReg'd or it simply won't work. There are a number of rogue APs which we monitor but the amount has shrunk with each year as the school wireless proves to be more reliable. We don't allow wireless printers or wireless BluRay players on our network and require the student who wants them to purchase a wireless router that we program and monitor. The DHCP addresses come from our central systems; by providing the student with better access and requiring that their router be programmed by our department, the problems of rogue DHCP routers have for the most part disappeared. Now if I can keep student from plugging both ends of a network cable into both jacks in their room I would be happy. Harry Rauch Sr. Network Analyst Eckerd College 4200 - 54th Ave S St. Petersburg, FL 33711 On 9/20/11 8:26 AM, Brian Helman wrote: The dorms are a lose-lose situation. We have 100% coverage, but the dorms require more support than any other buildings, when things don't work (it's Wireless, after all) we get flooded with calls (especially from mommy and daddy) AND then the students bring in their own devices (against the Acceptable Use Policy). I'm kind of liking the Wild West approach, if the DHCP situation can be controlled. -Brian *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Garry Peirce [pei...@maine.edu] *Sent:* Monday, September 19, 2011 3:17 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in dorms 2 cents from someone in a similar boat. Unfortunately, some of our campuses have been unable to support ubiquitous wireless in dorms due to cost. In some cases they have only common areas covered. That being the case , with wireless being the preferred access method along with a lack of local campus policy in this regard they’ve understandably connected SOHO wireless routers. Some our of ResHalls caused us significant problems on the wired side at the start of this semester. Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we weren’t able to corral an issue until implementing blocking of unknown unicast (cisco UUFB) on the ResHall subnets. This being a wireless forum, I’ll omit the details but in a nutshell, the issues were ICMP redirect/ARP-amplification related and would intermittently peg the attaching campus router’s CPU. I think efforts to searchfix offending devices or train students is entering a never ending battle. As cheaper devices will not have A radios (not that many clients will either….) co-channel interference is likely common. Add in interference , ex. assuming a fair # of microwave ovens, and I’d think their wireless experience is less than spectacular with no one to reach out to for insight/support. I feel such devices in ResHalls add an unmanaged infrastructure that not only underserves the users but may also have consequences for the managed infrastructure it connects to. I suppose by allowing them to use such devices, one can remove themselves from wireless infrastructure/client support, but I’d rather be in a position where we could supply the needed wireless service in a managed way and avoid their need to use them. *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ray DeJean *Sent:* Monday, September 19, 2011 11:04 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless in dorms All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated
RE: Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms)
Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Tuesday, September 20, 2011 5:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] Sent: Monday, September 19, 2011 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edumailto:r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edumailto:grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378tel:%28716%29%20888-8378 Information Security Administrator grac...@canisius.edumailto:grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms)
We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett _ From: Jason Todd [mailto:jt...@westernu.edu] Sent: Tuesday, September 20, 2011 08:06 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Tuesday, September 20, 2011 5:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] Sent: Monday, September 19, 2011 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) tel:%28716%29%20888-8378 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http
Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms)
On 9/20/2011 11:52 AM, David Gillett wrote: We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. Just be a bit cautious... our city buses offer free WiFi on board. We were deauth-ing / dropping users on the buses when they drove through campus :) Jeff ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms)
We are using the last version of this script: https://roguedetect.bountysource.com/ It's pretty old but works for us. We may have made some minor changes for our environment. I think mainly the script would only email the mac, and i modified it to also report the interface/vlan. Each of our 22 dorms is a different vlan, so we brought 22 vlan interfaces up on a central linux box, and just kick off the script on each interface every 30 minutes. It emails us the vlan and mac address of rogues, and we put that mac in a quarantine vlan. All traffic in the quarantine gets redirected to a page that says let us know when you unplug the router and your internet access will be restored. It works, but it's a manual process for us and sometimes frustrating for the student (especially at the beginning of the semester). Dropping DHCPOFFER's at the edge seems like a much better solution, which is what we're moving to this week. (Our 3com 5500 switches can do it with ACLs. The older 4400 switches can do it with a QoS profile) ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Tue, Sep 20, 2011 at 7:21 AM, Brian Helman bhel...@salemstate.eduwrote: Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian -- *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] *Sent:* Monday, September 19, 2011 12:11 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.eduwrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group
RE: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms)
The state mandates a competitive bidding process, so it will be some time before I know the vendor, let alone the model. We're far enough into the process that I probably can't get this added to our list of required functionality. I just have to hope it has become a common enough feature (since the last time we did this) that whoever we wind up with supports it, one way or another. David Gillett _ From: Leo Song [mailto:s...@uoguelph.ca] Sent: Tuesday, September 20, 2011 09:03 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms) Hi, David. What specific switch model you are going to use? Leo Song, Senior Analyst Cluster Lead Computing and Communication Services - Networking and Security University of Guelph (519) 824-4120 x 53181 _ From: David Gillett gillettda...@fhda.edu To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Tuesday, September 20, 2011 11:52:34 AM Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett _ From: Jason Todd [mailto:jt...@westernu.edu] Sent: Tuesday, September 20, 2011 08:06 To: WIRELESS-LAN@listserv.educause.edu Subject: Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman Sent: Tuesday, September 20, 2011 5:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] Sent: Monday, September 19, 2011 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from
Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms)
