Re: [WIRELESS-LAN] Guest Wireless Public DNS or Internal DNS

[Jeremy Mooney]

We recently went the other way. Primarily because while firewalling off
things like AD and fileservers worked, the client behavior if they also
can't look up the name is improved. The simplest solution to give the guest
network an "outside" view of DNS was just to point them outside. Our
existing external servers don't do any resolving, so otherwise we'd need to
track a special config (and/or set of servers) for the guest network.

On Thu, Jul 21, 2016 at 7:55 AM, Alexandre Adao 
wrote:

> I would like to know if anyone has opted to use their own local/internal
> DNS for Guest Wireless or Eduroam instead public DNS (e.g.Google, OpenDNS,
> etc). What would be the reasons? Ex: Audit trails? and What would the risk
> if any? Any feedback, I appreciate.
>
> Thanks,
>
> --Alex Adao
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>


-- 
Jeremy Mooney
ITS - Bethel University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Wireless Public DNS or Internal DNS

[Jeffrey D. Sessler]

We’re using OpenDNS, but with their add-on Umbrella protection product. It 
provides great visibility (audit trails) and protection against threats (bad 
sites, malware, command and control) without the need to put an agent on the 
guest device. If so inclined, it also provides “net nanny” features e.g. block 
adult sites.

Jeff

From: "wireless-lan@listserv.educause.edu"  
on behalf of Alexandre Adao 
Reply-To: "wireless-lan@listserv.educause.edu" 

Date: Thursday, July 21, 2016 at 5:55 AM
To: "wireless-lan@listserv.educause.edu" 
Subject: [WIRELESS-LAN] Guest Wireless Public DNS or Internal DNS

I would like to know if anyone has opted to use their own local/internal DNS 
for Guest Wireless or Eduroam instead public DNS (e.g.Google, OpenDNS, etc). 
What would be the reasons? Ex: Audit trails? and What would the risk if any? 
Any feedback, I appreciate.

Thanks,

--Alex Adao


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[Reams, Lane]

Good question regarding non-dot1x devices.  We have two SSIDs we use - one is 
WPA2/PSK and the other is WEP, both use a MAC registration process so we can 
collect owner information and control access.  Game consoles and student 
AppleTVs use our open SSID; classroom AppleTVs, infusion pumps, health monitors 
and other devices that need to be secured but don't support dot1x use the 
WPA2/PSK or WEP SSID to connect.  Being a university research medical center 
has many wireless challenges and we support a very wide range of devices from 
all BYOD to legacy patient care devices.  We are also required to support 11b 
devices in patient care areas:(


Lane Reams | Manager, Network Design & Engineering | Information Technology | 
Vanderbilt University
lane.re...@vanderbilt.edu | phone 615.936.2677 | 
it.vanderbilt.edu<http://it.vanderbilt.edu/>
[Vanderbilt IT logo]



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson
Sent: Tuesday, September 16, 2014 11:17 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

Interesting discussion and implementations! We are in the process of reviewing 
our guest network access as well. These ideas are helpful and will give us 
options to think about. In addition to the guest access, many of you mentioned 
additional SSIDs and auth methods your institution offers.  How do you treat 
those devices that do not support dot1x and/or no browsers for layer3 auth? For 
example, a game console or smarttv for students that are living on campus or 
guest on university business.


Kanan Simpson


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Tuesday, September 16, 2014 11:59 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless


We consider not having to deal with CALEA / DMCA on our guest network worth the 
cost.

Note: we provide attwifi "free-to-guest" which means no one has to pay to use 
it.

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Lee H Badman 
[lhbad...@syr.edu]
Sent: Friday, September 12, 2014 11:33 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless
Neil-

You're saying AT&T charges you for this? Do you charge them back for the Wi-Fi 
offload?

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Friday, September 12, 2014 11:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless


We contracted with ATT to handle guests and visitors.

We advertise their SSID ("attwifi") on our wireless infrastructure and then 
hand the traffic off to them via boxes called Network Management Devices (NMD) 
that they provide. They tunnel the traffic to their "cloud" via our Internet 
connection.

They take care of the CALEA and DMCA issues.  They benefit by offloading their 
cell customer's data traffic on to our Wifi infrastructure, so the monthly cost 
for us was very reasonable.

