RE: mac-filtering management
At Liberty University we use Aruba ClearPass Policy Manager endpoints database. We have users register their non-802.1X devices using our custom portal that uses the ClearPass API to populate the endpoints database. Bruce Osborne Network Engineer - Wireless Team IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Tim Cappalli [mailto:cappa...@brandeis.edu] Sent: Friday, February 28, 2014 7:43 AM Subject: Re: mac-filtering management We use the internal endpoint database of ClearPass Policy Manager for MAC authentication. Tim Cappalli | CWNA / ACCP / ACMP / CCNA Wireless Engineer | Brandeis University cappa...@brandeis.edumailto:cappa...@brandeis.edu | (617) 701-7149tel:+16177017149 @tcappy0707http://twitter.com/tcappy0707 | linkedin.com/in/timcappalli/http://www.linkedin.com/in/timcappalli/ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ashfield, Matt (NBCC) Sent: Friday, February 28, 2014 7:26 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] mac-filtering management I've seen many people on this list mention they use mac-filtering for non-standard and non-802.1x devices to access the network. I'm wondering how you are managing this? Is it just a flat list or adding macs as you get requests, or do you have an automated system for management of this. I know Pcketfence would be one good example, but wondering what others are using. Thanks Matt New Brunswick Community College ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: Wireless Gust Account Provision Type:
Eric, We are currently using ClearPass Policy Manager as our 802.1X RADIUS server. We are planning on using their integrated Guest functionality for both self-registration and sponsored access. Although the ClearPass solution is owned by a wireless vendor (Aruba Networks), the solution is multi-vendor, based on their acquisitions of Avenda Networks Server and Amigopod Guest Management. Bruce Osborne Network Engineer - Wireless Team IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Eric Wohlford [mailto:ewohlf...@bluefield.edu] Sent: Monday, March 3, 2014 12:30 PM Subject: Wireless Gust Account Provision Type: Hello All, First let me apologize if similar postings have been made I could not find any with these questions in the archives. We have been asked to look into Self-Provisioning of Guest Accounts, and we are not all that sure where to start. Most of the solutions I have seen are tied to the Wireless Vendors. Currently we are using Ruckus Wireless and it's built in Guest Access for this which is a sponsor based system. It's actually a very simple system. Our Questions: 1. If you use a self-provision system whom is your vendor, or is it homegrown? 2. What are your Security Concerns, and are you a Sponsor Based system or a Self-Provisioning system? 3. What is your staff to user ratio? Thank you, My Pleasure to Serve, Eric R. Wohlford, MBA MCDST, MCP, A+, Network+ ___ Manager of Network Services Bluefield College 3000 College Drive Bluefield, VA Office - 276.326.4278 Fax - 276.326.4288 www.bluefield.edu [Description: Description: bluefield_rgb_horizontal_small] ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. inline: image001.gif
Re: [WIRELESS-LAN] Wireless Guest Account Provision Type:
Eric, The eduroam team (www.eduroam.ushttp://www.eduroam.us) is developing a system to help with visitors that do not have eduroam credentials, using the security and power of 802.1X. Which can address your question... Why register everywhere you go? We have tried to approach owners of hotspots (e.g coffee shop etc...) to try to have them carry the eduroam SSID. Very few of them were interested because eduroam doesn't cover many of their users (read: the interest decreases exponentially as the distance from the campus increases). So, we came up with ANYROAM credentials (roaming credentials for visitors), and we are trying to convince Hotspots to carry ANYROAM and eduroam at the same time (we are doing a pilot in Knoxville, TN). The principle is simple: Use your social credentials (or create your own) to load an EAP-TLS certificate that will be valid: 1) At every ANYROAM hotspot (no geographical limit) 2) At schools that have eduroam and decide to also accept ANYROAM credentials. We plan to reinforce the Social Credentials with a Micro-Payment by credit card to link both identifiers. (or a school can get a bag of ANYROAM tokens for visitors that they want to sponsor directly) This system has many advantage: -ANYROAM and eduroam are completely complementary -It enables campuses to use ANYROAM credentials to welcome visitors (and that can be done on the existing eduroam SSID!!) -One Quick and secure provisioning of visitors (one EAP-TLS cert can work at thousands of locations) -It could greatly increase the adoption of eduroam beyond the campus -Handling visitors with 802.1X gives the campus (or the HotSpot) a lot of controls (or contact us if it's out of control) -Users join instantly without having to discover SSIDs or registration methods -The eduroam generation will be able to enjoy a system they know after they graduate (or you can give ANYROAM credentials to alumni) -Ready for HotSpot2.0! We will see how our first pilot develops in Knoxville... Our intention is to create roaming ecosystems around campuses to benefit both communities: non-edu and edu. Philippe p.s. CloudPath Networks is providing the Enrollment System for EAP-TLS certs Philippe Hanset www.eduroam.ushttp://www.eduroam.us On Mar 3, 2014, at 12:30 PM, Eric Wohlford ewohlf...@bluefield.edumailto:ewohlf...@bluefield.edu wrote: Hello All, First let me apologize if similar postings have been made I could not find any with these questions in the archives. We have been asked to look into Self-Provisioning of Guest Accounts, and we are not all that sure where to start. Most of the solutions I have seen are tied to the Wireless Vendors. Currently we are using Ruckus Wireless and it’s built in Guest Access for this which is a sponsor based system. It’s actually a very simple system. Our Questions: 1. If you use a self-provision system whom is your vendor, or is it homegrown? 2. What are your Security Concerns, and are you a Sponsor Based system or a Self-Provisioning system? 3. What is your staff to user ratio? Thank you, My Pleasure to Serve, Eric R. Wohlford, MBA MCDST, MCP, A+, Network+ ___ Manager of Network Services Bluefield College 3000 College Drive Bluefield, VA Office – 276.326.4278 Fax – 276.326.4288 www.bluefield.edux-msg://89/www.bluefield.edu image001.gif ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.