Main Nav

Message from frnkblk@iname.com

http://www.vsuspectator.com/2012/02/02/outage-linked-to-usage/ Looks like VSU had to make some hard choices and is blocking Wi-Fi access by smartphones. Not sure why they couldn't add another RFC 1918 block, but I'm sure there's more going on than the school paper shared. Frank ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from jonn@martell.ca

I agree, the school newspaper only shows it from a user's perspective. "The smartphones are shutting down the network" while it's more "the network has run out of public address space and the use of private address space on this network is _______ " We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
Message from marcelo.lew@du.edu

Smartphones were killing us this quarter. While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected. Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again. With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID. Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets. We are now NOT running out of IPs, at least for a short while. We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this. Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times. Marcelo Lew Wireless Enterprise Administrator University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax:  (303) 871-5900 Email: mlew@du.edu -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell Sent: Thursday, February 02, 2012 9:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues I agree, the school newspaper only shows it from a user's perspective. "The smartphones are shutting down the network" while it's more "the network has run out of public address space and the use of private address space on this network is _______ " We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
Marcelo, The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ? I hope our Cisco BU is listening ;-))) Regards, Loc Pham, CCIE office 415-353-4492 IT Enterprise Security & Services UCSF Medical Center -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew Sent: Thursday, February 02, 2012 10:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues Smartphones were killing us this quarter. While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected. Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again. With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID. Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets. We are now NOT running out of IPs, at least for a short while. We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this. Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times. Marcelo Lew Wireless Enterprise Administrator University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax:  (303) 871-5900 Email: mlew@du.edu -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell Sent: Thursday, February 02, 2012 9:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues I agree, the school newspaper only shows it from a user's perspective. "The smartphones are shutting down the network" while it's more "the network has run out of public address space and the use of private address space on this network is _______ " We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
Assigning smart phones to specific subnets which has short DHCP lease time doesn't seem like a long term or sustainable solution, we are trying to implement PAT on campus wide wireless networks soon to address the public IP shortage challenge, while keep fingers across for the tracking & logging issues.

On the other hand, I am just pondering whether those smart phone really require campus wireless services in the long run, or they'd better off to carrier? I am hoping there will be some in-depth analysis of research on this, especially on the client expectations and costs comparison perspective.

On Wed, 2012-03-07 at 09:57 -0800, Pham, Loc wrote:
Marcelo, The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ? I hope our Cisco BU is listening ;-))) Regards, Loc Pham, CCIE office 415-353-4492 IT Enterprise Security & Services UCSF Medical Center -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew Sent: Thursday, February 02, 2012 10:17 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues Smartphones were killing us this quarter. While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected. Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again. With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID. Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets. We are now NOT running out of IPs, at least for a short while. We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this. Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times. Marcelo Lew Wireless Enterprise Administrator University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax:  (303) 871-5900 Email: mlew@du.edu -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell Sent: Thursday, February 02, 2012 9:22 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues I agree, the school newspaper only shows it from a user's perspective. "The smartphones are shutting down the network" while it's more "the network has run out of public address space and the use of private address space on this network is _______ " We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
Message from cstree2@emory.edu

