RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
I’m not a lock guy, but I was in a meeting where our ASSA reseller said that the power-only cabling for the PoE locks is much more reliable than the old stuff. I can’t validate the accuracy of that statement, but our lock guys have seen and evaluated it and they seem to have more confidence in it. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Michael Gregory Sent: Tuesday, March 31, 2020 3:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? For our new residence buildings we are using the PoE version for power and communications. The WiFi service for the residence buildings is provided by a 3rd party so we can't control or manage the RF space or have a secure SSID/Vlan. The door hinges for PoE are expensive, unreliable and can't be repaired, just replaced. A better solution is a Concealed Electrical Power Transfere (CEPT) that can also house a data cable. Lower cost and easier to repair. The next challenge is the integration of the locks with Lenel (Access Control) and StaRez (Residences Management). Michael Gregory Network Architect | Infrastructure Services Simon Fraser University On 2020-03-31 12:05 p.m., Jim Pampinella wrote: Have they talked about how they are going to power the Wi-Fi locks? There are several options, battery, external low voltage power and PoE. At Syracuse we have a mixture of all three with the external low voltage power being the most common. PoE has been discussed and in a few places installed, but no one (including me) wants to own the cable going through the door and door frame. While they have PoE rated hinges they are triple the cost and the support from the vendors has been less than desirable. Jim Pampinella IT Manager Network and Wiring Services T 315.443.5768 M 315.420.2246 japam...@syr.edu<mailto:japam...@syr.edu> 004 Machinery Hall, Syracuse, NY 13244 syracuse.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsyracuse.edu%2F=02%7C01%7Ccae104%40PSU.EDU%7C1e06db2a965c4b79d80908d7d5aab865%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637212801536338045=%2FtKLPxe22X5g2UlXNo1s5Z8cRClZLqHESHckAKr11HE%3D=0> | its.syr.edu/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fits.syr.edu%2F=02%7C01%7Ccae104%40PSU.EDU%7C1e06db2a965c4b79d80908d7d5aab865%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637212801536348036=HoUTvOWcunjKZyOrkKHIGEe4mKmRRm%2FHKjd9VLUqjtE%3D=0> Syracuse University From: The EDUCAUSE Wireless Issues Community Group Listserv <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Lee H Badman Sent: Tuesday, March 31, 2020 2:54 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fstthomas.edu%2F=02%7C01%7Ccae104%40PSU.EDU%7C1e06db2a965c4b79d80908d7d5aab865%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637212801536348036=dJf5XYL7bf6aVECmN3S0S81o0ElseE05eDifvJgz0QI%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email add
RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
Was use a separate hidden 1x SSID. Auth is the same as for our main SSID and the username is used to put the client in either the lock role or the deny all role. We could do something similar on our MAIN SSID, but I try to avoid multiple VLANs on an SSID in anticipations of maybe someday dual-stacking. From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fstthomas.edu%2F=02%7C01%7Ccae104%40PSU.EDU%7C15a6d8ed161a4a1f29fa08d7d5a3feba%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637212772650895450=ka6f04QEJoYkEBk4d7Zb3ogu7Svht%2F%2BKhKd4Rbv5%2BNo%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Ccae104%40PSU.EDU%7C15a6d8ed161a4a1f29fa08d7d5a3feba%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637212772650895450=b6TRG09a0gT%2F1kWkmG3wGwMh96mNiUhxWE1h0T4udNQ%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
For our new residence buildings we are using the PoE version for power and communications. The WiFi service for the residence buildings is provided by a 3rd party so we can't control or manage the RF space or have a secure SSID/Vlan. The door hinges for PoE are expensive, unreliable and can't be repaired, just replaced. A better solution is a Concealed Electrical Power Transfere (CEPT) that can also house a data cable. Lower cost and easier to repair. The next challenge is the integration of the locks with Lenel (Access Control) and StaRez (Residences Management). Michael Gregory Network Architect | Infrastructure Services Simon Fraser University On 2020-03-31 12:05 p.m., Jim Pampinella wrote: Have they talked about how they are going to power the Wi-Fi locks? There are several options, battery, external low voltage power and PoE. At Syracuse we have a mixture of all three with the external low voltage power being the most common. PoE has been discussed and in a few places installed, but no one (including me) wants to own the cable going through the door and door frame. While they have PoE rated hinges they are triple the cost and the support from the vendors has been less than desirable. *Jim Pampinella* IT Manager Network and Wiring Services *T* 315.443.5768 *M* 315.420.2246 _japam...