Most enterprise class equipment (Cisco, Brocade, etc) come with dhcp-snooping standard now. Not sure about Juniper, and I think I heard the HP does it. I have DHCP-Snooping up in all student areas. Heath On 9/20/2011 11:16 AM, David Gillett wrote: The state mandates a competitive bidding process, so it will be some time before I know the vendor, let alone the model. We're far enough into the process that I probably can't get this added to our list of required functionality. I just have to hope it has become a common enough feature (since the last time we did this) that whoever we wind up with supports it, one way or another. David Gillett *From:* Leo Song [mailto:s...@uoguelph.ca] *Sent:* Tuesday, September 20, 2011 09:03 *To:* WIRELESS-LAN@listserv.educause.edu *Subject:* Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms) Hi, David. What specific switch model you are going to use? Leo Song, Senior Analyst Cluster Lead Computing and Communication Services - Networking and Security University of Guelph (519) 824-4120 x 53181 *From: *David Gillett gillettda...@fhda.edu *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Sent: *Tuesday, September 20, 2011 11:52:34 AM *Subject: *Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett *From:* Jason Todd [mailto:jt...@westernu.edu] *Sent:* Tuesday, September 20, 2011 08:06 *To:* WIRELESS-LAN@listserv.educause.edu *Subject:* Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman *Sent:* Tuesday, September 20, 2011 5:22 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] *Sent:* Monday, September 19, 2011 12:11 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu mailto:r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu mailto:grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded
Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms)
I can confirm Juniper does it. On Tue, Sep 20, 2011 at 5:47 PM, Heath Barnhart heath.barnh...@washburn.edu wrote: Most enterprise class equipment (Cisco, Brocade, etc) come with dhcp-snooping standard now. Not sure about Juniper, and I think I heard the HP does it. I have DHCP-Snooping up in all student areas. Heath On 9/20/2011 11:16 AM, David Gillett wrote: The state mandates a competitive bidding process, so it will be some time before I know the vendor, let alone the model. We're far enough into the process that I probably can't get this added to our list of required functionality. I just have to hope it has become a common enough feature (since the last time we did this) that whoever we wind up with supports it, one way or another. David Gillett -- *From:* Leo Song [mailto:s...@uoguelph.ca s...@uoguelph.ca] *Sent:* Tuesday, September 20, 2011 09:03 *To:* WIRELESS-LAN@listserv.educause.edu *Subject:* Re: [WIRELESS-LAN] Rogue Device detection. (was[WIRELESS-LAN]Wireless in dorms) Hi, David. What specific switch model you are going to use? Leo Song, Senior Analyst Cluster Lead Computing and Communication Services - Networking and Security University of Guelph (519) 824-4120 x 53181 -- *From: *David Gillett gillettda...@fhda.edu gillettda...@fhda.edu *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Sent: *Tuesday, September 20, 2011 11:52:34 AM *Subject: *Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) We'll be replacing our switches over the next 6-18 months, and I'm hoping the new ones may include this capability. David Gillett -- *From:* Jason Todd [mailto:jt...@westernu.edu jt...@westernu.edu] *Sent:* Tuesday, September 20, 2011 08:06 *To:* WIRELESS-LAN@listserv.educause.edu *Subject:* Re: [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN]Wireless in dorms) Our rogue DHCP server problems went away once we started blocking DHCP offers at the edge. Before that we were hooking protocol analyzers up to the segment having problems to detect rogues. Jason Todd Network Security Officer Western University of Health Sciences *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUWIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Brian Helman *Sent:* Tuesday, September 20, 2011 5:22 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Rogue Device detection. (was [WIRELESS-LAN] Wireless in dorms) Oh, tell me more about this perl script you are using. Anyone else have good methods for identifying and terminating rogue DHCP (and rogue AP's for that matter) servers? -Brian -- *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Ray DeJean [r...@selu.edu] *Sent:* Monday, September 19, 2011 12:11 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device
RE: [WIRELESS-LAN] Wireless in dorms
We don't have dorms, and don't generally permit random users to add their own infrastructure to our network. BYO *endpoint* device is permitted on our wireless network and a couple of specific wired locations, but we frown on people unplugging college-provided machines to plug their own into network segments where they are NOT welcome At least once a term, we'll have an emergency scramble to track down the rogue DHCP server that is giving campus clients bogus addresses and gateway/mask information and so isolating multiple clients from the Internet. Almost invariably it will turn out to be someone's BYOD router, misconfigured and/or connected backwards If I were a dorm resident, I'm sure I would prefer a campus with a BYOD policy, but as an IT employee, I worry that campuses may adopt them without appreciating the workload that supporting such a policy can entail. David Gillett, CISSP CCNP _ From: Ray DeJean [mailto:r...@selu.edu] Sent: Monday, September 19, 2011 08:04 To: WIRELESS-LAN@listserv.educause.edu Subject: [WIRELESS-LAN] Wireless in dorms All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. thanks, ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in dorms
On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in dorms
We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.eduwrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378 Information Security Administrator grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in dorms
Depending on your switch vendor, you can setup DHCP Trust, which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco 3750). As for our wireless, we have Aruba deployed in our newer locations, and are in progress on the older buildings. Actually looking to use the students wired jack to activate the AP. We discourage via policy BYO Access Points campus wide, but don't enforce heavily in the non covered Res Hall areas, that will change as the Aruba deployment expands. Carl Oakes Network Architect California State University Sacramento (916) 278-5551 / oake...@csus.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 9:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edumailto:r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edumailto:grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378tel:%28716%29%20888-8378 Information Security Administrator grac...@canisius.edumailto:grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless in dorms
