The document summarizes updates from an ITS networking retreat at UNC-CH, including:
1) Plans to block access to Outlook and Live from the UNC-Guest WiFi network and push users to the eduroam network for secure access.
2) Upcoming password changes for UNC's wireless networks and ending support for IPSec VPN clients by January 2015 in favor of newer SSL-based clients.
3) Ongoing work to expand pervasive WiFi access across campus alongside hardware refreshes.
3. Wi-Fi Updates
- Yosemite (and Mac OS X in general) issues –
inconsistent; noted by other vendors and universities;
seems unhappy with more than one AP in the area
- Status of UNC-Guest – blocking access to
outlook.unc.edu/live.unc.edu on Jan 1st?
- Still seeing EAP-TTLS users on UNC-Secure (i.e. using
Onyen and password rather than certificates), but ...
- Status of eduroam: push on one change rather than
two?
4. eduroam
• http://help.unc.edu/help/eduroam/
• http://its.unc.edu/project/eduroam-wi-fi-service-
travelling-scholars/
• https://www.eduroam.us/eduroam_us_institu
tions
• eduroam is same VLANs/subnets as UNC-Secure
– do we need both? Removing UNC-Secure
would “fix” the TTLS issue
5. Wi-Fi Updates (cont.)
- Pervasive Wi-Fi implementation along with
Campus Hardware Life Cycle
- http://its.unc.edu/project/pervasive-campus-wi-fi-
initiative-project/
- http://its.unc.edu/project/campus-network-hardware-
refresh/
- Money talks
- UNC-PSK/UNC-Guest-PSK passphrase changes:
Monday Dec. 29th!!!!
6. VPN Information
- Need to stop support for IKEv1 with IPSec clients
- Couldn’t get VPN groups working with IKEv2
- Cisco no longer offering support for original VPN Client
with IPSec support
- Only supporting newer Cisco AnyConnect Secure
Mobility Client (uses SSL)
- ITS will stop support for IPSec-based connectivity (Cisco
or other client) on Jan 5, 2015
- Don’t worry about what client version is available for
download – once you connect, you get upgrade
7. Other Fun Stuff!!!
- Still seeing occasional issue with Intel NIC
driver and IPv6 multicast floods:
https://communities.intel.com/thread/48051
- May not know when an area of your building
has lost power until UPS batteries are
exhausted
- Vendor truthiness, indeed!
8. Important Dates
- Dec 29th 2014: new passphrases for UNC-PSK
and UNC-Guest-PSK
- Jan 1st 2015: block
outlook.unc.edu/live.unc.edu for UNC-Guest
- Jan 5th 2015: end support for IPSec/original
Cisco VPN Client/any IPSec-based VPN client