Profile

Hunter Fuller

Edit My Profile


My Content

1 to 20 of 50+ total
Posted By Hunter Fuller 11-11-2022 10:35:25 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
We have certainly had our share of captive portal issues when we rolled it out: - Web team gave us a captive portal HTML template that needed access to assets from the Internet - Had to explicitly allow non-logged-in users to talk to our DNS servers - Expanded the IP range and forgot to update ACLs ...
Posted By Hunter Fuller 11-08-2022 09:47:40 AM
Found In Egroup: Network Management
\ view thread
So, for our third party connections that we need to bring to the edge, we use VLANs. If your distribution layer is IP only (no Layer 2 extension) then I could see why you would use VXLAN, however, I don't think the end result is better or "more segmented" than if you had just used a VLAN. That is just ...
Posted By Hunter Fuller 11-07-2022 10:38:46 AM
Found In Egroup: Network Management
\ view thread
Cisco's PoE reporting is very confusing compared to e.g. Ruckus. "Allocated" PoE power isn't the same as drawn PoE power and it's not easy to see them side by side. That might explain your absurdly-wrong PoE wattage reports from the Cisco units. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 ...
Posted By Hunter Fuller 11-07-2022 10:32:49 AM
Found In Egroup: Network Management
\ view thread
We use both, but VXLAN is used for extension, not segmentation, in our environment. I don't quite understand how VXLAN would provide an advantage over VLANs from a segmentation standpoint. I would need to know more about the application. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 ...
Posted By Hunter Fuller 10-31-2022 09:19:46 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Tariq, Have you tried failing over? We had a very similar issue, and failing over fixed it. I know that is a non-answer, but we are hoping it will kick us down the road long enough to get off the 8540s rather than fighting that battle with TAC. BTW, we are the exact same environment, ClearPass Guest ...
Posted By Hunter Fuller 10-28-2022 01:01:17 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Hey now - we still have til January.
Posted By Hunter Fuller 10-28-2022 11:33:11 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
Yes, we "trust" it in the sense that you can talk to stuff like our AD controllers, which are not accessible off campus. But for actually sensitive stuff, you either have to SSO or VPN (which requires SSO). For instance, when I log into a network device, I have to VPN from wireless. This is an uncommon ...
Posted By Hunter Fuller 10-25-2022 02:00:15 PM
Found In Egroup: Network Management
\ view thread
We don't block any HTTPS so blocking QUIC would bring us no value. However, we do set the magic DNS records to make DoH not auto-enable in Firefox. (Chrome doesn't do this if the user is using our DNS resolvers, so we don't care about that much.) -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 ...
Posted By Hunter Fuller 10-12-2022 09:40:50 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
I'm interested in what you come up with here, because we are also ClearPass with Cisco wireless.
Posted By Hunter Fuller 10-03-2022 11:35:35 AM
Found In Egroup: Network Management
\ view thread
I see. I can't speak to the security scanning issue as we don't scan all machines (certainly not Wi-Fi). We use BlueCat DHCP which has absolutely no problem with these lease times. CPU load is less than 5% at all times, even when I forgot to reset the Student Wireless network to 2h after a maintenance, ...
Posted By Hunter Fuller 09-30-2022 03:07:29 PM
Found In Egroup: Network Management
\ view thread
Jason, Sorry, what issue is stale leases causing for you? Our lease time is 2 hours (a bit longer than 1 class period, was our thought). But honestly it could be almost anything in our environment. We lower it to 5 minutes if we are re-IPing an area for whatever reason, but otherwise, 2 hours across ...
Posted By Hunter Fuller 09-30-2022 09:16:14 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
we haven't done this, but I have to say, do these products really support wireless? Gaming is one of the least optimal use cases for wireless, and we put all our gamers on wired for that reason, so that would be very surprising to me. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office ...
Posted By Hunter Fuller 09-27-2022 10:55:48 AM
Found In Egroup: Wireless Local Area Networking
\ view thread
We are not an Aruba shop, so I can't speak to that, but FWIW, you do not need any sort of impressive cable for 2.5GBASE-T. "IEEE 802.3bz specifies 2.5 Gbps over 100 meters of Category 5e cabling or 5 Gbps over 100 meters of Category 6 cabling"https://www.flukenetworks.com/blog/cabling-chronicles/wil ...
Posted By Hunter Fuller 09-22-2022 02:39:33 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Jennifer, I'm not sure that "the mechanism is exactly the same" for MAB on Wi-Fi and wired. The images you sent have step 1 listed as "Endpoints connect to 802.1X-secured network." My understanding is that that is not how 802.1X works on Wi-Fi. In Wi-Fi, the association is not complete *until* the 802.1X ...
Posted By Hunter Fuller 09-21-2022 09:48:56 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Wow, thanks for all that info, Jennifer. I learned a thing or two. regarding "it effectively downgrades the security of that entire network. SSIDs are L2 broadcast domains. I'm refraining from getting on the soapbox to elaborate" - I hate to make you get on your soapbox but can you elaborate juuuust ...
Posted By Hunter Fuller 09-21-2022 01:20:43 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
I'm not sure I'm following this."Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials."Which one of these would a manually-entered 802.1X credential fall under? NTLM ...
Posted By Hunter Fuller 09-21-2022 12:27:58 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Ah, I see, good to know. We do not use that feature (we use eduroam CAT for provisioning) so I assume we are dodging this bullet. -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering
Posted By Hunter Fuller 09-20-2022 11:00:40 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Hey Travis, I reviewed all that stuff briefly, but I don't get it ("it" meaning "the impact to Wi-Fi credentials"), so, please, elaborate? -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering
Posted By Hunter Fuller 09-16-2022 02:40:33 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
Just to be clear, that is on the same SSID as the PSK one that's having issues? We are trying to enable MAC Address filtering on our webauth SSID but it causes sporadic failures to authenticate, at least for iPhones. It's an open SSID so no "wrong PSK" but we see "Unable to connect" instead. it goes ...
Posted By Hunter Fuller 09-16-2022 02:08:41 PM
Found In Egroup: Wireless Local Area Networking
\ view thread
You don't happen to be running MAC filtering/bypass on this SSID do you? -- Hunter Fuller (they) Router Jockey VBH M-1C +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Network Engineering