At the risk of being seen as shameless in self-promotion, I just wrote a brief piece about Extreme Networks Snap On WiFi (built on Motorola under the hood) Altitude 4511. If you buy into the philosophy, and under the right conditions I would, no additional wiring needed beyond the Cat 5 already installed for Ethernet. There are a growing number of ways to skin the wireless cat, and if you are new to wireless the options are many and interesting beyond the controller based stuff. See http://www.networkcomputing.com/wireless/231601558 And Extreme's page on these at http://extremenetworks.com/products/altitude-4511.aspx Given that wiring can be as expensive as the APs, this sort of solution is at least interesting. -Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Oakes, Carl W Sent: Monday, September 19, 2011 12:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms Depending on your switch vendor, you can setup DHCP Trust, which says only certain ports can respond to DHCP requests. Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco 3750). As for our wireless, we have Aruba deployed in our newer locations, and are in progress on the older buildings. Actually looking to use the students wired jack to activate the AP. We discourage via policy BYO Access Points campus wide, but don't enforce heavily in the non covered Res Hall areas, that will change as the Aruba deployment expands. Carl Oakes Network Architect California State University Sacramento (916) 278-5551 / oake...@csus.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 9:11 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless in dorms We do have dorms segregated on separate vlans behind a firewall from the rest of the network. However, the Rogue DHCP server issue is one of the main reasons we find out that a student is trying to run their own router. We have a roguedhcp perl script that sends out dhcp requests every hour or so and sees who responds... if any rogue's respond we quarantine them and tell them to unplug the router. However that's not good enough for the BYOD policy. So we're currently testing out ACLs and qos profiles on our switches that will just block the dhcp server responses on the endpoint ports. So Timmy can run a dhcp server in his room all he wants without affecting anyone else. I don't know why we didn't think of that years ago... ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edumailto:r...@selu.edu http://r-a-y.org On Mon, Sep 19, 2011 at 10:54 AM, Matthew Gracie grac...@canisius.edumailto:grac...@canisius.edu wrote: On 09/19/2011 11:04 AM, Ray DeJean wrote: All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. You don't mention what kind of network architecture you have - if you're using a relatively flat topology, with comingling of residence hall, administrative, and academic traffic, be sure that you've got technology and procedures in place to shut down misconfigured endpoints. Nobody will be happy when they start getting RFC1918 addresses from the DHCP server on little Timmy's free-with-rebate Linksys AP. -- Matt Gracie (716) 888-8378tel:%28716%29%20888-8378 Information Security Administrator grac...@canisius.edumailto:grac...@canisius.edu Canisius College ITSBuffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups
RE: [WIRELESS-LAN] Wireless in dorms
2 cents from someone in a similar boat. Unfortunately, some of our campuses have been unable to support ubiquitous wireless in dorms due to cost. In some cases they have only common areas covered. That being the case , with wireless being the preferred access method along with a lack of local campus policy in this regard they've understandably connected SOHO wireless routers. Some our of ResHalls caused us significant problems on the wired side at the start of this semester. Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we weren't able to corral an issue until implementing blocking of unknown unicast (cisco UUFB) on the ResHall subnets. This being a wireless forum, I'll omit the details but in a nutshell, the issues were ICMP redirect/ARP-amplification related and would intermittently peg the attaching campus router's CPU. I think efforts to searchfix offending devices or train students is entering a never ending battle. As cheaper devices will not have A radios (not that many clients will either..) co-channel interference is likely common. Add in interference , ex. assuming a fair # of microwave ovens, and I'd think their wireless experience is less than spectacular with no one to reach out to for insight/support. I feel such devices in ResHalls add an unmanaged infrastructure that not only underserves the users but may also have consequences for the managed infrastructure it connects to. I suppose by allowing them to use such devices, one can remove themselves from wireless infrastructure/client support, but I'd rather be in a position where we could supply the needed wireless service in a managed way and avoid their need to use them. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ray DeJean Sent: Monday, September 19, 2011 11:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in dorms All, We don't currently provide wireless in our dorms, and our official policy is to not allow students to bring their own wireless devices. We don't actively enforce this policy though, and as long as the students' device isn't causing problems, they typically don't hear from us. (We do provide at least a 100mbps wired connection to each student). We are considering changing our policy to allow BYOD (bring your own device) in the dorms. I know lots of students already BYOD, but we're not policing it. We're considering the costs associated with deploying our Aruba system to all the dorms, and the fact that students are going to BYOD anyway. Rather than fight them, allow it. We'll secure our wired network obviously, but also have workshops and online instructions to show the students how to properly connect and secure their device. Of course we realize the interference issues that may arise in a crowded 2.4ghz space... The University of Wisconsin-Madison (http://www.housing.wisc.edu/resnet/gameConsoles.php) already has a policy like this in place. Just looking to hear from other universities who have or are considering a policy such as this. thanks, ray -- Ray DeJean Systems Engineer Southeastern Louisiana University email: r...@selu.edu http://r-a-y.org ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless in dorms
That Altitude 4511 product looked interesting. I'm curious to know the per-unit price on those, as quick google and amazon searches didn't bring anything up in that regard. I'd also like to see one with a pass-through port, so I can put one over an existing port in a student's room or classroom and still connect the existing wired device at the same location. We also were unable to find the budget for a traditional controller-based system, but we managed to do pretty well for ourselves using APs from Engenius (ECB-9500). They run under $100 each, vs $400, $600, or more for enterprise level access points, and we run them without a controller, instead using existing infrastructure. The cheaper APs plus no controller put us in at about 1/10 what were quoted for a traditional Aruba or Cisco system. Of course, at that price we made a few compromises: - Reporting. This is huge. I don't get to know who's using what spectrum, and I often have to wait for students to tell me an access point isn't working in an area before I know about, rather than being proactive about it. We work around this because we have good er - Multiple SSIDs per access point. Our system actually will support this, but we haven't had the time to set it up yet. We do have some basic divisions by geographical area on campus to split up broadcast domains, but that's it. - Fixed cell sizes (limited air space). My understanding is that more advanced systems can be set to automatically turn down transmission power based on the power from the neighboring access points, and thereby reduce the amount of airspace used by each client. We get by because we're small. Hand in hand with this is the need to manually tune channels. The access points we have support DD-WRT, which would allow us to tune this manually, but that would also mean buying and deploying more access points that we don't have budget for. - Limited to 50 access points for radius purposes with Windows Standard Server. Of course, we need more than 50 access points and so had to open up our dorm wifi (no encryption there at all :( ). Our administrative and classroom buildings are encrypted, though; we're small enough to be able to do it that way. I'm working right now on a FreeRADIUS implementation that should fix this for us soon, but honestly our students **really like** the open wifi. We haven't had problems with campus neighbors and others leeching bandwidth, I have zero reports of abuse from tools like firesheep, and so while this is something I'm working on I'm not as rushed about it as I should be. We're up to 78 access points now. Add in wiring some PoE injectors, and we still spent less than $10,000 to unwire the whole campus. Joel Coehoorn York College IT Director 402.363.5603 On Mon, Sep 19, 2011 at 2:17 PM, Garry Peirce pei...