-Neil


--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel 
[jcoeho...@york.edu]
Sent: Friday, September 12, 2014 9:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless
I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just acros

RE: [WIRELESS-LAN] guest wireless

[Kanan E Simpson]

Interesting discussion and implementations! We are in the process of reviewing 
our guest network access as well. These ideas are helpful and will give us 
options to think about. In addition to the guest access, many of you mentioned 
additional SSIDs and auth methods your institution offers.  How do you treat 
those devices that do not support dot1x and/or no browsers for layer3 auth? For 
example, a game console or smarttv for students that are living on campus or 
guest on university business.


Kanan Simpson


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Tuesday, September 16, 2014 11:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless


We consider not having to deal with CALEA / DMCA on our guest network worth the 
cost.

Note: we provide attwifi "free-to-guest" which means no one has to pay to use 
it.

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Lee H Badman 
[lhbad...@syr.edu]
Sent: Friday, September 12, 2014 11:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless
Neil-

You're saying AT&T charges you for this? Do you charge them back for the Wi-Fi 
offload?

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Friday, September 12, 2014 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless


We contracted with ATT to handle guests and visitors.

We advertise their SSID ("attwifi") on our wireless infrastructure and then 
hand the traffic off to them via boxes called Network Management Devices (NMD) 
that they provide. They tunnel the traffic to their "cloud" via our Internet 
connection.

They take care of the CALEA and DMCA issues.  They benefit by offloading their 
cell customer's data traffic on to our Wifi infrastructure, so the monthly cost 
for us was very reasonable.

-Neil


--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel 
[jcoeho...@york.edu]
Sent: Friday, September 12, 2014 9:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless
I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just across the street, I can 
testify that leeching wifi from the college is a horrible personal wifi 
experience (also: before I came here and I had an hour long commute, and I can 
say that walking across the street to get to your office is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted option, 
and the vast majority do on their laptops now, and some on their phones, but 
students love the open network for things like smart TVs, blu-ray players, etc. 
They feel this makes our network *better*. We have some game consoles on the 
open network, but Residence Life encourages students to plug those into a wired 
port (even providing cat5 cables at times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot for 
any neighbors or people wandering by". We want to be part of the community, and 
welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never had a 
request for data. This may some day force us to make a policy change, but in 
the meantime, I'd have a revolt on my hands if I ever tried to do away with the 
open SSID.





[Image removed by sender.]


Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>

RE: [WIRELESS-LAN] guest wireless

[Johnson, Neil M]

We consider not having to deal with CALEA / DMCA on our guest network worth the 
cost.

Note: we provide attwifi "free-to-guest" which means no one has to pay to use 
it.

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Lee H Badman 
[lhbad...@syr.edu]
Sent: Friday, September 12, 2014 11:33 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

Neil-

You’re saying AT&T charges you for this? Do you charge them back for the Wi-Fi 
offload?

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Friday, September 12, 2014 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless


We contracted with ATT to handle guests and visitors.

We advertise their SSID ("attwifi") on our wireless infrastructure and then 
hand the traffic off to them via boxes called Network Management Devices (NMD) 
that they provide. They tunnel the traffic to their "cloud" via our Internet 
connection.

They take care of the CALEA and DMCA issues.  They benefit by offloading their 
cell customer's data traffic on to our Wifi infrastructure, so the monthly cost 
for us was very reasonable.

-Neil


--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel 
[jcoeho...@york.edu]
Sent: Friday, September 12, 2014 9:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless
I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just across the street, I can 
testify that leeching wifi from the college is a horrible personal wifi 
experience (also: before I came here and I had an hour long commute, and I can 
say that walking across the street to get to your office is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted option, 
and the vast majority do on their laptops now, and some on their phones, but 
students love the open network for things like smart TVs, blu-ray players, etc. 
They feel this makes our network *better*. We have some game consoles on the 
open network, but Residence Life encourages students to plug those into a wired 
port (even providing cat5 cables at times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot for 
any neighbors or people wandering by". We want to be part of the community, and 
welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never had a 
request for data. This may some day force us to make a policy change, but in 
the meantime, I'd have a revolt on my hands if I ever tried to do away with the 
open SSID.





[http://www.york.edu/mvptall.jpg]


Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>



[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie 
mailto:fair...@rider.edu>> wrote:
That's interesting Heath. What's the reasoning behind the exclusion period?


On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
mailto:heath.barnh...@washburn.edu>> wrote:
We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH,

Re: [WIRELESS-LAN] guest wireless

[Heath Barnhart]

I believe it was mostly to discourage our residential neighbors from using us 
for free Internet rather than getting their own ISP. I think CALEA compliance 
might've been part of it as well. We do have a method for providing longer 
access if required.


