Profile

CommunityPlatform_1350x900.jpg

James Andrewartha

Edit My Profile

My Content

1 to 20 of 25 total

RE: VLAN Pruning AP Ports

Posted By James Andrewartha 04-19-2024 09:31:53 AM
Found In Egroup: Network Management \ view thread
The Aruba switch way for option 4 is called Downloadable User Roles, I've seen people talk about doing it for AP ports but didn't find any examples after a quick google. Option 3 for Extreme is fabric attach, and it is extremely (pun-intended) nice. It's not VPN but instead layer 2 services (which ...

RE: Troubleshooting Wi-fi calling and what ended up working

Posted By James Andrewartha 03-07-2024 12:44:57 AM
Found In Egroup: Wireless Local Area Networking \ view thread
The hostnames for Wi-Fi calling should follow this pattern, but apparently some carriers do it differently just because: epdg.epc. . .pub.3gppnetwork.org MNC stands for Mobile Network Code, and MCC stands for Mobile Country Code. From https://whirlpool.net.au/wiki/telstravowifi ------------------------------ ...

RE: Certificate Deployment to devices managed by Microsoft Intune and Jamf

Posted By James Andrewartha 12-20-2023 09:57:35 PM
Found In Egroup: Network Management \ view thread
Hi Mark, On https://www.macadmins.org/ there's a big "JOIN SLACK NOW" button that goes to https://macadmins.slack.com/join/shared_invite/zt-27gqcnz84-UHIQaKQIpDhU_fZPGRevPA#/shared-invite/email which should generate an invitation. Thanks, James ------------------------------ James Andrewartha ...

RE: Certificate Deployment to devices managed by Microsoft Intune and Jamf

Posted By James Andrewartha 11-23-2023 01:14:29 AM
Found In Egroup: Network Management \ view thread
I'm setting up SCEPman for Jamf (and Intune) at the moment. The biggest gotcha was Jamf enforces limits on what RDNs types are acceptable - Jamf support linked me to https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf which says "OIDs can be represented as dotted numbers, ...

RE: WPA3 and Aruba

Posted By James Andrewartha 02-26-2023 10:13:40 PM
Found In Egroup: Wireless Local Area Networking \ view thread
> why MPSK/PPSK is tedious and not viable on WPA3 Personal networks Ruckus claim to have somehow made DPSK work on 6GHz https://www.businesswire.com/news/home/20230119005140/en/RUCKUS-Networks-Enables-Multi-Dwelling-Units-to-Access-New-6-GHz-Spectrum-Enhancing-Advanced-Wi-Fi-Services ----------- ...

PlayStation 5 doesn't like 802.11k quiet IE

Posted By James Andrewartha 01-16-2023 10:57:21 PM
Found In Egroup: Wireless Local Area Networking \ view thread
I ran across this one recently and thought it might be useful for others to know. If a PlayStation 5 is connected to a network with 802.11k Quiet IE enabled, its wifi and bluetooth will lock up a few minutes after connecting, resulting in no network connectivity and controllers not working (unless connected ...

RE: Blocking / Allowing QUIC

Posted By James Andrewartha 10-24-2022 07:56:32 PM
Found In Egroup: Network Management \ view thread
Also QUIC has been used as the base for HTTP/3 which has widespread browser support. We block it, but we also have a fairly heavy content filter, being a K12. https://en.wikipedia.org/wiki/HTTP/3 ------------------------------ James Andrewartha Network and Projects Engineer Christ Church Grammar School ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By James Andrewartha 09-20-2022 11:09:21 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Credential guard prevents the use of NTLM credentials, which is what the "use desktop login credentials to join PEAP/MSCHAPv2" requires. https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-considerations#wi-fi-and-vpn-considerations https://www.mo ...

RE: Requesting Revisit of Community Practice

Posted By James Andrewartha 09-14-2022 08:03:12 PM
Found In Egroup: Cybersecurity \ view thread
Well that's because it's not a mailing list, it's a "Member Engagement Platform". Anyway it does support polls but they can only be created by super users for some ridiculous reason https://support.higherlogic.com/hc/en-us/articles/360033056971-Polls-Overview ------------------------------ James Andrewartha ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By James Andrewartha 09-12-2022 01:02:28 AM
Found In Egroup: Wireless Local Area Networking \ view thread
My Samsung Galaxy S21 has "Use system certificates" as an option (also "Don't validate"). I was wrong, Android does have separate CA, VPN/app user and Wi-Fi certificate stores, and installing a general CA has a warning and PIN/biometric auth prompt while Wi-Fi and VPN don't. https://documentation.m ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By James Andrewartha 09-11-2022 08:56:03 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Android has always allowed using public CAs to verify 802.1X certificates, and since Android 11 and up on certain hardware the "Do not validate" option for the certificate has been removed. This means you either need to use a public CA, or onboard your certificate which is a real pain on Android since ...

