Some users have reported uncommonly long delays in authenticating to the wireless network (up to 3 minutes in some instances).

• The authentication-based vulnerability scan is configured to dump out of the scan routine if it exceeds 10 seconds. The scan tests have been pared down to just a few tests that are not stopped by client software firewalls.

• “Fake CAS”: Moobilenet is fronted by “fake CAS” and DistAuth. We reverse engineered CAS to work with DistAuth so we could use the out-of-the-box Bluesocket CAS functionality.  "Fake CAS" uses the Bluesocket captive portal.

• Wireless connectivity using 802.1x and RADIUS is much faster and more secure.

We reviewed the scan testing mechanism. It doesn’t appear that the vulnerability scanning is responsible for the very long delays reported in some authentications.

• Some of the abnormally long login delays were related to a new set of APs that were being installed in a department. Those APs were not yet turned over to the NOC and placed into production. CR fixed the problems with the APs and eliminated the extra security scans. Since then, the department reports the service has been performing well.

• There was a new and temporary one-minute delay introduced the second week of February when the way the Thawte security seal was displayed was changed. This, however, happened only from Tuesday to Wednesday and has since been fixed.

At least part of the delays are due to load issues on the Bluesocket devices.

• The Bluesockets still have an apparent problem with a memory leak that may have caused delays for other customers.

• One of the problems we face in diagnosing these delays is the lack of information we can get from the Bluesockets--they are closed systems without much logging.

• Our ability to monitor and diagnose these types of issues will greatly improve when we move from a captive portal architecture (where all wireless traffic is directed through a single device acting as a firewall) to 802.1x (where once users authenticates and pass a network hygiene test, they get directly on the network).

Ongoing: Continue to encourage the campus community to report the problem to IT Express so a Remedy trouble ticket can be initiated and tracked through its resolution.

• 802.1x authentication for wireless without network admission control is ready.
• The customer service issues need to be worked out.
• See MoobileNet overview and status update

• We are approaching the end of evaluating InfoExpress.
• See Network Admission Control (NAC) overview and status update