You do not have to pay extra for the device type identification; however, you do need to be on the 6.x code levels. With the device fingerprinting, you can easily push all the smartphones to a unique dhcp scope with very low lease times. Chad Street - Emory On 3/7/12 12:57 PM, "Pham, Loc" wrote: > Marcelo, > The Aruba feature that allow fingerprint on the devices, do you have to >pay extra for it to be functional ? > > I hope our Cisco BU is listening ;-))) > >Regards, > >Loc Pham, CCIE >office 415-353-4492 >IT Enterprise Security & Services >UCSF Medical Center > >-----Original Message----- >From: The EDUCAUSE Wireless Issues Constituent Group Listserv >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew >Sent: Thursday, February 02, 2012 10:17 AM >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to >address IP usage issues > >Smartphones were killing us this quarter. While we only have 3500-3800 >concurrent daily users, we have about 6500 devices connected. Most of >these extra 3000 devices were smartphones that come online for less than >a minute, and then go idle again. With our 30m DHCP renew times, we were >exhausting our 5500 public IP pool for our main SSID. Instead of moving >to private space (which most likely we will in the near future), we added >6 more class c subnets. We are now NOT running out of IPs, at least for >a short while. We also thought of making the DHCP lease times very short >(like 5 minutes), but our DHCP admin is uncertain what issues might arise >from this. Another option we are thinking about, the new Aruba code >allows fingerprinting devices before they are placed on a subnet, so we >could put all smartphones in specific subnets with short lease times, and >leave the rest of the devices (pads, netbook, notebooks, etc) on regular >subnets with average DHCP lease times. > >Marcelo Lew >Wireless Enterprise Administrator >University Technology Services >University of Denver >Desk: (303) 871-6523 >Cell: (303) 669-4217 >Fax: (303) 871-5900 >Email: mlew@du.edu > > > >-----Original Message----- >From: The EDUCAUSE Wireless Issues Constituent Group Listserv >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell >Sent: Thursday, February 02, 2012 9:22 AM >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to >address IP usage issues > >I agree, the school newspaper only shows it from a user's perspective. > "The smartphones are shutting down the network" while it's more "the >network has run out of public address space and the use of private >address space on this network is _______ " > >We all know the major flaw in using private address space is logging and >tracking but there are solutions to this. Shutting down access (by MAC >block ID?) would not be one of mine. > >Jonn Martell, speaking as a network instructor and Director but not on >behalf of the Universities I work at.... > >
On 03/07/2012 01:17 PM, leo song wrote: > Assigning smart phones to specific subnets which has short DHCP lease time doesn't seem like a long term or sustainable > solution, we are trying to implement PAT on campus wide wireless networks soon to address the public IP shortage > challenge, while keep fingers across for the tracking & logging issues. > > On the other hand, I am just pondering whether those smart phone really require campus wireless services in the long > run, or they'd better off to carrier? Some of us (probably the minority at this point) have lousy cell coverage on campus. > I am hoping there will be some in-depth analysis of research on this, especially > on the client expectations and costs comparison perspective. Certainly from the point of view of the user (student, faculty or staff), it's cheaper to spend less money on a smaller monthly data plan (or none at all?) and try to connect to wifi whenever possible if there's no extra charge from the school (or coffeshop, or ...) for wifi access. ~c > > On Wed, 2012-03-07 at 09:57 -0800, Pham, Loc wrote: >> Marcelo, >> The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ? >> >> I hope our Cisco BU is listening ;-))) >> >> Regards, >> >> Loc Pham, CCIE >> office 415-353-4492 >> IT Enterprise Security& Services >> UCSF Medical Center >> >> -----Original Message----- >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew >> Sent: Thursday, February 02, 2012 10:17 AM >> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues >> >> Smartphones were killing us this quarter. While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected. Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again. With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID. Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets. We are now NOT running out of IPs, at least for a short while. We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this. Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times. >> >> Marcelo Lew >> Wireless Enterprise Administrator >> University Technology Services >> University of Denver >> Desk: (303) 871-6523 >> Cell: (303) 669-4217 >> Fax: (303) 871-5900 >> Email:mlew@du.edu >> >> >> >> -----Original Message----- >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell >> Sent: Thursday, February 02, 2012 9:22 AM >> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues >> >> I agree, the school newspaper only shows it from a user's perspective. >> "The smartphones are shutting down the network" while it's more"the network has run out of public address space and the use of private address space on this network is _______" >> >> We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. >> >> Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at.... >> >>
Message from dannyeaton@rice.edu