RE: Extreme Wireless with Aruba Clearpass Guest Captive Portal

Posted By James Andrewartha 08-22-2022 11:08:34 PM
Found In Egroup: Wireless Local Area Networking \ view thread
@Sarah Stanziano I forgot that to make it work for Extreme I'd added a CoA template to Administration » Dictionaries » RADIUS Dynamic Authorization Templates. ​ ​For XIQ I needed to create a second user profile on the same VLAN, since it seems ...

RE: Extreme Wireless with Aruba Clearpass Guest Captive Portal

Posted By James Andrewartha 08-01-2022 09:03:43 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Here's the CoA enforcement profile: The MAC Caching Enforcement policy: and the MAC auth enforcement policy: For my next trick I'm trying to get ClearPass guest working with ExtremeCloud IQ (XIQ fka Aerohive), but it doesn't seem to be respecting the filter-ID. ------------------------------ James ...

RE: Extreme Wireless with Aruba Clearpass Guest Captive Portal

Posted By James Andrewartha 08-01-2022 08:43:46 PM
Found In Egroup: Wireless Local Area Networking \ view thread
I have done this. Some debugging led me to work out the default disconnect packet from ClearPass doesn't include Radius:IETF:Event-Timestamp in the disconnect packet. You have two options, either add it in the Disconnect profile like this: Radius:IETF Event-Timestamp = %(Radius:IETF:Event-Timestamp) ...

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By James Andrewartha 06-23-2022 08:42:29 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Packetfence also has support since 10.2 https://github.com/inverse-inc/packetfence/issues/5638 -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By James Andrewartha 06-22-2022 09:01:34 PM
Found In Egroup: Wireless Local Area Networking \ view thread
The relevant standards are RFC 8908 (captive portal API) and 8910 (DHCP/RA). I asked for it in ClearPass, currently it's "Planned" https://innovate.arubanetworks.com/ideas/SEC-I-1707 I also found https://github.com/openNDS/openNDS which implements it. -- James Andrewartha Network & Projects Engineer ...

RE: Favorite NTP appliance

Posted By James Andrewartha 06-17-2022 02:34:51 AM
Found In Egroup: Network Management \ view thread
On 16/6/22 19:21, Stuart Kendrick via EDUCAUSE Connect wrote: > Anyone have a Stratum 1 NTP appliance manufacturer / model to recommend? We have a LeoNTP which I wish I could recommend, but component supply issues means there's no ETA for new units: https://store.uputronics.com/index.php?route=pr ...

RE: MacOS network issues due to multiple socket filters

Posted By James Andrewartha 04-27-2022 08:11:00 PM
Found In Egroup: Cybersecurity \ view thread
Side note, I really wish the group archives were visible without a login, since someone in the Macadmins.org slack is experiencing exactly this problem, but I had to copy and paste the details rather than just sending a link. And the information will not be available to people searching via Google either. ...

RE: Airplay/mDNS management in an Aruba Environment without CPPM

Posted By James Andrewartha 01-24-2022 01:51:01 AM
Found In Egroup: Wireless Local Area Networking \ view thread
We also use Extreme NAC but have CPPM just for AirGroup. The setup is easy, the AirGroup service is built-in so it basically just works, you just configure the controller to point at CPPM and set secrets etc. User experience is OK but we are only doing wired devices primarily, the reason it's only ...

RE: Ok. Who else is HATING the educause web forum? (cross posting)

Posted By James Andrewartha 01-24-2022 01:28:22 AM
Found In Egroup: Wireless Local Area Networking \ view thread
My biggest complaint is the archives are not publicly visible, I originally found the lists through google. They are cutting off discovery by new people and hiding a great resource of knowledge and troubleshooting experience. -- James Andrewartha Network & Projects Engineer Christ Church Grammar ...