Profile

CommunityPlatform_1350x900.jpg

Max Turpin

Edit My Profile

My Content

1 to 20 of 27 total

RE: Coverage loss between Aruba 200 and 500 Series WAPs

Posted By Max Turpin 12-16-2022 02:49:59 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Really good point Michael. The 535 is even less. That's been our standard AP for refreshes. AP-535: Combining the patterns of each of the antennas of the MIMO radios, the peak gain of the combined, average pattern is 1.9dBi in 2.4GHz and 3.5dBi in 5GHz.

RE: Captive portals - Friend or Foe?

Posted By Max Turpin 11-11-2022 08:24:47 AM
Found In Egroup: Wireless Local Area Networking \ view thread
We use a captive portal for our guest wireless services. Captive portal with MAC caching through clearpass. I have upgraded to 6.11 in our test environment to work with the new support for RFC 8908. The biggest issue for captive portals is the detection. My hope is that CPI makes the portal launch more ...

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By Max Turpin 10-10-2022 10:28:47 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Fantastic news! I just got open NDS set up but now I want to upgrade to 6.11 to test with clearpass which is our NAC.

RE: Anyone just said "screw 802.1X" for Wi-Fi?

Posted By Max Turpin 09-30-2022 01:55:21 PM
Found In Egroup: Wireless Local Area Networking \ view thread
What we allow is dictated by InfoSec. It's not a policy we control. For us, you are limited to basic and well known protocols. Does this kill functionality for some users? Absolutely, but it's the policy and that's what you accepted when you clicked "Accept & Connect" Max

RE: 802.1x Prompting Wireless Architecture Questions

Posted By Max Turpin 09-22-2022 07:17:11 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Fine, yes. But that's not MAB, which was what I thought was being discussed. For instance you can't fail through dot1x to a MAC auth on wireless. Any MAC filtering is done after the dot1x process has completed and can be set as part of your rolemapping within RADIUS if you so desire. Jennifer, thank ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By Max Turpin 09-22-2022 07:02:28 AM
Found In Egroup: Wireless Local Area Networking \ view thread
It's not possible, as far as I know, to do MAB on a wireless dot1x protected network. On wired dot1x, absolutely, but not wireless. I would love to be proven wrong on this though.

RE: Cisco 9800-80 Experiencing Load Issues

Posted By Max Turpin 09-13-2022 07:31:52 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Jesse, Thank you for this information. At what percentage has TAC indicated that there may start to be an issue? After looking at our 9800-80 pairs, we have 8 site tags, but the largest is at 44%. Curious at what threshold we should start to get concerned because I may end up setting up a splunk alert ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By Max Turpin 09-09-2022 03:43:21 PM
Found In Egroup: Wireless Local Area Networking \ view thread
I agree completely. However, the truth is also that the majority of organizations do implement EAP in that manner.

RE: 802.1x Prompting Wireless Architecture Questions

Posted By Max Turpin 09-09-2022 03:35:39 PM
Found In Egroup: Wireless Local Area Networking \ view thread
I would say try them out and see how you like it. I am partial to SecureW2 but cost is always a consideration. What you're paying for is for them to make sure that they keep up to date with vendor updates so onboarding doesn't break (as much). Also, just to clarify a bit on my last comment, you can use ...

RE: 802.1x Prompting Wireless Architecture Questions

Posted By Max Turpin 09-09-2022 03:23:33 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Clearpass. Highly recommendedNoneNoYes. No.PSK network with RADIUS profiling. Looking to ditch this for MPSK self registration and no profiling.Captive portal w/ MAC cachingIf you want implement EAP correctly, you need a PKI onboarding solution like SecureW2, Clearpass Onboard or Cloudpath. And yes, ...

RE: Aruba AOS 8.6.0.16

Posted By Max Turpin 08-23-2022 07:17:27 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Same as Michael. We've been running 8.6.0.16 since it came out due to .15 bugs and have had no problems. If this is reproducible, you should be able to see what's going on with a user-debug. For easy logging, send your user-debug logging to your syslog server under a different facility.

RE: Hisense 40A4H - Android TV - Randomized MAC Address

Posted By Max Turpin 08-22-2022 08:03:14 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Jonathan, At least as far as iOS 15 goes, once you forget the network, a new randomized MAC will be used when connecting again.

RE: Problem with Apple wireless profile

Posted By Max Turpin 08-19-2022 06:01:48 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Why are you using SSLv3? Do your RADIUS requests go through an F5 or load balancer? You can end up with TLS mismatches in those types of scenarios if your F5 and RADIUS servers are mismatched on allowed SSL/TLS versions. I would start by disabling those legacy and insecure protocols. Unless you have ...

RE: Extreme Wireless with Aruba Clearpass Guest Captive Portal

Posted By Max Turpin 08-01-2022 08:45:11 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Since you mentioned CoA, I am going to assume you have your web login set up as server-initiated in clearpass to generate that change of authorization request. The first two things I would suggest would be the following: Set a login delay. I find that 5-6 seconds is a good spot. Increase your RADIUS ...

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By Max Turpin 07-12-2022 04:25:05 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Good to know, I'll do some testing and report back. I, too also asked our SE who didn't know. I'm not sure how widely adopted this either, I suspect not much.

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By Max Turpin 07-12-2022 03:50:08 PM
Found In Egroup: Wireless Local Area Networking \ view thread
Christopher, Are you passing back a URL or an API? Because according to all the documentation, you need to pass back a URL to a JSON API which passes back attributes as part of the JSON response. When I get some time I plan to test this with an RFC8910 capable captive portal server, openNDS, referenced ...

RE: iOS, Android, and Mac OS - Captive Portal API - DHCP Option 114

Posted By Max Turpin 06-25-2022 07:49:38 AM
Found In Egroup: Wireless Local Area Networking \ view thread
From what I understand in the RFC, you use option 114, which I did also find in Infoblox, to send back the URL of an API. That API call returns the URL of the captive portal link. As for what API to use, I did look into it briefly, and it looks like openNDS is an option. We use clearpass in our environment ...

RE: ArubaOS Intermittent Wireless Issues

Posted By Max Turpin 06-22-2022 08:53:09 AM
Found In Egroup: Wireless Local Area Networking \ view thread
We ran into an issue with AX201 chipsets. What I saw was that the device kept L2 connectivity but lost its IP. It would send DHCP discover packets over and over and get offers from the DHCP server but simply ignore them. It would be dropped on the chip's data plane and would not show in a packet capture. ...

RE: Aruba AP 565 (possibly others)

Posted By Max Turpin 06-16-2022 02:13:39 PM
Found In Egroup: Wireless Local Area Networking \ view thread
What power settings are you using on each band?

RE: Meraki in Higher Education

Posted By Max Turpin 05-12-2022 07:28:10 AM
Found In Egroup: Wireless Local Area Networking \ view thread
Who did you end up going with Lee?