Philippe,
We do not use EAP-TLS, but we do have a trusted CA for our PKI.
We use Verizon's OmniRoot SSL Server Certificate service.
http://cybertrust.omniroot.com/
The CA is authorized to generate certs for our domain (lberty.edu) only and
cannot have sub-CAs.
I do not know if it would
They can request a wired drop.
Bruce
-Original Message-
From: Matthew Gracie [mailto:grac...@canisius.edu]
Sent: Thursday, February 17, 2011 8:04 AM
Subject: Re: Wireless Printers/Wi-Fi Direct, couple of other devices
On 02/17/2011 07:45 AM, Osborne, Bruce W wrote:
One of the big
Constituent Group Listserv
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
[bosbo...@liberty.edu]
Sent: Thursday, February 17, 2011 7:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless Printers/Wi-Fi Direct, couple of other
devices
One of the big savings
One of the big savings for wireless is to move areas to all wireless.,
minimizing the wired drops switches. We have a couple of office areas with
wireless desktops and we have a couple of wireless printers. We do not support
student wireless printers, though. We are also seeing large interest
The Samsung Captivate may have been running Android 2.1 I had one for a short
while. It seems to use the class subnet mask. Most network utilities show the
correct mask, but the network stack uses an incorrect one. You need to use a
program like Terminal or ConnectBot to get a command prompt on
to this limitation/document ?
Loc
UCSF Medical Center
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W
Sent: Saturday, January 22, 2011 3:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Cc: Osborne, Bruce W
Subject: Re: [WIRELESS-LAN] Link LDAP groups to Separate SSIDs for
Authentication
While you are correct about the 1500 result limit, this shouldn't be an issue
with wireless authentication as the radius server will only query
At Liberty University, we are using some of Aruba's RAP-5WN Access points to
provide Wi-Fi for scamming student IDs on our intramural athletic fields. The
access point is battery powered and uses a 3G cellular data modem to tunnel
back to one of our wireless controllers. We house this solution
]
Sent: Thursday, November 18, 2010 7:34 AM
Subject: Re: DAS; are your happy with the DAS installation?
On Thu, 2010-11-18 at 07:14 -0500, Osborne, Bruce W wrote:
What are you talking about? Many different things use the TLA (tree
letter acronym) DAS.
Data Analysis System
Dynamic Animation
What are you talking about? Many different things use the TLA (tree letter
acronym) DAS.
Data Analysis System
Dynamic Animation Systems
Direct Attached Storage
DAS Keyboard
Denver Astronomical Society??
Please choose one :)
From: Nicholas Urrea [mailto:urr...@uchastings.edu]
Sent: Wednesday,
Jay,
Many Aruba customers have been watching this thread. Where id you disable ARP
spoofing?
Is Aruba planning a patch to allow these clienst, even with Prohibit ARP
Spoofing enabled?
Thanks,
Bruce Osborne
Liberty University
From: McNealy, Justin S
Lee,
Perhaps you could setup the LDAP server as an external database for ACS and let
ACS provide the RADIUS needed for 802.1x.
Bruce Osborne
Liberty University
From: Lee H Badman [mailto:lhbad...@syr.edu]
Sent: Tuesday, October 12, 2010 4:01 PM
Subject: Re: Active Directory and LDAP at the
Gareth,
How do you handle multiple RADIUS servers for redundancy?
We have our own CA trusted by GTE OmniRoot (http://cybertrust.omniroot.com/) so
we just setup to trust them as the root CA. We will be deploying 802.1x, trust
OmniRoot only, not prompt for other certificates. We have 2 RADIUS
Very useful information, James.
The most interesting quote from the second link is this:
===
The partial fix for getting Android 2.2 to connect to 802.1x secured network on
Aruba Aps was to disable 'Wireless Multimedia U-APSD (WMM-UAPSD) Powersave' in
the advanced properties of the SSID
Could these possibly be counterfeits from the OEM?
Just a thought...