And, if you've got AT&T (and the grandfathered unlimited plan), they start to shun you after 2Gb. In addition, there are many providers who have a limited data plan. On 03/07/2012 01:17 PM, leo song wrote: > Assigning smart phones to specific subnets which has short DHCP lease > time doesn't seem like a long term or sustainable solution, we are > trying to implement PAT on campus wide wireless networks soon to address the public IP shortage challenge, while keep fingers across for the tracking & logging issues. > > On the other hand, I am just pondering whether those smart phone > really require campus wireless services in the long run, or they'd better off to carrier? Some of us (probably the minority at this point) have lousy cell coverage on campus. > I am hoping there will be some in-depth analysis of research on this, > especially on the client expectations and costs comparison perspective. Certainly from the point of view of the user (student, faculty or staff), it's cheaper to spend less money on a smaller monthly data plan (or none at all?) and try to connect to wifi whenever possible if there's no extra charge from the school (or coffeshop, or ...) for wifi access. ~c ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from kconnell@ryerson.ca

Chad.... Who is your DHCP server ? Aruba ? I was wondering how you push them to a diff scope ? Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 ----- Original Message ----- From: "Street, Chad A" Date: Wednesday, March 7, 2012 1:24 pm Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > You do not have to pay extra for the device type identification; however, > you do need to be on the 6.x code levels. With the device fingerprinting, > you can easily push all the smartphones to a unique dhcp scope with very > low lease times. > > Chad Street - Emory > > > On 3/7/12 12:57 PM, "Pham, Loc" wrote: > > > Marcelo, > > The Aruba feature that allow fingerprint on the devices, do you > have to > >pay extra for it to be functional ? > > > > I hope our Cisco BU is listening ;-))) > > > >Regards, > > > >Loc Pham, CCIE > >office 415-353-4492 > >IT Enterprise Security & Services > >UCSF Medical Center > > > >-----Original Message----- > >From: The EDUCAUSE Wireless Issues Constituent Group Listserv > >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew > >Sent: Thursday, February 02, 2012 10:17 AM > >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to > smartphones to > >address IP usage issues > > > >Smartphones were killing us this quarter. While we only have 3500-3800 > >concurrent daily users, we have about 6500 devices connected. Most > of > >these extra 3000 devices were smartphones that come online for less > than > >a minute, and then go idle again. With our 30m DHCP renew times, we > were > >exhausting our 5500 public IP pool for our main SSID. Instead of moving > >to private space (which most likely we will in the near future), we > added > >6 more class c subnets. We are now NOT running out of IPs, at least > for > >a short while. We also thought of making the DHCP lease times very > short > >(like 5 minutes), but our DHCP admin is uncertain what issues might > arise > >from this. Another option we are thinking about, the new Aruba code > >allows fingerprinting devices before they are placed on a subnet, so > we > >could put all smartphones in specific subnets with short lease > times, and > >leave the rest of the devices (pads, netbook, notebooks, etc) on regular > >subnets with average DHCP lease times. > > > >Marcelo Lew > >Wireless Enterprise Administrator > >University Technology Services > >University of Denver > >Desk: (303) 871-6523 > >Cell: (303) 669-4217 > >Fax: (303) 871-5900 > >Email: mlew@du.edu > > > > > > > >-----Original Message----- > >From: The EDUCAUSE Wireless Issues Constituent Group Listserv > >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell > >Sent: Thursday, February 02, 2012 9:22 AM > >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to > smartphones to > >address IP usage issues > > > >I agree, the school newspaper only shows it from a user's perspective. > > "The smartphones are shutting down the network" while it's more "the > >network has run out of public address space and the use of private > >address space on this network is _______ " > > > >We all know the major flaw in using private address space is logging > and > >tracking but there are solutions to this. Shutting down access (by > MAC > >block ID?) would not be one of mine. > > > >Jonn Martell, speaking as a network instructor and Director but not > on > >behalf of the Universities I work at.... > > > >
Here is a reason for preferring Wi-Fi for phones:
(this message came to my phone as I was preparing for a talk about the benefits of eduroam...
Needless to say that I included this image in the presentation ;-)





On Mar 7, 2012, at 1:57 PM, Charlie Derr wrote:

> On 03/07/2012 01:17 PM, leo song wrote:
>> Assigning smart phones to specific subnets which has short DHCP lease time doesn't seem like a long term or sustainable
>> solution, we are trying to implement PAT on campus wide wireless networks soon to address the public IP shortage
>> challenge, while keep fingers across for the tracking & logging issues.
>>
>> On the other hand, I am just pondering whether those smart phone really require campus wireless services in the long
>> run, or they'd better off to carrier?
>
> Some of us (probably the minority at this point) have lousy cell coverage on campus.
>
>> I am hoping there will be some in-depth analysis of research on this, especially
>> on the client expectations and costs comparison perspective.
>
> Certainly from the point of view of the user (student, faculty or staff), it's cheaper to spend less money on a smaller monthly data plan (or none at all?) and try to connect to wifi whenever possible if there's no extra charge from the school (or coffeshop, or ...) for wifi access.
>
>   ~c
>
>>
>> On Wed, 2012-03-07 at 09:57 -0800, Pham, Loc wrote:
>>> Marcelo,
>>>   The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ?
>>>
>>>   I hope our Cisco BU is listening ;-)))
>>>
>>> Regards,
>>>
>>> Loc Pham, CCIE
>>> office 415-353-4492
>>> IT Enterprise Security&  Services
>>> UCSF Medical Center
>>>
>>> -----Original Message-----
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew
>>> Sent: Thursday, February 02, 2012 10:17 AM
>>> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>>> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues
>>>
>>> Smartphones were killing us this quarter.  While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected.  Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again.  With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID.  Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets.  We are now NOT running out of IPs, at least for a short while.  We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this.  Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times.
>>>
>>> Marcelo Lew
>>> Wireless Enterprise Administrator
>>> University Technology Services
>>> University of Denver
>>> Desk: (303) 871-6523
>>> Cell: (303) 669-4217
>>> Fax:    (303) 871-5900
>>> Email:mlew@du.edu  <mailto:mlew@du.edu>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell
>>> Sent: Thursday, February 02, 2012 9:22 AM
>>> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>>> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues
>>>
>>> I agree, the school newspaper only shows it from a user's perspective.
>>>  "The smartphones are shutting down the network"  while it's more"the network has run out of public address space and the use of private address space on this network is _______"
>>>
>>> We all know the major flaw in using private address space is logging and tracking but there are solutions to this.  Shutting down access (by MAC block ID?) would not be one of mine.
>>>
>>> Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
>>>
>>>

That sums it up very nicely. I would think anyone doing a presentation asking for funding for WiFi  would want that in their slide deck. J

 

Pete M.

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Wednesday, March 07, 2012 3:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues

 

Here is a reason for preferring Wi-Fi for phones:
(this message came to my phone as I was preparing for a talk about the benefits of eduroam...
Needless to say that I included this image in the presentation ;-)





On Mar 7, 2012, at 1:57 PM, Charlie Derr wrote:

> On 03/07/2012 01:17 PM, leo song wrote:
>> Assigning smart phones to specific subnets which has short DHCP lease time doesn't seem like a long term or sustainable
>> solution, we are trying to implement PAT on campus wide wireless networks soon to address the public IP shortage
>> challenge, while keep fingers across for the tracking & logging issues.
>>
>> On the other hand, I am just pondering whether those smart phone really require campus wireless services in the long
>> run, or they'd better off to carrier?
>
> Some of us (probably the minority at this point) have lousy cell coverage on campus.
>
>> I am hoping there will be some in-depth analysis of research on this, especially
>> on the client expectations and costs comparison perspective.
>
> Certainly from the point of view of the user (student, faculty or staff), it's cheaper to spend less money on a smaller monthly data plan (or none at all?) and try to connect to wifi whenever possible if there's no extra charge from the school (or coffeshop, or ...) for wifi access.
>
>   ~c
>
>>
>> On Wed, 2012-03-07 at 09:57 -0800, Pham, Loc wrote:
>>> Marcelo,
>>>   The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ?
>>>
>>>   I hope our Cisco BU is listening ;-)))
>>>
>>> Regards,
>>>
>>> Loc Pham, CCIE
>>> office 415-353-4492
>>> IT Enterprise Security&  Services
>>> UCSF Medical Center
>>>
>>> -----Original Message-----
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew
>>> Sent: Thursday, February 02, 2012 10:17 AM
>>> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>>> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues
>>>
>>> Smartphones were killing us this quarter.  While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected.  Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again.  With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID.  Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets.  We are now NOT running out of IPs, at least for a short while.  We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this.  Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times.
>>>
>>> Marcelo Lew
>>> Wireless Enterprise Administrator
>>> University Technology Services
>>> University of Denver
>>> Desk: (303) 871-6523
>>> Cell: (303) 669-4217
>>> Fax:    (303) 871-5900
>>> Email:mlew@du.edu  <mailto:mlew@du.edu>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell
>>> Sent: Thursday, February 02, 2012 9:22 AM
>>> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU  <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
>>> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues
>>>
>>> I agree, the school newspaper only shows it from a user's perspective.
>>>  "The smartphones are shutting down the network"  while it's more"the network has run out of public address space and the use of private address space on this network is _______"
>>>
>>> We all know the major flaw in using private address space is logging and tracking but there are solutions to this.  Shutting down access (by MAC block ID?) would not be one of mine.
>>>
>>> Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at....
>>>
>>>