--
Heath Barnhart
ITS Network Administrator
Washburn University
785-670-2307




On Fri, 2014-09-12 at 09:49 -0400, Timothy Fairlie wrote:
That's interesting Heath. What's the reasoning behind the exclusion period?

On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
mailto:heath.barnh...@washburn.edu>> wrote:
We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.



--
Heath Barnhart
ITS Network Administrator
Washburn University
785-670-2307





On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Jason Wang]

We have a couple of different ways we accommodate guests.

First, we have a contract with AT&T to provide our guest/visitor 
network. We advertise an "attwifi" SSID on all our AP's (minus a couple 
of specific locations), and that network gets dropped off on an AT&T 
circuit. The "attwifi" network is available to anyone (not just 
University visitors), and rates are set by AT&T. UT does nothing to 
govern who can access "attwifi" or what they can do on it.


As part of that arrangement, departments can purchase daily individual 
passes or conference codes to sponsor guests, visitors, conference 
attendees, etc. to access the "attwifi" network at no charge to the 
guests. The cost to departments is nominal and there just for cost 
recovery for printing the cards with individual codes or administrative 
staff time for setting up the conference codes. This is all handled 
through our Campus Computer Store.


Next, we have methods for departments to sponsor visitors onto the 
University's network at no charge. Support and administrative staff as 
authorized by their departments can create such accounts via our HR 
systems or a proprietary guest account system for our wireless network. 
Guests using these accounts effectively have the same access as 
University staff and are subject to the same policies governing staff 
usage (eg. security policies, as defined and enforced by our Information 
Security Office). With a very few exceptions for certain ports/protocols 
(eg. NetBIOS/SMB, SNMP, TCP/UDP Echo, etc.), everything is allowed and 
treated equally (no QoS, application rate limiting, etc.).


Jason


On 09/09/2014 10:40 AM, Mark Reboli wrote:


I am looking for information on what people do with guest wireless.  
Do you have open wireless on your campus?  Do you have a password that 
everyone knows?  Do you create special passwords for groups?  Any 
assistance would be helpful.


Thank you

m

Description: MU Arches

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.






**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.



smime.p7s
Description: S/MIME Cryptographic Signature

RE: [WIRELESS-LAN] guest wireless

[Lee H Badman]

Neil-

You're saying AT&T charges you for this? Do you charge them back for the Wi-Fi 
offload?

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Johnson, Neil M
Sent: Friday, September 12, 2014 11:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless


We contracted with ATT to handle guests and visitors.

We advertise their SSID ("attwifi") on our wireless infrastructure and then 
hand the traffic off to them via boxes called Network Management Devices (NMD) 
that they provide. They tunnel the traffic to their "cloud" via our Internet 
connection.

They take care of the CALEA and DMCA issues.  They benefit by offloading their 
cell customer's data traffic on to our Wifi infrastructure, so the monthly cost 
for us was very reasonable.

-Neil


--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel 
[jcoeho...@york.edu]
Sent: Friday, September 12, 2014 9:13 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] guest wireless
I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just across the street, I can 
testify that leeching wifi from the college is a horrible personal wifi 
experience (also: before I came here and I had an hour long commute, and I can 
say that walking across the street to get to your office is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted option, 
and the vast majority do on their laptops now, and some on their phones, but 
students love the open network for things like smart TVs, blu-ray players, etc. 
They feel this makes our network *better*. We have some game consoles on the 
open network, but Residence Life encourages students to plug those into a wired 
port (even providing cat5 cables at times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot for 
any neighbors or people wandering by". We want to be part of the community, and 
welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never had a 
request for data. This may some day force us to make a policy change, but in 
the meantime, I'd have a revolt on my hands if I ever tried to do away with the 
open SSID.





[http://www.york.edu/mvptall.jpg]


Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>



[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie 
mailto:fair...@rider.edu>> wrote:
That's interesting Heath. What's the reasoning behind the exclusion period?


On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
mailto:heath.barnh...@washburn.edu>> wrote:
We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.

--

Heath Barnhart

ITS Network Administrator

Washburn University

785-670-2307

On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753



** Participa

RE: [WIRELESS-LAN] guest wireless

[Johnson, Neil M]

We contracted with ATT to handle guests and visitors.

We advertise their SSID ("attwifi") on our wireless infrastructure and then 
hand the traffic off to them via boxes called Network Management Devices (NMD) 
that they provide. They tunnel the traffic to their "cloud" via our Internet 
connection.