@maine.edu wrote: 2 cents from someone in a similar boat. ** ** Unfortunately, some of our campuses have been unable to support ubiquitous wireless in dorms due to cost. In some cases they have only common areas covered. That being the case , with wireless being the preferred access method along with a lack of local campus policy in this regard they’ve understandably connected SOHO wireless routers. ** ** Some our of ResHalls caused us significant problems on the wired side at the start of this semester. Although we enable L2 features (such as DHCP snooping/DAI/SG,MAC limits) we weren’t able to corral an issue until implementing blocking of unknown unicast (cisco UUFB) on the ResHall subnets. This being a wireless forum, I’ll omit the details but in a nutshell, the issues were ICMP redirect/ARP-amplification related and would intermittently peg the attaching campus router’s CPU. I think efforts to searchfix offending devices or train students is entering a never ending battle. ** ** As cheaper devices will not have A radios (not that many clients will either….) co-channel interference is likely common. Add in interference , ex. assuming a fair # of microwave ovens, and I’d think their wireless experience is less than spectacular with no one to reach out to for insight/support. ** ** I feel such devices in ResHalls add an unmanaged infrastructure that not only underserves the users but may also have consequences for the managed infrastructure it connects to. I suppose by allowing them to use such devices, one can remove themselves from wireless infrastructure/client support, but I’d rather be in a position where we could supply the needed wireless service in a managed way and avoid their need to use them. ** ** ** ** *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Ray DeJean *Sent:* Monday, September 19, 2011 11:04 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Wireless
RE: [WIRELESS-LAN] Wireless in dorms, a seat of the pants approach?
I doubt that you'll have to worry about the 360 much. Most games do not take that much bandwidth for online play unless the user is hosting. You'll find that 20MB of information downloaded in an HOUR is about the most that any game will use now-a-days (which comes out to not a whole lot of mb/sec). Some games like your Everquests and World of Warcrafts (MMOGs) will use considerably less (around 2MB/hour). The 360's voice capability will increase that a bit, but you have to remember that other than the voice (which is usually a really compressed codec, requiring not a lot of bandwidth either) really the only information that a game needs from over the network is the positional data from the other players and their weapons. The local game houses the fast majority of data. Games need good latency not necessarily good bandwidth. Regards, Eric Barnett Wireless Administrator Information and Technology Services Arkansas State University 870-972-3033 http://wireless.astate.edu -Original Message- From: Flagg, Martin D. [mailto:[EMAIL PROTECTED] Sent: Friday, November 11, 2005 8:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless in dorms, a seat of the pants approach? I have been a little embarrassed to express our wireless deployment strategies because I took an approach many will disagree with. We had very limited budget and have even less personal. We started about three years ago and initially were able to buy a limited amount of access points. I deployed Cisco 1200b's , Cisco ACS, LEAP and required Cisco NICs. I placed the AP's manly in academic buildings trying to get the best coverage we could. We are a small school of less then 1500 total students, so I was not worried about home many users per AP (usually it was one or two). Amazingly, by using external directional antenna's, I was able to provide coverage to about 70% of the Academic and staff buildings. The next year we deployed more Access points, Cisco 1200 G's this time. We started filling in the gaps not worrying about dorms. We added support for PEAP. This year we added the dorms, my stated plan was to cover the Dorm common areas but I was fairly sure I could cover most (80-90%) of the dorm rooms. All our dorms have one 100 MB /bed anyways. My survey techniques involved my best guess as where to put access points and was highly influenced by where I could steal a 100 MB connection for the AP. Our staff (being only me when it comes to the network) did not have time to do a survey or any in-depth testing. It was seat of the pants all the way. A professional survey would have been great but I figured for the cost of one, I could buy allot more access points. We also have started upgrading our old 1200b's to 1200G's. We also moved wireless to CCA. I am using less directional antennas now and realize I will soon have to worry more about channel over lap and power. Next year I am planning on buying a central management solution to help me to deal with power and channel overlap issues. Any Suggestions? We did it on the cheap both in time and $$ commitment, and it works using no real frequency planning. However, I would never consider using it as the only method for dorms. The kids now expect wireless but I draw the line at expecting wireless to work with P2P downloading. If I have problems with P2P wireless, I plan on using CCA to block P2P. My next big fear is XBOX 360 and what it will do to wireless? Martin D. Flagg Network Engineer/Administrator Hiram College - If you lend someone $20, and never see that person again, it was probably worth it. -Original Message- From: Dave Molta [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 4:35 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? It's fairly easy to understand how the scheduling capabilities of Meru allow it to maximize throughput and minimize latency using a single channel throughout a building, but I still wonder about the aggregate capacity when compared to a more traditional and well-implemented overlapping cell design that leverages all available spectrum. As long as your primary goal is coverage rather than capacity, this is an excellent solution, but the whole discussion of resnet wireless is more of a capacity issue and I'm guessing that low-latency roaming won't be a big issue in the short term since resnet users are more nomadic than mobile. Meru has been doing some interesting work with multi-radio AP's that should allow them to enhance overall system capacity but I don't think any of those products are available today. dm -Original Message- From: Phil Raymond [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 10:41 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Interesting discussion ongoing... I work to remain agnostic in regards to WLAN vendors, but I do consider Meru
RE: [WIRELESS-LAN] Wireless-only Dorms?
