802.1X Network based

Similar Messages

• 802.1x computer-based network authentication (machine certificate)

  Hello,
  I am using my MBP for work and want to connected to my work's network.
  We are using 802.1x network authentication, based on a computer certificate. I joined my computer to our Microsoft Active Directory and created a computer certificate, which I imported successfully to "System" store.
  Only "Error description" is, that my MBP tries to authenticate as "User".
  How do I configure my network settings, to use "computer-based authentication" and use the computer certificate?
  Regards,
  Ben

  Thanks, but in my case there is no administrator who send me that configuration profile. I have to create a configuration profile for myself.
  I could create a configuration profile for my client and basically it uses a computer certificate to authenticate with the network. But finally the process is cancelled by the client. I tried the steps at OS X Server: How To Configure RADIUS Server Trust in Configuration Profiles when using TLS, TTLS, or PEAP - Apple Suppor… but finally the authentication was cancelled by client, with error ".. server certificate not trusted"
  How should the computer certificate look like?
  Is there a manual for the CA template?
  Regards,
  Ben

• Network based and a-gps, data use tests

  i was trying to find this kind of info, but only found others asking.
  i hope this is useful info for others, especially while roaming.
  skip to the bottom for conclusion,
  this is the process i took:
  i called nokia tech support,
  their phone support his horrible,
  the people on the phone don't actually know anything, and have to look up everything you ask them.
  they were the worst.
  i emailed nokia tech support.
  my message was:
  "i would like to know the difference between assisted gps positioning, and network based positioning. these are 2 of the 4 options on my nokia e66 for positioning methods. i would like to know if network based positioning uses internet data from my service provider to obtain my gps position. i am especially concerned with this function while i'm roaming internationally, as i do not want to be charged for roaming data use."
  in about half hour they responded w/ an answer, and then 45 min after that someone else responded w/ an answer.
  the first response, minus the hello's etc. was:
  "In response to your email, Assisted GPS and Network Based positioning methods generate costs related to data traffic so you will be charged for data use. Only "normal" GPS and Bluetooth GPS do not generate additional costs related to data traffic.
  Normal GPS is quite slow and does not work indoors. Therefore, it is recommended to enable at least A-GPS to get a faster position outdoors.
  Network based and Wi-Fi positioning also allow you to update your position inside buildings, but they cannot be used for navigation."
  the 2nd response was:
  "In response to your inquiry, the difference between Assisted GPS positioning (A-GPS) and Network based positioning is that,  A-GPS uses satellites while Network based positioning is based on information of your cellular network environment. It allows you to update your position inside buildings, but they cannot be used for navigation. Both positioning methods generate costs related to data traffic (unless you have configured the device to use Wi-Fi connection to make the internet connection). The cost may vary while you are on roaming. Kindly contact the service provider for information about data transmission costs."
  i can also respond w/ more questions, but instead did some tests, starting with sitting home, indoors, and eventualy moving to a window w/ lots of sky.
  test 1:
  i enabled:
  integrated gps
  network based
  assisted gps
  opened maps,
  set maps to be offline,
  set default internet access point to my home wlan network,
  closed maps,
  cleared all counters and the log on the phone's communication log.
  opened maps
  there is a pink circle around the area i may be in,
  the icon that would show gps satellite strength, changes to show the cell phone antenna icon.
  but the packet data counter is sending/receiving a total of around 3-8kb immediately, and over the course of time, it keeps adding up, every 1-2 minutes, and it is shown as packet data to/from the access point "at&t internet"
  over the course of ten minutes, it's been about 43kb.
  and i can tell on the phone's home screen that the packet data connection becomes active when it does.
  the maps kb indicator still says 0.0kb, with a line through the double arrow packet data symbol.
  test 2:
  now i exited maps,
  cleared the counters and logs
  i turned off a-gps.
  enabled only integrated gps and network based.
  i open maps,
  the same thing is happening as with the assisted gps on, except i connected to my home wlan once, in the middle of connecting to at&t internet 10 or so times.
  everything else is happening the same.
  test 3:
  i exited maps,
  cleared the counters and logs.
  enabled only integrated gps.
  i open maps, and there is no evidence of packet data connection, or wlan connection.
  nothing is showing up in the logs or packet counters, and there is no pink circle around where i may be.
  if i set maps to go online, w/ my wlan as the access point, or at&t internet, their respective icons show up on maps, as well as the phone's home screen.
  the phone's log show respective connections are made but w/ 0.0kb, and the phone's packet counter, as well as the maps kb usage, say 0.0kb.
  test 4:
  set maps to offline, w/ my wlan as access point.
  exited maps,
  turned phone off for a bit to test gps from cold start.
  turned on phone,
  cleared counters/logs,
  enabled only assisted gps and integrated gps.
  open maps, there's no pink circle around where i may be, just the red dot of where it thought i last was.
  there's about 4-5kb of data transfer,
  then i bring the phone to the window where there's a lot of clear sky, and my location is found pretty fast.
  i know that w/o assisted gps, w/ only integrated gps, it takes a while to get the gps signals.
  i went back and forth to/from the window, and there was packet data use again only once more, not continuously like w/ network based positioning.
  so to conclude my tests,
  setting the maps to be offline, still uses a-gps and network based positioning.
  network based uses a more data, continuously,
  which is the opposite of what i thought, i thought a-gps would use more, so i was using network based on and a-gps off while in canada. whoops.
  using assisted gps uses about 5-10kb, which, when roaming, according to at&t, they charge 1.95cents/kb.
  might be worthwhile for getting a quick gps signal, nothing worse than waiting forever for it to connect.
  the only way to be completely clear of data use is disable network based and assisted gps, or set the phone to offline mode.