They take care of the CALEA and DMCA issues.  They benefit by offloading their 
cell customer's data traffic on to our Wifi infrastructure, so the monthly cost 
for us was very reasonable.

-Neil


--
Neil Johnson
Network Engineer
The University of Iowa
email: neil-john...@uiowa.edu
Phone: 319 394-0938

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel 
[jcoeho...@york.edu]
Sent: Friday, September 12, 2014 9:13 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just across the street, I can 
testify that leeching wifi from the college is a horrible personal wifi 
experience (also: before I came here and I had an hour long commute, and I can 
say that walking across the street to get to your office is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted option, 
and the vast majority do on their laptops now, and some on their phones, but 
students love the open network for things like smart TVs, blu-ray players, etc. 
They feel this makes our network *better*. We have some game consoles on the 
open network, but Residence Life encourages students to plug those into a wired 
port (even providing cat5 cables at times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot for 
any neighbors or people wandering by". We want to be part of the community, and 
welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never had a 
request for data. This may some day force us to make a policy change, but in 
the meantime, I'd have a revolt on my hands if I ever tried to do away with the 
open SSID.





[http://www.york.edu/mvptall.jpg]


Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>





[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie 
mailto:fair...@rider.edu>> wrote:
That's interesting Heath. What's the reasoning behind the exclusion period?


On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
mailto:heath.barnh...@washburn.edu>> wrote:
We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.


--
Heath Barnhart
ITS Network Administrator
Washburn University
785-670-2307




On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Par

RE: [WIRELESS-LAN] guest wireless

[Peter P Morrissey]

Regarding your CALEA comment. There seems to be lots of hand wringing about 
CALEA, but I have yet to hear of a school that was penalized in any way for 
having done something that does not comply. I have to say, at times it strikes 
me as a bit of a bogie man.

I do know of one very large school in New York City BTW that has an open 
wireless network.

Pete Morrissey

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel
Sent: Friday, September 12, 2014 10:14 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

I will admit to having a completely open guest network. We don't even require a 
terms of service click-through, and it's not encrypted. We do have some strict 
throttling for file sharing/p2p traffic, and I have some decent auditing 
capabilities, so I can track down violations and restrict them later if needed, 
but that's about it. We do the same throttling and auditing on the regular 
network

Our Admissions and Advancement offices *love* this: a candidate or guest comes 
on campus, and their device just works: never any 802.1x issues, never a 
problem with sponsorships or authentication. We're in a residential 
neighborhood, but I've learned not to worry about neighbors using our wifi: 
it's really a drop in the bucket. No one uses bandwidth like a college student 
uses bandwidth, and as I'm one of those who live just across the street, I can 
testify that leeching wifi from the college is a horrible personal wifi 
experience (also: before I came here and I had an hour long commute, and I can 
say that walking across the street to get to your office is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted option, 
and the vast majority do on their laptops now, and some on their phones, but 
students love the open network for things like smart TVs, blu-ray players, etc. 
They feel this makes our network *better*. We have some game consoles on the 
open network, but Residence Life encourages students to plug those into a wired 
port (even providing cat5 cables at times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot for 
any neighbors or people wandering by". We want to be part of the community, and 
welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never had a 
request for data. This may some day force us to make a policy change, but in 
the meantime, I'd have a revolt on my hands if I ever tried to do away with the 
open SSID.





[http://www.york.edu/mvptall.jpg]


Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
jcoeho...@york.edu<mailto:jcoeho...@york.edu>



[http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg]

The mission of York College is to transform lives through Christ-centered 
education and to equip students for lifelong service to God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie 
mailto:fair...@rider.edu>> wrote:
That's interesting Heath. What's the reasoning behind the exclusion period?


On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart 
mailto:heath.barnh...@washburn.edu>> wrote:
We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.

--

Heath Barnhart

ITS Network Administrator

Washburn University

785-670-2307

On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[Patten, Tami]

We force the guests/students to accept an AUP.  Once they have accepted they 
are on the guest network.

Tami Patten
Northeastern Junior College
Technical Systems Analyst
Desk (970)521-6687
Cell (970)520-7447

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Heath Barnhart
Sent: Friday, September 12, 2014 7:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.