Message from jason.cook@adelaide.edu.au

We have a number of users who use iPod touch/iPad with no 3g and other such devices. At this point we just use dhcp fingerprinting for reporting purposes, but not for assigning different networks or denying access. This method just specifies IOS device, and can't tell the difference between an iPhone and an iTouch or if an ipad has 3g option... Can the vendor finger printing tell device difference? Otherwise if you could end up denying access to devices that don't have another method of access, and in the end providing our users with network access is why we have jobs. Vote 1 for Cisco BU listening, I'm pretty sure it's a fair cost to get fingerprinting in. Though we run freeradius anyway. -- Jason Cook Technology Services The University of Adelaide, AUSTRALIA 5005 Ph    : +61 8 8313 4800 e-mail: jason.cook@adelaide.edu.au CRICOS Provider Number 00123M -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charlie Derr Sent: Thursday, 8 March 2012 5:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to address IP usage issues On 03/07/2012 01:17 PM, leo song wrote: > Assigning smart phones to specific subnets which has short DHCP lease > time doesn't seem like a long term or sustainable solution, we are > trying to implement PAT on campus wide wireless networks soon to address the public IP shortage challenge, while keep fingers across for the tracking & logging issues. > > On the other hand, I am just pondering whether those smart phone > really require campus wireless services in the long run, or they'd better off to carrier? Some of us (probably the minority at this point) have lousy cell coverage on campus. > I am hoping there will be some in-depth analysis of research on this, > especially on the client expectations and costs comparison perspective. Certainly from the point of view of the user (student, faculty or staff), it's cheaper to spend less money on a smaller monthly data plan (or none at all?) and try to connect to wifi whenever possible if there's no extra charge from the school (or coffeshop, or ...) for wifi access. ~c > > On Wed, 2012-03-07 at 09:57 -0800, Pham, Loc wrote: >> Marcelo, >> The Aruba feature that allow fingerprint on the devices, do you have to pay extra for it to be functional ? >> >> I hope our Cisco BU is listening ;-))) >> >> Regards, >> >> Loc Pham, CCIE >> office 415-353-4492 >> IT Enterprise Security& Services >> UCSF Medical Center >> >> -----Original Message----- >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew >> Sent: Thursday, February 02, 2012 10:17 AM >> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> >> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones >> to address IP usage issues >> >> Smartphones were killing us this quarter. While we only have 3500-3800 concurrent daily users, we have about 6500 devices connected. Most of these extra 3000 devices were smartphones that come online for less than a minute, and then go idle again. With our 30m DHCP renew times, we were exhausting our 5500 public IP pool for our main SSID. Instead of moving to private space (which most likely we will in the near future), we added 6 more class c subnets. We are now NOT running out of IPs, at least for a short while. We also thought of making the DHCP lease times very short (like 5 minutes), but our DHCP admin is uncertain what issues might arise from this. Another option we are thinking about, the new Aruba code allows fingerprinting devices before they are placed on a subnet, so we could put all smartphones in specific subnets with short lease times, and leave the rest of the devices (pads, netbook, notebooks, etc) on regular subnets with average DHCP lease times. >> >> Marcelo Lew >> Wireless Enterprise Administrator >> University Technology Services >> University of Denver >> Desk: (303) 871-6523 >> Cell: (303) 669-4217 >> Fax: (303) 871-5900 >> Email:mlew@du.edu >> >> >> >> -----Original Message----- >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell >> Sent: Thursday, February 02, 2012 9:22 AM >> To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> >> Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones >> to address IP usage issues >> >> I agree, the school newspaper only shows it from a user's perspective. >> "The smartphones are shutting down the network" while it's more"the network has run out of public address space and the use of private address space on this network is _______" >> >> We all know the major flaw in using private address space is logging and tracking but there are solutions to this. Shutting down access (by MAC block ID?) would not be one of mine. >> >> Jonn Martell, speaking as a network instructor and Director but not on behalf of the Universities I work at.... >> >>
It is possible to use dhcp fingerprints to provide device category specific settings including lease times. This is not vendor specific, but a dhcp configuration. Our observation is that many many many of our wireless devices are 'mobile appliances'. Mostly Apple today with android numbers increasing. The number of distinct android fingerprints is legion. The current trend toward common platforms may someday muddy the waters, but for the moment it is easier to reliably fingerprint Mac and Windows Notebook devices than any other category ... so I would propose a general reduction in wireless lease times with fingerprint based extensions for Notebooks. That said there are risks with shorter lease times. Specifically DHCP server load, increased network broadcast traffic, incompatible NAC attribution systems. increased log sizes (watch your siem license). I hesitate to suggest this if you do not have a functional system and network monitoring tool. I disagree with creating separate SSID / pools for device class because it is wasteful in an already fragile IP economy. Tested but unproven and without warrantee: If someone has their back against the wall and is interested in giving it a go... show this to your dhcp admin: If it works for you, let us all know the stats, send a donation to a food pantry. class "EXCEPTION" { match concat(pick-first-value(option vendor-class-identifier,"no-identifier"),"=",binary-to-ascii(10, 8, "-", option dhcp-parameter-request-list)); } subclass "EXCEPTION" "MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43" { default-lease-time 7200; max-lease-time 7200; } also subclass MSFT 5.0=1-15-3-6-44-46-47-31-33-43 MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43 MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-252-43 MSFT 5.0=1-15-3-6-44-46-47-31-33-121-249-43-4-0-2-21-20-232-25-48-24 MSFT 5.0=1-3-6-15-33-43-44-46-47-121-249 no-identifier=1-3-6-15-112-113-78-79-95-252 no-identifier=1-3-6-15-112-113-78-79-95 no-identifier=1-3-6-15-119-95-252-44-46 no-identifier=1-3-6-15-119-95-252-44-46-47 (there are a few more obscure entries but this will get you started) Randall Grimshaw rgrimsha@syr.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from cstree2@emory.edu

