Lee and friends, We changed several things and are faring very well this move in. With just 6 thousand clients in residence halls we aren't at half way yet. We top around 12 - 14k devices there which should hit before the weekend ends.
- Aruba wireless with new controller code this year (6.5.3.2). Just about one AP per suite same as previous years. - WPA2 enterprise with posture checking and onboarding via Aruba Clearpass (now at 6.6.5) o Big changes here, we used to require our own Symantec endpoint so the onboarding process was captive portal them to feed the Aruba Onguard agent for posture checking and then captive portal to feed them Symantec installer. Now we are allowing a larger list of AV products including Windows Defender and Mac's built in firewall / AV. So, the onboarding is reduced a step and the calls for help is very low this year. Onguard will even auto remediate and enable Defender or builtin firewall if nothing else exists. - WPA2 PSK for other devices still in effect. They pre-register the MAC addresses via Clearpass portal. - Wired 802.1x no change. Still barely anyone connecting devices (~3% wired vs wireless). We reviewed the what if we were 100% wireless and we still needed 95% of the wired switches just to feed those wireless APs. So we keep offering it as an option. - No open wireless except for onboarding guests (also Clearpass) but that's everywhere not just Residence Halls. - No multicast support so printers and IoT things don't usually work. We are working on using Clearpass to limit visibility of those devices just for the users that own them. Aruba has all this functionality available. We are going to test in coming months so we can enable it at a later date. We've purposefully left it off for now not wanting the whole of our enterprise to see and print to some poor students printer. Good luck with start of school everyone! Adam From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, August 25, 2017 9:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Move In/Opening Week- Any Problems? It might be beneficial to share notes in case other schools are hitting common problems. I'm wondering how everyone who is in the thick of it is faring with back-to-school? On this end, we are doing OK halfway to our expected total daily peak clients (we're at 15K now high water mark). Our significant WLAN-related changes since end of Spring semester * Running 8.2.151 on our 8540s * Significant quantities of Wave 2 APs * ISE as RADIUS (only, no NAC, no onboarding) No changes to: * our guest WLAN (Clearpass/an Aruba controller pair) * onboarding (Cloudpath Wiz) * overall topology * open network in dorms for gadgets * non-use of AVC, it crapped out and never got solved after hundreds of hours with TAC Fears: * We haven't yet hit the scale that will reveal problems with any of the newer stuff listed above Anyone else care to share? -Lee Lee Badman | Network Architect Certified Wireless Network Expert (#200) Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