  A-GPS: This uses information from cell network to get a rough idea of where you are. It then uses this information to figure out which satellites to look for. Result is a faster satellite lock. So A-GPS uses a few kB of data to get an initial position, but navigation is done using GPS satellites, which does not require ANY data connection.
  Network based: This uses information from the cell network to plot the current position when GPS satellite signal is not available, ie indoors, in a tunnel, etc. Position info derived from the cell network is not as accurate as that from GPS satellites, but serves as a stopgap until GPS signal can be re-acquired. Network based positioning used your data connection EACH TIME the satellite lock is lost. So the amount of data used is dependent on the quality of access you have to the GPS satellites. If you don't lose the connection to the GPS satellites, then you won't use any data.
  The ‘offline’ option within the Nokia Maps app only refers to street, POI, etc searches, NOT to A-GPS, Network based positioning or to connecting with the GPS satellites.
  If you want to navigate without using ANY data connection, set A-GPS off AND set Network based positioning off AND set the Internet option in Nokia Maps to Offline. Do this and you will not use any of your data connection allowance when navigating. There is no need to put the phone into flight mode.
  If I've helped you, you can thank me by clicking the green 'kudos' star on my post. Cheers.

• Broadcom 802.11n Network Adapter not working on Windows 7 64bit

  As the title suggests, my laptop (Alienware m17x) is installed with the Broadcom 802.11n Network Adapter and Windows 7 64bit Home Premium.  I have had several other driver incompatibility issues with Windows 7, but those I have slowly been able to resolve.  This however just cropped up after two months of successful use.  Yesterday it started failing to connect to the internet, telling me that no wireless connections are available.  I live in a dorm, and everyone else on my floor has successful wireless, including my Ipod Touch, PS3 and XBox 360.  I called Alienware/Dell Support and we spent hours trying to fix the problem and all look well until I rebooted my laptop this morning and the same issue reappeared.  When I reboot my laptop, all I get is a notification that no networks appear in range.  If I uninstall the broadcom chip and let windows install it after a boot up it works until the machine is rebooted a second time.  I have tried over a dozen windows 7 drivers for the chip, and about half a dozen vista drivers and they all have the same results, works on the first boot, fails every time after that 