We do not use Aruba for DHCP. In general we use the wireless gear to provide wireless -- all other services are offloaded to more robust enterprise systems. The aruba system looks at dhcp and html to figure out what kind of device it is, so it can tell the difference between an ipod and an iphone as they have different 'html' signatures -- even if they are both running IOS5. Trying to do this in dhcp without the aid of the aruba gear would be ... very time consuming. The aruba gear can leverage the 'fingerprinting' information and allow you to assign device types to a particular vlan. Then you can modify that vlan's dhcp settings to provide a lower lease time. You can take this a step further and assign the smartphones to a unique role which can give you flexibility on ACLs and bandwidth contracts. On 3/7/12 2:14 PM, "Ken Connell" wrote: >Chad.... > >Who is your DHCP server ? Aruba ? >I was wondering how you push them to a diff scope ? > > >Ken Connell >Intermediate Network Engineer >Computer & Communication Services >Ryerson University >350 Victoria St >RM AB50 >Toronto, Ont >M5B 2K3 >416-979-5000 x6709 > >----- Original Message ----- >From: "Street, Chad A" >Date: Wednesday, March 7, 2012 1:24 pm >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to smartphones to >address IP usage issues >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > >> You do not have to pay extra for the device type identification; >>however, >> you do need to be on the 6.x code levels. With the device >>fingerprinting, >> you can easily push all the smartphones to a unique dhcp scope with >>very >> low lease times. >> >> Chad Street - Emory >> >> >> On 3/7/12 12:57 PM, "Pham, Loc" wrote: >> >> > Marcelo, >> > The Aruba feature that allow fingerprint on the devices, do you >> have to >> >pay extra for it to be functional ? >> > >> > I hope our Cisco BU is listening ;-))) >> > >> >Regards, >> > >> >Loc Pham, CCIE >> >office 415-353-4492 >> >IT Enterprise Security & Services >> >UCSF Medical Center >> > >> >-----Original Message----- >> >From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Marcelo Lew >> >Sent: Thursday, February 02, 2012 10:17 AM >> >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to >> smartphones to >> >address IP usage issues >> > >> >Smartphones were killing us this quarter. While we only have >>3500-3800 >> >concurrent daily users, we have about 6500 devices connected. Most >> of >> >these extra 3000 devices were smartphones that come online for less >> than >> >a minute, and then go idle again. With our 30m DHCP renew times, we >> were >> >exhausting our 5500 public IP pool for our main SSID. Instead of >>moving >> >to private space (which most likely we will in the near future), we >> added >> >6 more class c subnets. We are now NOT running out of IPs, at least >> for >> >a short while. We also thought of making the DHCP lease times very >> short >> >(like 5 minutes), but our DHCP admin is uncertain what issues might >> arise >> >from this. Another option we are thinking about, the new Aruba code >> >allows fingerprinting devices before they are placed on a subnet, so >> we >> >could put all smartphones in specific subnets with short lease >> times, and >> >leave the rest of the devices (pads, netbook, notebooks, etc) on >>regular >> >subnets with average DHCP lease times. >> > >> >Marcelo Lew >> >Wireless Enterprise Administrator >> >University Technology Services >> >University of Denver >> >Desk: (303) 871-6523 >> >Cell: (303) 669-4217 >> >Fax: (303) 871-5900 >> >Email: mlew@du.edu >> > >> > >> > >> >-----Original Message----- >> >From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> >[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonn Martell >> >Sent: Thursday, February 02, 2012 9:22 AM >> >To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> >Subject: Re: [WIRELESS-LAN] School blocks Wi-Fi access to >> smartphones to >> >address IP usage issues >> > >> >I agree, the school newspaper only shows it from a user's perspective. >> > "The smartphones are shutting down the network" while it's more "the >> >network has run out of public address space and the use of private >> >address space on this network is _______ " >> > >> >We all know the major flaw in using private address space is logging >> and >> >tracking but there are solutions to this. Shutting down access (by >> MAC >> >block ID?) would not be one of mine. >> > >> >Jonn Martell, speaking as a network instructor and Director but not >> on >> >behalf of the Universities I work at.... >> > >> >
Good morning - 

We do not have this problem.  We use RFC 1918 private address space, and NAT (PAT).  Traffic is logged through our firewall, so we can account for any nefarious activity (Ya know, DMCA.)

I'm not sure I'm trying to start a big discussion as to the pros and cons of PAT, but I'm just suggesting that it's a solution that should not be overlooked.

Our larger problem in this area had to do with our NAC.  Bradford licenses their system based on number of registered users.  And the skyrocketing of devices meant that we had to expand our license.  And this translated into real dollars.  

Time to look hard at 802.1x once again!


-
Pete Hoffswell - Network Manager
pete.hoffswell@davenport.edu
http://www.davenport.edu
616-732-1101


Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.