Meru does not use PCF, but does use virtual carrier sense as their main mechanism to control access to the medium. Frank -Original Message- From: Michael Griego [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 11:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? All of the issues listed here are great examples of the complex nature of designing an 802.11 environment with such stringent requirements. With only 3 channels, even if you plan very carefully and precisely control the output power of your APs, you're going to get channel overlap. This will further reduce your capacity due to the inherent collisions/retransmissions. Especially when you factor in the client devices. A client device transmitting on a channel will force any other device operating on the same channel that can hear it (APs included if course) to wait on it to complete its transmission before it can commence. So, you have to realize that, even though 2 APs may not be able to hear each other, a client card between them that can hear both of them will tie up available bandwidth on BOTH APs while it is transmitting. Further complicating matters is a situation where two clients connected to two different APs on the same channel can hear each other but not both APs. In such a circumstance, client 1 and the AP 2 (the AP client 2 is connected) may transmit simultaneously. When this happens the signals will interfere with each other upon reaching client 2, causing client 2 to be unable to decode the packet, forcing AP 2 to retransmit the packet. Complicated indeed! Guaranteeing signal strengh and bandwidth alotments is extremely difficult. And, this totally ignores the problems inherent with outside interference or the fact that the environment (bookshelves, etc) change on a regular basis, possibly forcing you to revisit your ever-so-finely-tuned RF plan. Interestingly enough, all these issues are also extremely relevant if you're interested in looking to deploy any sort of VoIP/WiFi (VoFi). I'd suggest that, if you're truly interested in providing coverage/bandwidth that takes a lot of these issues into account, you might want to take a look at the Meru Virtual AP architecture. The controllers in these systems keep track of every 802.11 device each AP can here and employ a pretty darn impressive scheduling algorithm for getting the most out of the available channel capacity. Not only that, but they actually control when clients are allowed to transmit, further removing unknowns from the RF use equations and improving channel usage and capacity. I believe they do this using the PCF, or Point Coordination Function, in the 802.11 spec... I've not seen any other wireless switch system that makes use of it near to the level that the Meru system does. It's pretty cool. We're in the process of deploying Meru as our second generation wireless overlay here at UTD, mainly to decrease the need for complex channel planning, individual AP configuration, and to support a future VoFi implementation. --Mike Phil Raymond wrote: If someone forced me to assign a rule of thumb at this high level, I would assign a conservative data rate of 1 Mbps to each student as a requirement. For an 802.11g ONLY network running at the highest data rate (aka strongest signal) using enterprise class AP's (data thruput does vary between AP vendors, be careful here), you should expect to get 15-20 Mbps of upper layer thruput per AP. That would yield 15-20 students per AP. For 802.11a, this will probably hold. For 802.11g, due to the limit of 3 channels, you will get an overall reduction in capacity due to shared bandwidth between AP's in a densely deployed AP environment. Also, this assumes that you design the network for the highest signal strength - a very important point. In most instances this won't be possible due to the environment. Thus I would reduce the available bandwidth by 33% and say that 10Mbps is available. Hence I would go with the low end of 10Mbps available per AP. To take this to a lower level of analysis, I would want to know what applications the students would be running. Perhaps you use the analogy of a low end DSL connection that provides 768Kbps downlink and 128kbps uplink. Then you stick with the 1 Mbps/student and assume it supports most if not all applications they will use. You might also consider a swag at peak operating times (evenings) and assume ~50% of the available students are online (simple queuing theory assumption). Then you could say that a single AP would cover minimally 20 students. There is my rule of thumb at this high level. I would consider it conservative if you design the network properly. In a typical dorm with a lot of walls (and bookcases...), you will probably find that your coverage requirements and capacity requirements will be in alignment (and thus balanced). What I mean
RE: [WIRELESS-LAN] Wireless-only Dorms?
It's fairly easy to understand how the scheduling capabilities of Meru allow it to maximize throughput and minimize latency using a single channel throughout a building, but I still wonder about the aggregate capacity when compared to a more traditional and well-implemented overlapping cell design that leverages all available spectrum. As long as your primary goal is coverage rather than capacity, this is an excellent solution, but the whole discussion of resnet wireless is more of a capacity issue and I'm guessing that low-latency roaming won't be a big issue in the short term since resnet users are more nomadic than mobile. Meru has been doing some interesting work with multi-radio AP's that should allow them to enhance overall system capacity but I don't think any of those products are available today. dm -Original Message- From: Phil Raymond [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 10:41 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Interesting discussion ongoing... I work to remain agnostic in regards to WLAN vendors, but I do consider Meru a leader in developing/enabling 802.11 technologies. Frank is correct in that they use the NAV to holdoff data clients while voice handsets gain airtime access (even tho they don't know it). This combined with their holistic view of the network and flat channel architecture (enables very fast roaming) certainly has its advantages. Until 802.11e/r becomes prevalent in handsets these mechanisms will serve its purpose because don't forget - 802.11 was never made to handle voice clients. But that will change over the next 2-3 years as cellular mechanisms are adopted into the WLAN via IEEE 802.11k/v, etc. -Original Message- From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 9:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Meru does not use PCF, but does use virtual carrier sense as their main mechanism to control access to the medium. Frank -Original Message- From: Michael Griego [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 11:47 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? All of the issues listed here are great examples of the complex nature of designing an 802.11 environment with such stringent requirements. With only 3 channels, even if you plan very carefully and precisely control the output power of your APs, you're going to get channel overlap. This will further reduce your capacity due to the inherent collisions/retransmissions. Especially when you factor in the client devices. A client device transmitting on a channel will force any other device operating on the same channel that can hear it (APs included if course) to wait on it to complete its transmission before it can commence. So, you have to realize that, even though 2 APs may not be able to hear each other, a client card between them that can hear both of them will tie up available bandwidth on BOTH APs while it is transmitting. Further complicating matters is a situation where two clients connected to two different APs on the same channel can hear each other but not both APs. In such a circumstance, client 1 and the AP 2 (the AP client 2 is connected) may transmit simultaneously. When this happens the signals will interfere with each other upon reaching client 2, causing client 2 to be unable to decode the packet, forcing AP 2 to retransmit the packet. Complicated indeed! Guaranteeing signal strengh and bandwidth alotments is extremely difficult. And, this totally ignores the problems inherent with outside interference or the fact that the environment (bookshelves, etc) change on a regular basis, possibly forcing you to revisit your ever-so-finely-tuned RF plan. Interestingly enough, all these issues are also extremely relevant if you're interested in looking to deploy any sort of VoIP/WiFi (VoFi). I'd suggest that, if you're truly interested in providing coverage/bandwidth that takes a lot of these issues into account, you might want to take a look at the Meru Virtual AP architecture. The controllers in these systems keep track of every 802.11 device each AP can here and employ a pretty darn impressive scheduling algorithm for getting the most out of the available channel capacity. Not only that, but they actually control when clients are allowed to transmit, further removing unknowns from the RF use equations and improving channel usage and capacity. I believe they do this using the PCF, or Point Coordination Function, in the 802.11 spec... I've not seen any other wireless switch system that makes use of it near to the level that the Meru system does. It's pretty cool. We're in the process of deploying Meru as our
Re: [WIRELESS-LAN] Wireless-only Dorms?