From: Lee H Badman [lhbad...@syr.edu]
Sent: Saturday, September 25, 2010 9:31 PM
Subject: Re: Macbooks with odd Airport MAC addresses
Wow- that's one to get a picture of!
According to my research , zigbee (802.15.4) is a mesh topology restricted to
1mW maximum. It is meant for short ranges, but farther than Bluetooth.
Our school is currently evaluating zigbee wireless thermostats for HVAC
management.
Bruce Osborne
Network Engineer - Wireless NAC
Liberty
, 2010 11:23 AM
To: Osborne, Bruce W. (NS); WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Vendors contacting list's participants...
Bruce,
I take the approach that if I see someone posting here about an issue with a
vendor's equipment, and I have a vendor resource that may
Anthony,
Justin Hao mentioned secondary interfaces on the vlan. This sound much like
Aruba's vlan pooling.
With Aruba's solution, the client is assigned a vlan based on a hash of their
mac address. They could then roam to any of your areas and keep their same ip
address.
Just another
, because the one printed on the
wireless adapter is not used.
Matt Barber
Network and Systems Manager
Morrisville State College
315-684-6053
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS)
Sent: Sunday
Here is a response I received from Aruba Engineering:
Bruce,
I have heard this from some of my other customers as well. The basic issue
comes down to the physical properties of the 5GHz wave vs. the 2.4GHz. The
lower frequency (2.4) will be able to travel through air and walls and even
bend
Here is an explanation from Aruba Engineering:
Bruce,
Both the 125 and the 105 have 2 spatial streams.
The 2x2 vs 3x3 is the MIMO antenna configuration. #of transit antennas (Tx) by
the # of receive (Rx) antennas.
There is also a 3rd metric (the spatial stream) it is represented by 3x3x2 or
I am curious. What issue were you seeing with the 7925g phones?
Thanks,
Bruce Osborne
Liberty University
-Original Message-
From: Mike King [mailto:m...@mpking.com]
Sent: Tuesday, August 03, 2010 7:41 AM
Subject: Re: Cisco Wireless Controller Software Advisory
For all those playing at
] On Behalf Of Osborne, Bruce W. (NS)
Sent: Wednesday, June 30, 2010 5:31 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] blocking broadcast/multicast?
Marcelo,
You need to be careful blocking broadcasts, or you may need to statically
Marcelo,
You need to be careful blocking broadcasts, or you may need to statically set
ip addresses on all your clients. DHCP uses broadcast.
We are an Aruba shop. On our normal data SSIDs we set Drop Broadcast and
Multicast and Convert Broadcast ARP requests to unicast On our high speed
On Jun 26, 2010, at 3:09 AM, Osborne, Bruce W. (NS) wrote:
Dennis,
We moved from Cisco NAC to Bradford a couple of years ago. We set
up our system based on MAC address authentication. The client only
needs to register once per semester. Our main user complaint with
Cisco NAC was the need
Dennis,
I believe they use DHCP finngerprinting in addition to the user agent. Except
for game consoles, the user does not enter the mac address into the web page.
For game consoles, the server must have seen the mac address on the network.
The mac address vendor mac prefix also must have been
Dennis,
We moved from Cisco NAC to Bradford a couple of years ago. We set up our
system based on MAC address authentication. The client only needs to register
once per semester. Our main user complaint with Cisco NAC was the need to login
to NAC every time the connected to the network. If
Lee,
We here at Liberty University have found the Dell wireless kit here works best
for us:
http://accessories.us.dell.com/sna/products/VoIP_Telephony/productdetail.aspx?c=usl=ens=dhscs=19sku=430-2757
Bruce Osborne
Network Engineer
Liberty University
From: Lee H Badman
Philippe,
Actually that looks like it could be an explosive environment. The Aruba AP-85
is designed to function in explosive environments.
Bruce Osborne
Liberty University
-Original Message-
From: Philippe Hanset [mailto:phan...@utk.edu]
Sent: Monday, April 12, 2010 3:57 PM
Subject:
Although you may be tempted to skip some licensing, I find Aruba's Policy
Enforcement Firewall indispensible for the features control you get as an
administrator.