  Just registered to say, on an Alienware M17x system as well running Windows 7 Ultimate, here is a link to a solution that worked exactly for me:
  http://forum.notebookreview.com/alienware/436486-guide-properly-solve-wireless-connection-problems-m17x.html
  All I did was section I.a. If the link is down, I copied the only section that I needed to follow out of this guide, in order to get my wireless to work repeatedly without having to uninstall the wireless driver every single reboot. Now it works perfectly,
  already connected to a wireless network on startup.
  I.a. Disable Device sleep on disconnect
  Some newer Nvidia Ethernet drivers have a feature called Device sleep on disconnect. This is the culprit. Normally, it should only put the Ethernet adapter to sleep when the cable is disconnected, but it's buggy and thus kills the wireless connection as
  well.
  Follow these steps to disable this feature on your Nvidia Ethernet Adapter:
  1. Open the Windows Device Manager by hitting Win+Pause, then click on Device Manager on the left side.
  2. Double-click on Network adapters.
  3. Double-click on NVIDIA nForce Networking Controller (yes, that's the wired Ethernet adapter indeed).
  4. Click on the Advanced tab.
  5. Select Device sleep on disconnect.
  6. Set the Value to Disabled. 
  7. Click OK and wireless should work again (might require a reboot afterwards, but probably not).

• Open File - Security Warning with Network-based Silent Install of CS4

  I am attempting to run an enterprise deployment of CS4 Design Standard Edition onto a pool of WinXP Pro workstations. I placed all of the install files on a networked server running Windows 2003, and generated from there all of the requisite .xml files (install, uninstall, and override files). From this network share, I can successfully run a silent install.
  HOWEVER. Multiple times (two or three) during the course of the silent install, I receive the same pop-up security warning from Windows XP (definitely an OS message, not anti-virus or other) that reads as follows:
  Open File - Security Warning
  Do you want to run this file?
  Name: AIRApplicationRunner.exe
  Publisher: Adobe Systems Incorporated
  Type: Application
  From: (server IP address)
  I have tried excluding Adobe Air from the installation package, but I still receive the same security prompt. This is sufficiently a hassle to have to click through these prompts in a silent install. But more importantly I am unable to run the silent install as part of a logoff script because for all intents & purposes it is no longer a silent install (i.e. it requires user intervention). To top it off, I found when testing the logoff script the prompts are suppressed and the installation fails prior to the bulk of the installation (Photoshop, Illustrator, & InDesign).
  I'm sure that I could run the install by copying all of the files to each local workstation, but again that would defeat the purpose of an easy, network-based install. In the past I was able to install CS3 in this fashion with no troubles, which of course did not include Adobe Air.
  Can anybody offer a suggestion as to how to disable these security messages, or alternately, how to entirely exclude Adobe Air from the install package? I have found a VB script that is supposed to address the security warnings issue, but to run the script also requires the user to accept it at a security prompt.
  Thanks in advance for any assistance!
  -Dan

  I'm now able to deploy design suite premium cs4 successfully.
  The issue for me was that the AirapplicationRunner installs some useless software. I worked around the issue with the Airapplicationrunner prompt by removing any apps that are installed using that method. By "removing" I mean marking that app as "donotinstall" in the deployment file. The apps I removed are these adobe codes for adobe media player, adobe.com, adobeair itself. The below is from my deploy.xml file used for the silent workflow:
  donotinstall
  donotinstall
  donotinstall
  If you mark those three adobe codes as "donotinstall" the prompt never appears and the real apps get installed just fine.

• How to use AirPlay on a 802.1x network

  I'm trying to connect an AppleTV 3 to an 802.1x network, but I failed to use Airplay: no Airplay buttons appear on proper apps on my iPad 2. Only if I join a commercial ADSL network, anything works well, but this solution is not applicable to my aims (using Keynote from iPads to our interactive whiteboards).
  May I install a profile configuration (link) to my AppleTV? This would solve all my problems... I tried, unsuccesully .
  You can find a description of the network I tried to join here (in Italian).
  I don't need to play any movie downloaded from iTunes, so I shouldn't need any Internet connection, should I? The captive portal described in the link above in necessary only for Internet, not to join the internal network.
  I'm available for any further explanation and I hope to have been clear...
  Filippo

  Thanks Daniel,
  I'll try the suggestion asap!
  Filippo

• Recommended storage for Network-based accounts?