I would be interested as well. We have the access points and will probably install them over the winter break. Michael H. Bean PC Technician Information Services University of Saint Mary 4100 South 4th Street Leavenworth, KS 66048 682-5151 ext. 6999 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] 11/9/2005 6:50 AM Wondering if anybody is moving forward with residential halls that are 100% wireless only, with no wired connectivity. If so, how is it working out? Regards- Lee Badman Lee H. Badman Network Engineer CWSP, CWNA (CWNP011288) Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless-only Dorms?
Theresa is absolutely correct. Installing wireless only dorms to students that expect and are used to broadband wired access is not trivial and requires careful planning and policy setting. A typical 802.11b AP is analogous to a half duplex 10 Mbps ethernet connection from yesteryear... However, the value of having broadband wireless access has many advantages and if done right will be the envy of other students. Not being tethered to a wall jack while gaming or internet/research access, or using wireless skype handsets for near toll free calling is very appealing to students. The initial design needs to consider coverage AND capacity. What applications multiplied by the number of users will dictate the capacity (high BW requirement app's such as gaming or music/video streaming, VoWLAN, etc). Generally, designing for capacity in high BW environments will yield good coverage, and any remaining coverage holes can be filled after a good site survey analysis. Setting and managing a good policy is also important. Security and access measures, support for 802.11a/g limiting 802.11b access, permitted hardware (everyone's lives will be easier if you only allow enterprise class wireless NIC's), etc. The ironic part is that if you do provide wired access, you can expect that students will plug in their own AP's, which is probably the biggest security threat (insecure rogue AP's creating network holes). It can be done, but it is not trivial and the more planning and upfront work done will reduce headaches in the future. Since you are probably enticed by the thought of 802.11n, it is not a good solution until the standard is released and enterprise class AP's are available (2 years away?). The devices today are NOT enterprise class and are not standards compliant. If you limit the WLAN to 802.11a/g only, you will have multiplied your capacity several times over an 802.11b network and be taking advantage of all that BW at 5 Ghz... My two cents... -Original Message- From: Theresa M Rowe [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 8:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? We have wireless-only dorms. We have more complaints from those areas than we do from our new student apartments, which are a mix of wire and wireless. There are issues. First, you need greater density of wireless access points than you do in other campus areas. Student build lofts and have bookcases, and there are lots of corners that all add up to problematic coverage. Students like to play games and do other kinds of high bandwidth activities that are not necessarily compatible with shared bandwidth access points. Students expect wireless in their living area to perform like the cable modem or DSL they had at home. You have to have strong messaging about the right network cards for your environment. You need to have a strong replacement cycle. We are on our second generation and we find that student appetite for bandwidth creates technical obsolescence for wireless faster than wired ports. All the other problems we have are more related to insatiable bandwidth appetite more than wireless. Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Wireless-only Dorms?
Phil Raymond wrote: The initial design needs to consider coverage AND capacity. Phil (and others), Have you got a rule of thumb for the number of students per G access point in a college dorm? Larry Press ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless-only Dorms?
If someone forced me to assign a rule of thumb at this high level, I would assign a conservative data rate of 1 Mbps to each student as a requirement. For an 802.11g ONLY network running at the highest data rate (aka strongest signal) using enterprise class AP's (data thruput does vary between AP vendors, be careful here), you should expect to get 15-20 Mbps of upper layer thruput per AP. That would yield 15-20 students per AP. For 802.11a, this will probably hold. For 802.11g, due to the limit of 3 channels, you will get an overall reduction in capacity due to shared bandwidth between AP's in a densely deployed AP environment. Also, this assumes that you design the network for the highest signal strength - a very important point. In most instances this won't be possible due to the environment. Thus I would reduce the available bandwidth by 33% and say that 10Mbps is available. Hence I would go with the low end of 10Mbps available per AP. To take this to a lower level of analysis, I would want to know what applications the students would be running. Perhaps you use the analogy of a low end DSL connection that provides 768Kbps downlink and 128kbps uplink. Then you stick with the 1 Mbps/student and assume it supports most if not all applications they will use. You might also consider a swag at peak operating times (evenings) and assume ~50% of the available students are online (simple queuing theory assumption). Then you could say that a single AP would cover minimally 20 students. There is my rule of thumb at this high level. I would consider it conservative if you design the network properly. In a typical dorm with a lot of walls (and bookcases...), you will probably find that your coverage requirements and capacity requirements will be in alignment (and thus balanced). What I mean by that is that you will find that in order to provide a good signal in a dorm environment you will need to place a denser AP deployment (due to the thick walls, etc.). This means that as a consequence your capacity will also be increased due to the denser deployment. Other factors not considered here are the use of client cards. Performance between different manufacturers (you get what you pay for) will vary. Some cards will be noisy and interfere, others will have higher SNR requirements, etc. Hope this helps and not confuses - as I said, it is not a trivial subject. -Original Message- From: Larry Press [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Phil Raymond wrote: The initial design needs to consider coverage AND capacity. Phil (and others), Have you got a rule of thumb for the number of students per G access point in a college dorm? Larry Press ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless-only Dorms?