Bruce Osborne
Liberty University
-Original Message-
From: Patrick Goggins [mailto:pgogg...@carrollu.edu]
Sent: Friday,
My understanding is that WEP TKIP are not allowed in the 802.11n standard.
Only open or AES.
Bruce Osborne
Liberty University
-Original Message-
From: Cortes, Diana [mailto:dcor...@miami.edu]
Sent: Wednesday, December 30, 2009 11:06 AM
Subject: Re: Encryption and Authentication
If I
Frank,
We have running Aruba's centralized 802.11n solution here at Liberty University
for the past year. Early on, there were some stability scalability issues,
but they have been resolved.
I know that this summer, during our testing for Video over wireless, we had 20
clients simultaneously
Pablo,
We here at Liberty University recently migrated to Aruba's 802.11n solution. I
am sure that we have a larger, more complex deployment than you have, but Aruba
has solutions for various sized deployments.
Aruba's technical support is dedicated, thorough, and very customer focused. If
a
Liberty University has been primarily using Airwave too. If there is only one
MAC address missing, Aruba ECS / Bradford Campus Manager cam alert too.
Bruce Osborne
Liberty University
From: Justin Hao [mailto:j...@tamu.edu]
Sent: Tuesday, December 08, 2009 12:17 PM
Subject: Re: Stolen Wireless
Bruce,
We here at Liberty University have just finished moving our wireless ^ NAC.
Our old system used Cisco 1231 802.11b/g autonomous APs, WLSE (attempted)
Cisco Clean Access.
We evaluated tested our options for more than a year. The major vendor
offerings that we evaluated in depth were
Mike,
I am not sure what capabilities are available there. I will check and get back
to you with an answer.
Bruce
From: Whitlow, Michael [mailto:mwhit...@bumail.bradley.edu]
Sent: Thursday, November 12, 2009 12:14 PM
To: Osborne, Bruce W. (NS); WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: RE
Osborne
Liberty University
From: Osborne, Bruce W. (NS)
Sent: Thursday, November 12, 2009 12:39 PM
To: Whitlow, Michael; WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Cc: Osborne, Bruce W. (NS)
Subject: RE: Cisco WISM - what do you think?
Mike,
I am not sure what capabilities are available there. I will check
Jason,
We here at Liberty University were also looking for a scalable bandwidth
management solution. We needed integration swith our Aruba ECS / Bradford
Campus Manager NAC solution.
We evaluated both the Allot NetEnforcer and the Procera PacketLogic solutions.
The Allot solution was almost
Jamie,
Here at Liberty University, currently separate Guest users to their own,
bandwidth-limited SSID that is tunneled out to a DMA on our firewall. Our
primary user SSIDs are 802.11a/b/g 2.4GHz. 802.11n.
We also have a high speed 5GHz 802.11n SSID. We have eliminated the base
rates below
Unfortunately, at least here in the US, many consumer level laptops are using
802.11b/g/n wireless NICs. They still only have the 2,4GHz radio, so no 300Mbit
speeds :(
So, unfortunately the 2.4GHz 802.11b/g mess will be around for a while.
We have a separate SSID for high speed users that is
Jason,
I wholeheartedly agree. We here at Liberty University spent a year evaluating
wireless NAC solutions. We chose to move from Cisco fat APs Clean Access
to Aruba's wireless ECS NAC solutions.
The real challenge is in dense environments. Meru's single channel becomes
channel stacking
this communication in error, please notify the sender
immediately and then destroy any copies of it.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS)
Sent: zaterdag 25 juli 2009 11:49
Kevin,
Unfortunately I must agree with Manoj. Liberty University has historically been
a Cisco shop. We are completing our move away from CCA.