  Hello everyone. Sorry in advance for all the following information, but I want to thorough in hopes of allowing you to offer better input. I'm using an Xserve 2 x 2.8 Ghz. Quad Xeon (Mac OS X Server 10.6.6) with 22 GBs RAM and 6 GB NIC LACP bond to our backbone switch. This switch feeds three labs, each with their own gigabit switch, with a total of approximately 50 iMacs combined. All iMacs are connected via gigabit ethernet. All user accounts are network-based, bound to the Xserve via OD via AFP. I have WGM folder-redirects to keep the user caches folder and some of the Adobe stuff off the network for better performance. Primary software is the Adobe Creative Suite Premium CS5 throughout; with one lab using Final Cut Express & Pro and Adobe After Effects. This lab has local partitions for the high I/O requirements of video editing (so I'm not looking to sustain multiple HD streams over the network. etc.). I installed an 8TB OWC Mercury Rack Pro (external hardware RAID enclosure) with an Oxford 936 chipset this past summer, which is currently configured as RAID 5 and connected to the Xserve via a NewerTech 6GB-capable SATA host card (also provided by OWC). All of our network home directories are on the OWC Mercury Rack Pro. We also upgraded two of our three labs with brand new 27" Intel i5 iMacs this past summer. Lastly, I upgraded the Xserve to Snow Leopard also this past summer.
  The Problem:
  Since the upgrades this past summer (Snow Leopard Server, OWC Mercury Rack Pro, new iMacs), network account performance is notably more sluggish (log-in, opening apps, etc.) compared to before the upgrades (Xserve was running Server 10.5.8, labs had Mac Mini systems with gigabit running Mac OS X 10.5.8 and Adobe CS4). My network accounts were on an eSATA Rocstor ArticRoc RAID 5 unit previously, connected to the Xserve via an older Sonnet Tempo-X SATA card (which was PCI-X, not PCI-Express).
  Turns out the new iMacs don't support jumbo frames (yikes!), but notwithstanding that issue, it appears like the new Mercury Rack Pro might not be performing well under load. I've done some testing using OWC's provided QuickBench software. I logged into 3 iMacs using a local admin account, mounted three separate home directories from the Xserve and started testing performance simultaneously (to simulate multiple user access). The iMacs were next to each other, so my tests were started about 1 second apart, but were otherwise running simultaneously. Here's the results for review:
  The tests were performed without file caching enabled, to better gauge the raw storage performance. The results for each test file size are in MB/sec and the 4 result columns in order from left to right are Seq. Read, Seq. Write, Rand. Read, Rand. Write. The averages are totaled at the bottom. Hope this comes through in a readable fashion...
  iMac-1 Test:
  4 KB 10.499 0.502 10.645 0.087
  8 KB 16.351 4.179 15.913 0.143
  16 KB 29.35 11.213 28.878 0.213
  32 KB 39.703 19.318 40.633 0.251
  64 KB 55.519 27.347 51.766 0.335
  128 KB 70.823 38.541 63.345 0.414
  256 KB 78.946 46.074 70.803 0.383
  512 KB 87.872 56.071 77.47 0.325
  1024 KB 93.209 60.616 87.667 0.281
  Average 53.586 29.318 49.68 0.27
  iMac-2 Test:
  4 KB 9.901 0.494 10.843 0.08
  8 KB 14.208 5.116 15.942 0.142
  16 KB 22.762 9.668 26.973 0.174
  32 KB 30.357 16.301 42.276 0.183
  64 KB 2.605 25.486 51.606 0.179
  128 KB 4.831 28.404 18.495 0.308
  256 KB 87.839 43.936 87.014 0.404
  512 KB 96.93 28.836 95.64 0.335
  1024 KB 99.789 40.661 71.096 0.318
  Average 41.025 22.1 46.654 0.236
  iMac-3 Test:
  4 KB 4.689 0.79 10.348 0.065
  8 KB 7.908 5.526 16.399 0.086
  16 KB 6.848 8.783 27.967 0.056
  32 KB 30.183 14.756 42.096 0.132
  64 KB 46.42 13.255 53.114 0.277
  128 KB 74.744 11.307 4.369 0.424
  256 KB 80.955 25.521 26.432 0.484
  512 KB 97.356 16.138 65.667 0.386
  1024 KB 103.434 44.617 103.015 0.612
  Average 50.282 15.632 38.823 0.28
  It appears that small file performance is poor (historically a problem via AFP, I recall), but the Random Write performance is what scared me the most. It's very low across the spectrum. I'm going to provide these results to OWC for review, but wanted to get some additional perspective from the community. I'd appreciate any thoughts or ideas you might share.
  Related Question:
  We may have 35 users logged in at peak time. But given that I'm hosting network accounts for approximately 50 gigabit-equipped Macs, what would you recommend (or are you using) for storage based on my usage criteria mentioned earlier? I'm hoping there's a solution that's less expensive than the fibre-channel Promise RAID (or equivalent); as our budget unfortunately won't support that. Any storage solutions in the SATA realm that might be sufficient for hosting home directories where video capture isn't required?
  Thanks for your patience and your advice!
  Regards - Zeek

