I’m interested here, greatly… but:
- 8.5 will have to bake thoroughly for us. Not touching it until MR3 or beyond. Zero trust or faith in early WLC code anymore- seems it’s all beta quality at best anymore. - Need to see if Cisco requires more licensing in ISE somehow to enable the feature (we only use ISE for basic RADIUS right now), and what the complexity to implement ends up being. But if it scales, and if it isn’t nonsensically licensed, and if the code that supports it is eventually solid, and if you can use it without getting sucked into an immature, complicated, buggy fabric paradigm, it could be hugely enabling in certain environments. -Lee Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jason Cook Sent: Tuesday, August 01, 2017 12:13 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Code Version Thanks, I am aware it’s any radius server so it seems I identified my issue a bit hastily./… or not at all ☺ It’s been a while since I played with an Aerohive AP but 3 years ago it was so easy to get this up and running on a single AP with different vlans and there’s self-registration as well. There were enterprise concerns about how that scales and redundancy back then and I haven’t followed the progress of that. The radius method means it’s not quite an out of the box solution that was so simple with PPSK, but perhaps this is architecture requirements… I guess it might be that easy if your using ICE. We are pretty keen to use this at some level, ideally with self-rego offering. Using freeradius I’m sure we can achieve this, but ongoing management could become interesting/a fair bit of development for the self-rego. No doubt we’ll look further into it in a couple of months once a few other priorities are ticked off Regards -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements Sent: Tuesday, 1 August 2017 11:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version From the iPSK config guide at: http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf "IPSK can be configured on any AAA serer that supports Cisco av-pair." -Sam This email sent from a mobile computing device. Please excuse typos and brevity. On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin <ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote: I just looked at the IPSK video from CIsco here. https://www.youtube.com/watch?v=deEv-aNXfL0 Not 100% sure ISE is required by the sound of the video. They say a radius serve such as ISE, and of course Cisco is going to try and sell you ISE. They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=<psk key>, along with MAC filtering and AAA override. You maybe able to pass those Cisco-AV-Pairs with any radius server. Kevin McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url> Network Administrator University Technology - Western Illinois University ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 298-1335<tel:3092981335> | Morgan Hall 106b Connect with uTech: Website<http://www.wiu.edu/utech> | Facebook<https://www.facebook.com/uTechWIU> | Twitter<https://twitter.com/WIU_uTech> [http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg] On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook <jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote: There is a lot of resolved caveats in the 160 release for the 2800/3800 series. We’ve only got a handful of 2800’s operational but a lot to be installed, have hit 1 issue but haven’t identified it with a known bug yet. Despite showing “users connected” to an AP, new users couldn’t join. I certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP with strong signal. Rebooting the AP resolved it, came across it on 2 out of 16 AP’s last week. Due to impact we couldn’t get right into troubleshooting or logging a case, but intend to if it returns. Hopefully it’s not on critically locate AP’s this time At this stage likely we’ll be testing and migrating to 8.2.160 (from 8.2.151) in the next few weeks Was keen to begin playing with 8.5 with IPSK finally released, but am disappointed with the requirement of ICE(we don’t use) or at least an external radius server providing a not so simple implementation we were hoping for. So that might be on the back burner ☹ -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800<tel:+61%208%208313%204800> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Entwistle, Bruce Sent: Tuesday, 1 August 2017 4:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version I had seen the comments made by the group during the summer related to bugs and the 2800 APs, so as a precautionary measure we did the upgrade. Bruce Entwistle Network Manager University of Redlands From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, July 31, 2017 11:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version Bruce, Was there anything that you were absolutely hitting, or are you doing the “just in case” thing here? Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003<tel:(315)%20443-3003> f 315.443.4325<tel:(315)%20443-4325> e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu> SYRACUSE UNIVERSITY syr.edu<http://syr.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce Sent: Monday, July 31, 2017 2:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version We completed the upgrade from 8.2.151.0 to 8.2.160.0 this morning. The primary reason for the upgrade was the identified bugs related to the 2800 APs. Bruce Entwistle Network Manager University of Redlands From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman Sent: Monday, July 31, 2017 10:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Cisco Code Version Hi. For those with Cisco access points what code version are planning on running for start of fall semester? At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet. Thanks -Jimmy -- James Helzerman Wireless Network Engineer University of Michigan - ITS Phone: 734-615-9541<tel:(734)%20615-9541> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