CCA is primarily designed as a Layer-2 solution, although it may be deployed as
a Layer-3 solution if VRF ( Virtual Routing Forwarding) and PBR
If you are using 802.1q trunks, for the PA ports, the data vlan needs to be
allowed on the trunk.
Switchport port security may limit the number of connecting mac addresses.
I do not think that spanning-tree bpduguard affects these APs
Just a few more areas to check.
Bruce Osborne
Liberty
We here at Liberty University also use Aruba's VLAN pooling with /23 subnets.
In our legacy fat AP system we used /20 subnets and performance was poor.
Bruce Osborne
Liberty University
From: Brooks, Stan [mailto:stan.bro...@emory.edu]
Sent: Wednesday, May 27, 2009 7:00 PM
Subject: Re: Meru and
Matt,
We are looking into selling dual band 11n adapters. Whish ones did you choose?
What about desktop computers? Do you provide any solution for wireless? There
do not seem to be any dual band 11n desktop cards. You can buy adapters and use
some of the laptop cards, though.
Thanks,
Bruce
-6053
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce
W. (NS)
Sent: Saturday, April 25, 2009 5:55 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless-only
Matt,
Are you doing any IPTV?
We currently use the VideoFurnace product. For us to move to wireless-only
dorms, IPTV is a must.
We are working with our vendor's advanced engineering team to have a partial
solution working by this fall. There can be serious cost savings moving to
We tried it here at Liberty University, but turned it off. We found that some
clients that insisted on preferring 802.11g were flapping between 2.4 GHz 5
GHz.
I think that was with ArubaOS 3.3.2.10. The current version is 3.3.2.13. What
version are you guys using?
All our APs are AP-125
I would add the following:
A built-in stateful firewall.
Does the proposed solution interoperate with your existing NAC solution?
QoS for VoIP streaming video.
It is always a very good idea to talk with existing customers for the good,
the bad the ugly.
Bruce Osborne
Network Engineer
]
Sent: Saturday, April 04, 2009 9:32 AM
Subject: Re: Wireless network names
Here, too - open Wi-Fi for the masses? Cringe It's 2009 now - time to lock
it down.
Frank
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce
.
Frank
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS)
Sent: Wednesday, April 01, 2009 6:35 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Wireless network names
Nathan,
We here
Manoj,
We upgraded to 6.2.2 last week. The old data statistics were retained. There
is a bug in the bandwidth graph, though. Airwave now has a separate patch for
that problem. The bandwidth graph may report unusually high data. The patch
corrected that problem.
Bruce Osborne
Network Engineer
Lee,
I understand from Airwave support that they expect to have improved Aruba
management capabilities later this year. A multi-vendor management solution
cannot be expected to manage all vendor platforms equally. The perform the easy
things first and then add more capabilities.
Bruce Osborne
Lee,
Liberty University also uses Airwave in monitor-only mode for our Aruba
controllers.
In the Aruba controller architecture, there is typically one master
controller several local controllers.
The master (This can be an HA pair) allows you to control most of the
configuration from a
Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS)
Sent: Saturday, February 28, 2009 10:09
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aerohive 340AP
Todd,
I'm not sure why you would say that. We now have almost
] On Behalf Of Osborne, Bruce W. (NS)
Sent: Saturday, February 28, 2009 9:09 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aerohive 340AP
Todd,
I'm not sure why you would say that. We now have almost 600 802.11n APs on 3
controllers that are managed centrally from the master
Todd,
I'm not sure why you would say that. We now have almost 600 802.11n APs on 3
controllers that are managed centrally from the master controller. We can
handle up to 500 APs per controller (2000 per chassis). This allows you to
standardize configurations OS versions. We are supplementing
I believe the command is:
wlan virtual-ap Liberty
broadcast-filter arp
Notice this is per virtual-ap
Bruce Osborne
Liberty University
-Original Message-
From: Jason Appah [mailto:jason.ap...@oit.edu]
Sent: Thursday, February 19, 2009 3:43 PM
Subject: Re: Broadcast Flood
Does
401 - 459 of 459 matches
Mail list logo