  RE: options (b) or (c) with external firewire or USB drives -- if you go this route, are you thinking of afp- or smb-mounting (i.e., ⌘k in Finder) the mini or cube or G3? If so, you'll want to get ahold of SharePoints (unless you know how to create mount points in NetInfo), so you can create an additional mount point on the mini or cube or G3 for your external drive. As you know, when you afp-mount another Mac, the mount points that show up are the individual user accounts on that other Mac /Users/{shortUserNameGoesHere}. But an external firewire drive would not be visible at /Volumes/{extDriveNameGoesHere} on the mini or cube or G3 from these User mount points because /Volumes/{extDriveNameGoesHere} is not in the path of /Users/{shortUserNameGoesHere}. The only way that you could get there would be if you connected as admin on the cube or mini or G3, and then mounted the mini or cube or G3 at its root (/). But you might not want to let regular user accounts access the cube or mini or G3 as admin. But SharePoints will let you define that mount point, so when you ⌘k, it shows up just like the user names do. I am not familiar with smb mounts (for the benefit of your Wintel boxes) but SharePoints will let you define smb mount points, too. It has enabled me to create a "community (inbound) fax" afp mount point, for remote users to retrieve faxes from my computer, as well as permit a "central" afp-mount point for all my users' dropboxes, so you don't have to mount every user if you have multiple drops to make. (That required me to actually move all the drop boxes to a common folder, and make aliases to those locations back in the original users' drop box locations). So you might want to look into SharePoints if you decide to go this route.
  (if you find that this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the "helpful" or "solved" buttons in the header of this post)

• IEEE 802.1x port-based authetication

  I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone.
  I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

  Hi Claudia,
  do you mean that the EAP-TLS authentication fails only on some 2960 switches and it works on other 2960s?
  What is the IOS version you're using there?
  What is the RADIUS server in use?
  What is the exact error message you see on the RADIUS side?
  Usually, the reason for the EAP-TLS handshake failure is to be troubleshoot on the supplicant and AAA server, however, there may be something on the switch depending on the certificate size and MTU settings on the switch(es).
  What is the server cert size and the MTU configured on the switches?
  With the info you provided it's difficult to say what's the reason of this failure.
  I would suggest to start looking into the above mentioned topics, else you would need to proceed with deeper debugging and sniffer traces, which may be better/easier to handle through a TAC case.
  I hope this helps.
  Regards,
  Federico
  If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

• 802.1x mac based authentication

  We have Cisco ACS 3.3 is there a way to do authentication based on mac address, instead of username and password? We are looking to stop things such as user purchased access points and what not. Any info would be great.

  Yes you are right, I misunderstood you. I was under the impression that you were talking about doing MAC based authentication on your AP's, not the switches. That is why I made mention to port security.
  The 2 options would be standard port security or 802.1x port security if you switches support this.
  In order to use the 802.1X port security, your switch would need to support it and the clients connecting to the switch would require a supplicant (EAP-TLS, EAP-TTLS, etc) in order for them to work, not by MAC address alone.
  You can configure standard port security on the switch which will accomplish your intentions and not even need to use the ACS server.
  standard port base security by MAC:
  http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a008007d3ce.html
  802.1x port based security:
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801a6c72.html

• Best practice to use PXE on 802.1X network ?