--

Heath Barnhart

ITS Network Administrator

Washburn University

785-670-2307

On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Coehoorn, Joel]

I will admit to having a completely open guest network. We don't even
require a terms of service click-through, and it's not encrypted. We do
have some strict throttling for file sharing/p2p traffic, and I have some
decent auditing capabilities, so I can track down violations and restrict
them later if needed, but that's about it. We do the same throttling and
auditing on the regular network

Our Admissions and Advancement offices *love* this: a candidate or guest
comes on campus, and their device just works: never any 802.1x issues,
never a problem with sponsorships or authentication. We're in a residential
neighborhood, but I've learned not to worry about neighbors using our wifi:
it's really a drop in the bucket. No one uses bandwidth like a college
student uses bandwidth, and as I'm one of those who live just across the
street, I can testify that leeching wifi from the college is a horrible
personal wifi experience (also: before I came here and I had an hour long
commute, and I can say that walking across the street to get to your office
is *awesome*).

We do strongly encourage students/staff/faculty to use the encrypted
option, and the vast majority do on their laptops now, and some on their
phones, but students love the open network for things like smart TVs,
blu-ray players, etc. They feel this makes our network *better*. We have
some game consoles on the open network, but Residence Life encourages
students to plug those into a wired port (even providing cat5 cables at
times), and many take them up on this.

Really, the reason behind this policy is that we DO want to be "a hotspot
for any neighbors or people wandering by". We want to be part of the
community, and welcoming to guests.

I am concerned about my CALEA exposure, but as a small school we've never
had a request for data. This may some day force us to make a policy change,
but in the meantime, I'd have a revolt on my hands if I ever tried to do
away with the open SSID.




  Joel Coehoorn
Director of Information Technology
York College, Nebraska
402.363.5603
*jcoeho...@york.edu *




The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Fri, Sep 12, 2014 at 8:49 AM, Timothy Fairlie  wrote:

> That's interesting Heath. What's the reasoning behind the exclusion period?
>
>
> On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart <
> heath.barnh...@washburn.edu> wrote:
>
>>  We have an open guest network, however, you do have to register with a
>> name, email, and phone number. Guests have 3 days of access followed by a 3
>> day exclusion period were the device is not allowed on the network. Access
>> is restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't
>> throttle the bandwidth.
>>
>>   --
>> Heath Barnhart
>> ITS Network Administrator
>> Washburn University785-670-2307
>>
>>
>>
>>   On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
>>
>> I am looking for information on what people do with guest wireless.  Do
>> you have open wireless on your campus?  Do you have a password that
>> everyone knows?  Do you create special passwords for groups?  Any
>> assistance would be helpful.
>>
>>
>>
>> Thank you
>>
>>
>>
>> m
>>
>>
>>
>> [image: Description: MU Arches]
>>
>> Mark Reboli
>>
>> Network/Telcom Manager
>>
>> Misericordia University
>>
>> (570) 674-6753
>>
>>
>>
>>
>>  ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Julian Y Koh]

On Tue Sep 09 2014 10:40:33 CDT, Mark Reboli  wrote: 
> I am looking for information on what people do with guest wireless.  Do you 
> have open wireless on your campus?  Do you have a password that everyone 
> knows?  Do you create special passwords for groups?  Any assistance would be 
> helpful.

NU has an open (no encryption or 802.11-level auth) SSID that anyone can use.  
Registration is required via a captive portal to collect name, email address, 
and sponsoring entity.  Registration will grant access for 7 days after which 
re-registration is required.  Bandwidth is limited to 3Mbps, and only certain 
ports/protocols are allowed.  Different IP space is used from the rest of the 
campus network, so access to campus-restricted resources is not allowed.  We 
also don’t allow access to our campus VPN from the guest network.



We offer eduroam services, which are not bandwidth or port/protocol limited.  


-- 
Julian Y. Koh
Acting Associate Director, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)

2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Timothy Fairlie]

That's interesting Heath. What's the reasoning behind the exclusion period?

On Fri, Sep 12, 2014 at 9:42 AM, Heath Barnhart  wrote:

>  We have an open guest network, however, you do have to register with a
> name, email, and phone number. Guests have 3 days of access followed by a 3
> day exclusion period were the device is not allowed on the network. Access
> is restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't
> throttle the bandwidth.
>
>   --
> Heath Barnhart
> ITS Network Administrator
> Washburn University785-670-2307
>
>
>
>   On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
>
> I am looking for information on what people do with guest wireless.  Do
> you have open wireless on your campus?  Do you have a password that
> everyone knows?  Do you create special passwords for groups?  Any
> assistance would be helpful.
>
>
>
> Thank you
>
>
>
> m
>
>
>
> [image: Description: MU Arches]
>
> Mark Reboli
>
> Network/Telcom Manager
>
> Misericordia University
>
> (570) 674-6753
>
>
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Heath Barnhart]

We have an open guest network, however, you do have to register with a name, 
email, and phone number. Guests have 3 days of access followed by a 3 day 
exclusion period were the device is not allowed on the network. Access is 
restricted to HTTP, HTTPS, SMTP/POP, SSH, and most VPN. We don't throttle the 
bandwidth.



