I agree Lee, certainly production 8.5 you wouldn’t be too keen to go with the first release. We have a dev environment and spare old hardware so I was planning to run it up in the old gear hoping to get to point of potential PRD July 18…. Which is more MR2 time though, we’ll see how quickly that software progresses.
That’s right Nick, the ISE method isn’t exactly the offering we want but hopefully that will progress by the time 8.5 is stable. I’m also hoping other vendors might come to the table, we are a Cloudpath customer and from what I can see they have the framework already to provide a good interface for supporting it…. I’ve put a feature request in but hopefully the Ruckus side doesn’t stop them supporting something like this. One this IPSK would give us now is the ability to change a PSK without a big bang. We need to roll over our PSK’s, while one only has about 50 devices and the other is student accommodation and easily managed over a break it still doesn’t sound fun. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ciesinski, Nick Sent: Wednesday, 2 August 2017 1:04 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco Code Version While WLC 8.5 did add IPSK it is probably safe to say its rather worthless for most at this time. For those who have used ISE if you watch the video on how they make IPSK work it isn’t feasible to give each of your users their own PSK key to connect to wireless. The current implementation within ISE required no feature additions to ISE to make it work. All they do is have a rule to classify a device and/or user and then send a particular PSK value that it should be using. This is a 100% manual process for each device and/or user as nothing is baked into ISE to have a user register their account or device(s) and be presented a PSK to use. Whats there now is good for having multiple PSK’s for different device types or user bases (such as all students) it isn’t that PPSK solution like others have. Hopefully a ISE improvement will come at some point in the near future to allow a true per user PSK experience. Granted using a 3rd party RADIUS server and writing your own interface would allow you issue a PSK per user not everyone has time for that. -- Nick Ciesinski, Network Architect University of Wisconsin - Whitewater Office: MG208A | Phone: 262-472-7774 E-mail: ciesi...@uww.edu<mailto:ciesi...@uww.edu> | SIP: ciesi...@uww.edu<mailto:ciesi...@uww.edu> PGP Key ID: 0x83042F05 -- On Jul 31, 2017, at 11:13 PM, Jason Cook <jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote: Thanks, I am aware it’s any radius server so it seems I identified my issue a bit hastily./… or not at all ☺ It’s been a while since I played with an Aerohive AP but 3 years ago it was so easy to get this up and running on a single AP with different vlans and there’s self-registration as well. There were enterprise concerns about how that scales and redundancy back then and I haven’t followed the progress of that. The radius method means it’s not quite an out of the box solution that was so simple with PPSK, but perhaps this is architecture requirements… I guess it might be that easy if your using ICE. We are pretty keen to use this at some level, ideally with self-rego offering. Using freeradius I’m sure we can achieve this, but ongoing management could become interesting/a fair bit of development for the self-rego. No doubt we’ll look further into it in a couple of months once a few other priorities are ticked off Regards -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Samuel Clements Sent: Tuesday, 1 August 2017 11:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version From the iPSK config guide at: http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_Identity_PSK_Feature_Deployment_Guide.pdf "IPSK can be configured on any AAA serer that supports Cisco av-pair." -Sam This email sent from a mobile computing device. Please excuse typos and brevity. On Jul 31, 2017, at 8:40 PM, Mccormick, Kevin <ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu>> wrote: I just looked at the IPSK video from CIsco here. https://www.youtube.com/watch?v=deEv-aNXfL0 Not 100% sure ISE is required by the sound of the video. They say a radius serve such as ISE, and of course Cisco is going to try and sell you ISE. They are using two Cisco-AV-Pairs which are psk-mode=ascii and psk=<psk key>, along with MAC filtering and AAA override. You maybe able to pass those Cisco-AV-Pairs with any radius server. Kevin McCormick<https://www.youracclaim.com/badges/3aa51624-4156-498d-bf6f-4a61790d54cf/public_url> Network Administrator University Technology - Western Illinois University ke-mccorm...@wiu.edu<mailto:ke-mccorm...@wiu.edu> | (309) 298-1335<tel:3092981335> | Morgan Hall 106b Connect with uTech: Website<http://www.wiu.edu/utech> | Facebook<https://www.facebook.com/uTechWIU> | Twitter<https://twitter.com/WIU_uTech> [http://www.wiu.edu/university_technology/images/signatures/currentimage.jpg] On Mon, Jul 31, 2017 at 6:57 PM, Jason Cook <jason.c...@adelaide.edu.au<mailto:jason.c...@adelaide.edu.au>> wrote: There is a lot of resolved caveats in the 160 release for the 2800/3800 series. We’ve only got a handful of 2800’s operational but a lot to be installed, have hit 1 issue but haven’t identified it with a known bug yet. Despite showing “users connected” to an AP, new users couldn’t join. I certainly couldn’t and you wouldn’t necessarily connect to a neighbouring AP with strong signal. Rebooting the AP resolved it, came across it on 2 out of 16 AP’s last week. Due to impact we couldn’t get right into troubleshooting or logging a case, but intend to if it returns. Hopefully it’s not on critically locate AP’s this time At this stage likely we’ll be testing and migrating to 8.2.160 (from 8.2.151) in the next few weeks Was keen to begin playing with 8.5 with IPSK finally released, but am disappointed with the requirement of ICE(we don’t use) or at least an external radius server providing a not so simple implementation we were hoping for. So that might be on the back burner ☹ -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph : +61 8 8313 4800<tel:+61%208%208313%204800> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Entwistle, Bruce Sent: Tuesday, 1 August 2017 4:16 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version I had seen the comments made by the group during the summer related to bugs and the 2800 APs, so as a precautionary measure we did the upgrade. Bruce Entwistle Network Manager University of Redlands From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Monday, July 31, 2017 11:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version Bruce, Was there anything that you were absolutely hitting, or are you doing the “just in case” thing here? Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003<tel:(315)%20443-3003> f 315.443.4325<tel:(315)%20443-4325> e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu/> SYRACUSE UNIVERSITY syr.edu<http://syr.edu/> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Entwistle, Bruce Sent: Monday, July 31, 2017 2:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Cisco Code Version We completed the upgrade from 8.2.151.0 to 8.2.160.0 this morning. The primary reason for the upgrade was the identified bugs related to the 2800 APs. Bruce Entwistle Network Manager University of Redlands From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of James Helzerman Sent: Monday, July 31, 2017 10:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Cisco Code Version Hi. For those with Cisco access points what code version are planning on running for start of fall semester? At this point we looking at 8.2.151 possibly 8.2.160 but havent tested yet. Thanks -Jimmy -- James Helzerman Wireless Network Engineer University of Michigan - ITS Phone: 734-615-9541<tel:(734)%20615-9541> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.