  Hello,
  We use Cisco ISE 1.2.0.899 on our network (we plan to upgrade to 1.3 in some months).
  Our network includes Cisco models 2960S (and some 2960T) about wired and 2602I (with WISM2) about wireless.
  We have to allow PXE boot on one (or many) VLAN.
  Do you know what's the best practice to use PXE on a 802.1X network ?
  Does ISE and/or Switch can recognize PXE request?
  Do we have to use settings/rules into ISE or on Switch?
  Does the easy way is to allow PXE on WebAuth VLAN?
  Regards,
  Chris

  I am in a similar position.
  We would prefer to keep all switch ports common, even those used for imaging from scratch.
  For PXE as far as I can see we need to allow the port to quickly fail 802.1X and MAB to a remediation VLAN.
  Using ISE we can apply an ACL that allows PXE bootp and dhcp requests and responses along with any other traffic we want in that network i.e. access to internet proxy server, anti-virus updates for posturing etc.
  I haven't configured this yet so I'm not sure of what issues we'll face with timing. We currently use an auth pattern of 802.1X first, then MAB, then fail open to the static VLAN. With ISE 1.3 this is the supposed suggested method instead of a hard "closed" mode. 
   switchport access vlan XX
   switchport mode access
   network-policy VV
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan XX
   authentication event server dead action authorize voice
   authentication host-mode multi-domain
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10

• Can anyone explain Assisted GPS vs Network based f...

  I just got a new E5 and was playing with some settings as well as Ovi maps. On ovi maps, I can see two figures on the bottom right corner, one is a counter for data usage and one looks like a phone signal with green and red bars. Now, I have it in offline mode so the data usage is at 0.0kb.
  I wanted to know what the difference between the Assisted GPS and Network based positioning methods are. If I turn on Assisted GPS, the data counter still stays at 0.0kb, so I'm not sure if A-GPS uses data or not. Is there a way to know if A-GPS is working like the network based data counter?

  http://almost-a-technocrat.blogspot.com/2010/07/gps-positioning-methods-explained.html
  --------------------------------------------------​--------------------------------------------------​--------------------------------------------------​--If you find this helpful, pl. hit the White Star in Green Box...

• Mac OS X 10.8.3: Joining an 802.1X network at Mac OS X login

  Hi,
  is there any possibility of joining an 802.1x network at Login in OS X 10.8.3 ?
  I've found this Support-Article http://support.apple.com/kb/ht2717
  Unfortunately this solution don't work for OS X 10.8.3.
  Cheers,
  ToMMeK

  Give this a shot.
  http://revolutionwifi.blogspot.com/2012/02/mac-os-x-lion-creating-wi-fi-8021x.ht ml
  Make sure you check the comments at the bottom for a "login window" connection.

• My MBP doesn't connect to 802.11n networks

  Software Versions:
  Menu Extra: 6.2 (620.24)
  configd plug-in: 6.2 (620.15.1)
  System Profiler: 6.0 (600.9)
  Network Preference: 6.2 (620.24)
  AirPort Utility: 5.4.2 (542.23)
  IO80211 Family: 3.1 (310.6)
  Interfaces:
  en1:
  Card Type: AirPort Extreme
  Firmware Version: Atheros 5416: 2.0.19.8
  Locale: Korea
  Country Code: KR
  Supported PHY Modes: 802.11 a/b/g
  Supported Channels: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 149, 153, 157, 161
  Status: Connected
  Current Network Information:
  SSD87:
  PHY Mode: 802.11g
  BSSID: 0:25:bc:8a:3f:51
  Channel: 11
  Network Type: Infrastructure
  Security: WPA2 Personal
  Signal / Noise: -58 dBm / -96 dBm
  Transmit Rate: 54
  Other Local Wireless Networks:
  SSD875G:
  PHY Mode: 802.11n
  BSSID: 0:25:bc:8a:3f:52
  Channel: 157
  Network Type: Infrastructure
  Security: WPA2 Personal
  Signal / Noise: -55 dBm / -96 dBm
  SSD875G:
  PHY Mode: 802.11n
  BSSID: 0:1f:5b:86:e9:74
  Channel: 157
  Network Type: Infrastructure
  Security: WPA2 Personal
  Signal / Noise: -58 dBm / -96 dBm
  ==============================================
  From the information above, my MBP doesn't access 802.11n network after install Mac OS X 10.6 Snow Leopard and all of updates.
  Snow Leopard changes Phy mode of 'Atheros 802.11n WL card' to 802.11g, and It works fine as 11n under 10.5.8 Leopard.
  What makes this situation?
  Message was edited by: xeon.thebrick

