Hi Lee, Here are Purdue we've got a fleet of WLCs, mostly WiSM2s from which we're migrating to 8510s. We have one 8510 dedicated to wireless service in our residence halls. It has around 2400 APs joined to it and I've personally seen the concurrent user count reach over 11k during peak hours. It provides 4 SSIDs (not great but could be worse): our main 1x network that we provide everywhere else on campus, one for gaming/media/non-1x devices, eduroam and attwifi. The gaming/media SSID is open with MAC auth and has the most complex setup of all of those.
We use ISE to have the students register their various devices through a portal which then adds it to an identity group that's used in authorization policy. To prevent students from connecting their laptop/phone/tablet/whatever to the gaming/media network we're using a logical profile in ISE. If they do happen to connect something to the gaming/media network that could connect to the 1x network we drop them at a page that instructs them to connect the device to the main 1x network. It works well enough but the biggest headache we've had with it is XBox Ones. Since they profile in ISE as Windows 8 machines most of the time, we've had to manually assign some of them to the XBox One profile we created. Of course that means a request comes through a trouble ticket via our helpdesk or the ever-popular back channels that seem to keep working. Either way, a less than satisfactory user experience. However, by and large the system works well and has seen increased usage as time has gone on (this is the second semester it has been live). We do have AVC enabled on the 1x network but so far /knockonwood we haven't had any problems as a result of that. To answer your original questions though: we haven't had any major issues or disappointments related to the controller. Thanks, -- Brandon Case Senior Network Engineer IT Infrastructure Services Purdue University ca...@purdue.edu Office: (765) 49-67096 Mobile: (765) 421-6259 Fax: (765) 49-46620 PGP Fingerprint: 99CB 02D6 983C 1E2A 015F 205C C7AA E985 A11A 1251 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, October 12, 2015 12:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco WLC w/ ISE and/or Clearpass for Large-Scale Guest Access, MAC exceptions- problems? Hello to the excellent group. I'm dealing with a catastrophic code issue with AVC right now on our 8510s that has me nervous about another feature we plan on using- the tight integration between our WLCs and either ISE, Clearpass, or SafeConnect SE. We currently do all wireless guest access through a 3rd party box that is growing long in the tooth. For those on high-capacity 85xx controllers and using the likes of web redirect/policies on the WLC for guest operations and MAC exceptions, have you run into any WLC code issues that have crippled the service or resulted in organization embarrassment? Any gotchas or disappointments? Thanks- Lee Lee Badman | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