The other factor that shouldn't be ignored is the role that clients play in contributing to co-channel interference issues in dense deployment WLANs. It's relatively easy (albeit expensive) to design micro-cell AP configurations that maximize per-user bandwidth by reducing power output on the AP. However, it's much tougher to control power output at the client, both because some client adapters/drivers do not support this capacility and also because you need to touch the clients in order to do so. This problem is mitigated somewhat by the asymetrical nature of most client communications (more downstream than upstream bandwidth consumption) though this is beginning to change with more and more PtP applications. Also, while this problem wasn't as great an issue in the past when PC-Cards were used on notebook computers, the enhanced wireless capabilities of the latest notebook computer designs -- especially the quality of embedded antennas -- has the effect of making notebooks more powerful RF radiators. The other point I would make with respect to capacity is that it is essential to take advantage of all available spectrum. That means implementing multi-band abg access points and -- this is a tough part -- getting users to purchase notebooks with abg support. Although notebook manufacturers don't like to disclose numbers, I believe well over 85% of notebooks still ship with bg rather than abg interfaces, even though the incremental cost of abg is minimal. The good news is that it's not essential to get all of your users on 11a, but moving a significant portion of them makes performance better for everyone. dm -Original Message- From: Metzler, David [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 12:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Nice synopsis, Phil. I would add that the issue about bandwidth overlap in densly populated areas can be partially mitigated by making sure you select a vendor that has the ability to automatically decrease power to reduce overlap. Some do this, some don't. -Original Message- From: Phil Raymond [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 8:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? If someone forced me to assign a rule of thumb at this high level, I would assign a conservative data rate of 1 Mbps to each student as a requirement. For an 802.11g ONLY network running at the highest data rate (aka strongest signal) using enterprise class AP's (data thruput does vary between AP vendors, be careful here), you should expect to get 15-20 Mbps of upper layer thruput per AP. That would yield 15-20 students per AP. For 802.11a, this will probably hold. For 802.11g, due to the limit of 3 channels, you will get an overall reduction in capacity due to shared bandwidth between AP's in a densely deployed AP environment. Also, this assumes that you design the network for the highest signal strength - a very important point. In most instances this won't be possible due to the environment. Thus I would reduce the available bandwidth by 33% and say that 10Mbps is available. Hence I would go with the low end of 10Mbps available per AP. To take this to a lower level of analysis, I would want to know what applications the students would be running. Perhaps you use the analogy of a low end DSL connection that provides 768Kbps downlink and 128kbps uplink. Then you stick with the 1 Mbps/student and assume it supports most if not all applications they will use. You might also consider a swag at peak operating times (evenings) and assume ~50% of the available students are online (simple queuing theory assumption). Then you could say that a single AP would cover minimally 20 students. There is my rule of thumb at this high level. I would consider it conservative if you design the network properly. In a typical dorm with a lot of walls (and bookcases...), you will probably find that your coverage requirements and capacity requirements will be in alignment (and thus balanced). What I mean by that is that you will find that in order to provide a good signal in a dorm environment you will need to place a denser AP deployment (due to the thick walls, etc.). This means that as a consequence your capacity will also be increased due to the denser deployment. Other factors not considered here are the use of client cards. Performance between different manufacturers (you get what you pay for) will vary. Some cards will be noisy and interfere, others will have higher SNR requirements, etc. Hope this helps and not confuses - as I said, it is not a trivial subject. -Original Message- From: Larry Press [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS
Re: [WIRELESS-LAN] Wireless-only Dorms?
between different manufacturers (you get what you pay for) will vary. Some cards will be noisy and interfere, others will have higher SNR requirements, etc. Hope this helps and not confuses - as I said, it is not a trivial subject. -Original Message- From: Larry Press [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 9:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? Phil Raymond wrote: The initial design needs to consider coverage AND capacity. Phil (and others), Have you got a rule of thumb for the number of students per G access point in a college dorm? Larry Press ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Wireless-only Dorms?