  defecta wrote:
  So by the virtue of my MacBook being compliant with the 802.11d standard I am open to these issues? And from the way you are explaining it it sounds like Apple is ahead of the curve with implementing 802.11d compliance?
  They're not ahead of the curve +per se+, but as an example many Windows XP machines are behind the curve if you will.
  Would it be legal to write an app or driver that you can set ignore certain problem country codes when you want it to? Because something like this would help my issue also rather than playing lotto each time I turn my MacBook on or wake it from sleep, hoping it will see my wireless network first.
  Unfortunately, I'm not a lawyer and not in Australia so I couldn't begin to guess at what is legal and what's not in this arena.
  However, there is no interface to the driver to be able to manually set a country code, so the point may be moot.
  I don't know what kisMAC can and cannot display, but the country code is broadcast within the 802.11 beacon frame and/or probe response frame if the frame's dot11MultiDomainCapabilityEnabled option is true, so you may want to try looking at its output of beacon frames.
  Three octets make up the country code - the two character country code and a third octet which is one of:
      * An ASCII space character (0x20) if the regulations under which the 802.11 station is operating encompass all environments in the country.
      * An ASCII ‘O’ character (0x4F) if the regulations under which the 802.11 station is operating are for an outdoor environment only.
      * An ASCII ‘I’ character (0x49) if the regulations under which the 802.11 station is operating are for an indoor environment only.
  The way the 802.11d standard specifies this all works is:
  9.9.1 Operation upon entering a regulatory domain
  A STA that is enabled for operation across regulatory domains shall default to passive scanning when it has lost connectivity with its ESS. Passive scanning is performed using only the receive capabilities of the station and is, thus, compatible with regulatory requirements. The timeout for determining the loss of connectivity is system dependent and beyond the scope of this standard.
  When a STA enters a regulatory domain, it shall passively scan to learn at least one valid channel, i.e., a channel upon which it detects IEEE Std 802.11 frames. The Beacon frame contains information on the country code, the maximum allowable transmit power, and the channels to be used for the regulatory domain. Optionally, the Beacon frame may also include, on a periodic basis, the regulatory information that would be returned in a Probe Response frame. Once the STA has acquired the information so that it is able to meet the transmit requirements of the regulatory domain, it shall transmit a Probe Request to an AP to gain the additional regulatory domain information contained in the Probe Response frame, unless the information was previously received in a Beacon fame. The STA then has sufficient information available to configure its PHY for operation in the regulatory domain.
  http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=946610&userType=inst
  Note that this spec dates to 2001, so it's hardly something "new," just something that wasn't necessarily widely supported.

• 802.11a network not supported for this Country Code

  Hi, I get the following error whne enabling 802.11a network on a AIR-WLC2106-K9. Country is set to ID (Indonesia)
  >config 802.11a enable network
  802.11a network not supported for this Country Code
  Yet, on a AIR-CT2504-K9, set to same country code there is no problem.
  Is this a WLC model or version issue? WLC2106 is on version 6.0.199.4 while the CT2504 is 7.0.220.0
  Andrew

  Well is it the only country code selected? Also you might as well upgrade the 2106 to 7.0.x and move off the 6.0.x. Since your 2604 is at that code you might as well upgrade the 2106 and see. I'm guessing that you have the same APs and the APs are for that country.
  Sent from Cisco Technical Support iPhone App

• Multiple SSIDs, but the 802.1x network always weaker

  Just now starting to poke at this- we have an open-auth network and an 802.1x network. In areas where we are more hot-spotty and a client can only see a single AP, we're getting a fair number of reports that the 802.1x network is weaker in signal out of the same AP than the open WLAN is. My first thought is that it's likely in the way that RSSI/"bars" are displayed on individual clients, but we're also hearing that the 802.1x nework in these spots was too weak to use, but when jumping over to the open network, the connection was usable. Has anyone else had to deal with this perception?

  Lee
  As the signal strength is normally calculated from the beacon transmitted by the AP and it is the same regardless of authentication used. Are the users seeing only one AP or one SSID. the real question is what is the signal level in tha area that you are having trouble. According to the manufacturer what data rate is supported at that signal level, what data rate does the client show. Are they running the latest drivers. What does the event log on the AP say about the connection.
  Hope this helps.
  Bill