Are you sure the phone is sending DHCP Discover packets? You mentioned it's not
working on the open SSID, you may want to try connecting the phone to the open
SSID and capture OTA packets to see what it's doing and start from there and
move towards the DHCP server.
-Kanan
From: The EDUCAUSE
One trick with configuring clients: You can configure the client with common
name validation and then validate the root CA. When you have to renew the
certificate, users *shouldn’t* receive any messages because the validation
information in the supplicant remains the same.
The ideal solution
Strangely enough, I just got an email from our Cisco team, and here's what
was sent.
Recommendations for AireOS:
AireOS Release
Mobility Services Engine
Prime Infrastructure
Identity Services Engine
Most WLCs
8.0.140.0 (MR4)
8.0.140.0 (MR4)
3.1.5
2.1.0 (Patch 3)
For 5520/8540
This one hits home for me, going through this now on a certificate expiring and
battling on what to do next.
Most clients don't trust any certificate, even if the device is set to trust
them OS wide (web browser, etc). The wireless / supplicant configuration needs
to be setup to trust
We are currently running a handful of 5508s with 8.0.133.0 and have been stable
for some time with around 400 APs and upwards of 1.5k clients. We also run a
half dozen 5520s with 8.2.141.0 and they have been running solid with around 1k
APs each and upwards of 10k clients. We do not however run
Danny,
Try adding the domain in the profile for which the cert was issued
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton
Sent: Monday, March 13, 2017 12:20 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject:
Hi Eric,
>From what I understand, the reason that even 3rd party certificates fail is
that the clients do not have a trusted radius store as they do with SSL.
That is to say, by default, most clients will not trust any radius
certificate regardless of the issuer.
Some vendors provide an
Couple of things
- Wildcard and EV certificates should never be used for RADIUS
- Keep in mind that EAP server certificate trust is different than system
level certificate trust.
o Even with a public certificate, you will still receive a certificate
prompt on initial
Are you only looking on the DHCP server for the discover? Could a radius
server be returning an option setting an incorrect VLAN or specific ACL for
the client causing it to be dropped at the AP/WLC level? If it's happening
on an open network it'd probably have to be hitting a MAC-based rather
Hi everyone,
I'm looking for thoughts/opinions/experiences on 802.1x and security
certificates. I dug through the archives from a few years ago, and from what I
gather it isn't even possible to use a 3rd-party cert so devices (iOS, OS X,
Windows, Android) trust it automatically, but maybe
It’s set to not validate the radius-server certificate; and like I said, it’s
authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP
server logs.
From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu]
Sent: Monday, March 13, 2017 12:36 PM
To: dannyea...@rice.edu;
If you’re using certs, there’s a setting under CA Certificate that you have
to set as “Do not validate” and it will then DHCP.
I have a Pixel XL and that’s the only way I can get 802.1x working on my
phone.
Shayne
*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
So, I've got one client (1!) who is running Android 7.1.1 and no matter
which network (our 802.1X, eduroam, or even the "open" captive portal SSID)
the user tries to connect into, he gets authenticated (on eduroam and our
802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes
We're using the Assa Abloy IN120 Wi-Fi locks.
We haven't been using them long enough to get a good idea on battery life, but
a number of them have been dying faster than expected, but better monitoring
has helped to minimize the problems from that.
Personally I would not use these locks in
I agree w/ others, in that it all depends on your design & what kind of SLA you
have in place (LOL).
At Drexel, we have roughly 2500 APs & typically see a max between 17K-18K
clients.
We’re running AOS 6.4.3.6 on a total of 6 x 7200 series controllers. 2 x 7210s
configured for Master -
We have a small deployment of Stanley locks for special needs students; they
aren't 802.11 wireless, but are 802.15.4 (on 2.4GHz) wireless. I only bring
this up as it uses dedicated Stanly gateways, and we had to work to minimize
the cross-interference between the two systems.
Thomas Carter
Thanks for the information Bruce. We have the same locks. about 1800 of
them. Some of the batteries are dying quickly. Mostly Bathrooms because
they get the most use. Do you find the Lock antenna to be very powerful?
Brian
On 3/13/17 7:55 AM, Osborne, Bruce W (Network Operations) wrote:
We
We have been using Assa Abloy wireless locks in our newest residences on our
802.1X SSID. The AA batteries do not last as long as advertised. We place Aps
in rooms and the lock wireless antenna is on the insode of the door. Obviously,
rekeying maintenance is reduced. The locks update once a
18 matches
Mail list logo