@syr.edu <mailto:japam...@syr.edu>_ 004 Machinery Hall, Syracuse, NY 13244 syracuse.edu | its.syr.edu/ <https://its.syr.edu/> Syracuse University *From:*The EDUCAUSE Wireless Issues Community Group Listserv *On Behalf Of *Lee H Badman *Sent:* Tuesday, March 31, 2020 2:54 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. *Lee Badman*| Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 *t*315.443.3003 *e* lhbad...@syr.edu <mailto:lhbad...@syr.edu> *w* its.syr.edu *SYRACUSE UNIVERSITY* syr.edu *From:*The EDUCAUSE Wireless Issues Community Group Listserv <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> *On Behalf Of *Jess Walczak *Sent:* Tuesday, March 31, 2020 2:47 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *Subject:* [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu <http://stthomas.edu> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community -- ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
Have they talked about how they are going to power the Wi-Fi locks? There are several options, battery, external low voltage power and PoE. At Syracuse we have a mixture of all three with the external low voltage power being the most common. PoE has been discussed and in a few places installed, but no one (including me) wants to own the cable going through the door and door frame. While they have PoE rated hinges they are triple the cost and the support from the vendors has been less than desirable. Jim Pampinella IT Manager Network and Wiring Services T 315.443.5768 M 315.420.2246 japam...@syr.edu<mailto:japam...@syr.edu> 004 Machinery Hall, Syracuse, NY 13244 syracuse.edu | its.syr.edu/<https://its.syr.edu/> Syracuse University From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Lee H Badman Sent: Tuesday, March 31, 2020 2:54 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<http://stthomas.edu> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
We did the same thing but on eduroam with a special VLAN dedicated for the locks. Chris Hart Northwestern University From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Lee H Badman Sent: Tuesday, March 31, 2020 1:54 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<https://urldefense.com/v3/__http:/stthomas.edu__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBV78K1ijU$> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBVE3R0NaE$> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.com/v3/__https:/www.educause.edu/community__;!!Dq0X2DkFhyF93HkjWTBQKhk!CuDtygLpLz1Y-Es48FWE9eFsuCfwNPQB1hL0bKcoY_W2Bj5OugjCGGxs1BBVE3R0NaE$> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
RE: [WIRELESS-LAN] How does your enterprise do your wireless door locks?
Same locks. We started on dedicated 802.1X SSID, then moved them to main SSID (is not eduroam here) using VLAN steering to get them into their own private IP space. They seem to handle PEAP with MS-CHAPv2 quite nicely. No idea on TLS. Lee Badman | Network Architect (CWNE#200) Information Technology Services (NDD Group) 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Jess Walczak Sent: Tuesday, March 31, 2020 2:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] How does your enterprise do your wireless door locks? Sending out a question as to how you do your wifi that serves your wireless door locks. Do you have them on your branded wifi/eduroam, their own SSID, or a shared IoT or infrastructure SSID? Is it a hidden SSID? Do you have them using a simple PSK or do you onboard it with a tool like ISE or Clearpass. Do you install a cert? Our institution has purchased Assa Abloy model IN120 door locks. We are a Cisco shop and we have ISE, so we could easily onboard using their Mac Address Bypass device profiling, but that would consume an expensive license, so perhaps other folks have done something simpler and found it to work well and to be enough security/segmentation. Thanks!--JW Jess Walczak Network Engineer Innovation & Technology Services University of St. Thomas | stthomas.edu<http://stthomas.edu> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community