I believe that http://www.extricom.com/ does almost the same thing that Meru does. Has anyone compared/contrasted the two? Jamie A. Stapleton CBSi - Connecting your problems with solutions. FlexiCall: (804) 412-1601 Facsimile: (804) 412-1611 -Original Message- From: Michael Griego [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 12:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? All of the issues listed here are great examples of the complex nature of designing an 802.11 environment with such stringent requirements. With only 3 channels, even if you plan very carefully and precisely control the output power of your APs, you're going to get channel overlap. This will further reduce your capacity due to the inherent collisions/retransmissions. Especially when you factor in the client devices. A client device transmitting on a channel will force any other device operating on the same channel that can hear it (APs included if course) to wait on it to complete its transmission before it can commence. So, you have to realize that, even though 2 APs may not be able to hear each other, a client card between them that can hear both of them will tie up available bandwidth on BOTH APs while it is transmitting. Further complicating matters is a situation where two clients connected to two different APs on the same channel can hear each other but not both APs. In such a circumstance, client 1 and the AP 2 (the AP client 2 is connected) may transmit simultaneously. When this happens the signals will interfere with each other upon reaching client 2, causing client 2 to be unable to decode the packet, forcing AP 2 to retransmit the packet. Complicated indeed! Guaranteeing signal strengh and bandwidth alotments is extremely difficult. And, this totally ignores the problems inherent with outside interference or the fact that the environment (bookshelves, etc) change on a regular basis, possibly forcing you to revisit your ever-so-finely-tuned RF plan. Interestingly enough, all these issues are also extremely relevant if you're interested in looking to deploy any sort of VoIP/WiFi (VoFi). I'd suggest that, if you're truly interested in providing coverage/bandwidth that takes a lot of these issues into account, you might want to take a look at the Meru Virtual AP architecture. The controllers in these systems keep track of every 802.11 device each AP can here and employ a pretty darn impressive scheduling algorithm for getting the most out of the available channel capacity. Not only that, but they actually control when clients are allowed to transmit, further removing unknowns from the RF use equations and improving channel usage and capacity. I believe they do this using the PCF, or Point Coordination Function, in the 802.11 spec... I've not seen any other wireless switch system that makes use of it near to the level that the Meru system does. It's pretty cool. We're in the process of deploying Meru as our second generation wireless overlay here at UTD, mainly to decrease the need for complex channel planning, individual AP configuration, and to support a future VoFi implementation. --Mike Phil Raymond wrote: If someone forced me to assign a rule of thumb at this high level, I would assign a conservative data rate of 1 Mbps to each student as a requirement. For an 802.11g ONLY network running at the highest data rate (aka strongest signal) using enterprise class AP's (data thruput does vary between AP vendors, be careful here), you should expect to get 15-20 Mbps of upper layer thruput per AP. That would yield 15-20 students per AP. For 802.11a, this will probably hold. For 802.11g, due to the limit of 3 channels, you will get an overall reduction in capacity due to shared bandwidth between AP's in a densely deployed AP environment. Also, this assumes that you design the network for the highest signal strength - a very important point. In most instances this won't be possible due to the environment. Thus I would reduce the available bandwidth by 33% and say that 10Mbps is available. Hence I would go with the low end of 10Mbps available per AP. To take this to a lower level of analysis, I would want to know what applications the students would be running. Perhaps you use the analogy of a low end DSL connection that provides 768Kbps downlink and 128kbps uplink. Then you stick with the 1 Mbps/student and assume it supports most if not all applications they will use. You might also consider a swag at peak operating times (evenings) and assume ~50% of the available students are online (simple queuing theory assumption). Then you could say that a single AP would cover minimally 20 students. There is my rule of thumb at this high level. I would consider it conservative if you design the network properly. In a typical dorm with a lot of walls (and bookcases...), you will probably find
RE: [WIRELESS-LAN] Wireless-only Dorms?
We have indeed reviewed both products. Currently we are a Meru user with nearly 150 AP's online. Since then we continue to monitor what similar technologies are emerging. In essence they are both similar, however there are key differences. The key differences are: The Extricom product doesn't operate at a full 100mW of power as most vendors, they run at 17dB according to their spec sheet. It also appears that the Extricom APs must connect directly to their switch and that they don't have seamless roaming from one switch to the next. *this is one where clarification is needed but based on their sheets and what I read from other sources* I am looking to find out if their switch operates as a centralized mac, it is a common solution for people trying to execute this architecture but would mean that all ap on a single switch would share bandwidth. We have been quite pleased with Meru from a user density and bandwidth perspective. Mike Mike Ruiz, ESSE ACP A+ Network and Systems Engineer Hobart and William Smith Colleges -Original Message- From: Jamie A. Stapleton [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 12:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? I believe that http://www.extricom.com/ does almost the same thing that Meru does. Has anyone compared/contrasted the two? Jamie A. Stapleton CBSi - Connecting your problems with solutions. FlexiCall: (804) 412-1601 Facsimile: (804) 412-1611 -Original Message- From: Michael Griego [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 12:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Wireless-only Dorms? All of the issues listed here are great examples of the complex nature of designing an 802.11 environment with such stringent requirements. With only 3 channels, even if you plan very carefully and precisely control the output power of your APs, you're going to get channel overlap. This will further reduce your capacity due to the inherent collisions/retransmissions. Especially when you factor in the client devices. A client device transmitting on a channel will force any other device operating on the same channel that can hear it (APs included if course) to wait on it to complete its transmission before it can commence. So, you have to realize that, even though 2 APs may not be able to hear each other, a client card between them that can hear both of them will tie up available bandwidth on BOTH APs while it is transmitting. Further complicating matters is a situation where two clients connected to two different APs on the same channel can hear each other but not both APs. In such a circumstance, client 1 and the AP 2 (the AP client 2 is connected) may transmit simultaneously. When this happens the signals will interfere with each other upon reaching client 2, causing client 2 to be unable to decode the packet, forcing AP 2 to retransmit the packet. Complicated indeed! Guaranteeing signal strengh and bandwidth alotments is extremely difficult. And, this totally ignores the problems inherent with outside interference or the fact that the environment (bookshelves, etc) change on a regular basis, possibly forcing you to revisit your ever-so-finely-tuned RF plan. Interestingly enough, all these issues are also extremely relevant if you're interested in looking to deploy any sort of VoIP/WiFi (VoFi). I'd suggest that, if you're truly interested in providing coverage/bandwidth that takes a lot of these issues into account, you might want to take a look at the Meru Virtual AP architecture. The controllers in these systems keep track of every 802.11 device each AP can here and employ a pretty darn impressive scheduling algorithm for getting the most out of the available channel capacity. Not only that, but they actually control when clients are allowed to transmit, further removing unknowns from the RF use equations and improving channel usage and capacity. I believe they do this using the PCF, or Point Coordination Function, in the 802.11 spec... I've not seen any other wireless switch system that makes use of it near to the level that the Meru system does. It's pretty cool. We're in the process of deploying Meru as our second generation wireless overlay here at UTD, mainly to decrease the need for complex channel planning, individual AP configuration, and to support a future VoFi implementation. --Mike Phil Raymond wrote: If someone forced me to assign a rule of thumb at this high level, I would assign a conservative data rate of 1 Mbps to each student as a requirement. For an 802.11g ONLY network running at the highest data rate (aka strongest signal) using enterprise class AP's (data thruput does vary between AP vendors, be careful here), you should expect to get 15-20 Mbps of upper layer thruput per AP. That would yield 15-20 students per AP. For 802.11a, this will probably hold