--
Heath Barnhart
ITS Network Administrator
Washburn University
785-670-2307




On Tue, 2014-09-09 at 15:40 +, Mark Reboli wrote:
I am looking for information on what people do with guest wireless.  Do you 
have open wireless on your campus?  Do you have a password that everyone knows? 
 Do you create special passwords for groups?  Any assistance would be helpful.



Thank you



m



[Description: MU Arches]

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753




** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Dale W. Carder]

Thus spake Peter P Morrissey (ppmor...@syr.edu) on Wed, Sep 10, 2014 at 
04:55:59PM +:
> So you actually act like you like your guests! :) What a concept.

Our director once made the comment that after spending however many
millions on the last upgrade that it better darn well work better 
than the coffee shop across the street. ;-)

Dale

 
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dale W. Carder
> Sent: Wednesday, September 10, 2014 11:58 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] guest wireless
> 
> Thus spake Mark Reboli (mreb...@misericordia.edu) on Tue, Sep 09, 2014 at 
> 03:40:33PM +:
> > I am looking for information on what people do with guest wireless.  Do you 
> > have open wireless on your campus?  Do you have a password that everyone 
> > knows?  Do you create special passwords for groups?  Any assistance would 
> > be helpful.
> 
> For our guests they can use eduroam, otherwise there is an open ssid and a 
> click-through aup captive portal where they submit their name, email address 
> and reason for requesting network access.
> 
> Guests get the same network access as everyone else, and we do not filter nor 
> rate limit their traffic.  
> 
> Dale
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[Peter P Morrissey]

So you actually act like you like your guests! :) What a concept.
Pete Morrissey

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Dale W. Carder
Sent: Wednesday, September 10, 2014 11:58 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

Thus spake Mark Reboli (mreb...@misericordia.edu) on Tue, Sep 09, 2014 at 
03:40:33PM +:
> I am looking for information on what people do with guest wireless.  Do you 
> have open wireless on your campus?  Do you have a password that everyone 
> knows?  Do you create special passwords for groups?  Any assistance would be 
> helpful.

For our guests they can use eduroam, otherwise there is an open ssid and a 
click-through aup captive portal where they submit their name, email address 
and reason for requesting network access.

Guests get the same network access as everyone else, and we do not filter nor 
rate limit their traffic.  

Dale

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Dale W. Carder]

Thus spake Mark Reboli (mreb...@misericordia.edu) on Tue, Sep 09, 2014 at 
03:40:33PM +:
> I am looking for information on what people do with guest wireless.  Do you 
> have open wireless on your campus?  Do you have a password that everyone 
> knows?  Do you create special passwords for groups?  Any assistance would be 
> helpful.

For our guests they can use eduroam, otherwise there is an open ssid and 
a click-through aup captive portal where they submit their name, email 
address and reason for requesting network access.

Guests get the same network access as everyone else, and we do not filter 
nor rate limit their traffic.  

Dale

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Dennis Xu]

Yes uog-wifi SSID is also used to provision client devices. We use SecureW2 
JoinNow wizard. 

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS)
University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca 
www.uoguelph.ca/ccs

- Original Message -
From: "Bruce W Osborne (Network Services)" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, September 10, 2014 7:52:27 AM
Subject: Re: [WIRELESS-LAN] guest wireless

Dennis,

Do you use uog-wifi to provision client devices? If not, how do they get 
configured for uog-wifi-secure? 

We use CloudPath XpressConnect Wizard on an open SSID to provision clients for 
WPA2-Enterprise.

Bruce Osborne
Network Engineer – Wireless Team
IT Network Services

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

-Original Message-
From: Dennis Xu [mailto:d...@uoguelph.ca] 
Sent: Tuesday, September 9, 2014 3:46 PM
Subject: Re: guest wireless

We have three SSIDs:

uog-wifi-secure: WPA2/Enterprise. No restrictions after authenticated. 
uog-wifi: web auth. A single portal for both uog users and guests. We use Cisco 
NAC guest servers to manage sponsors and guest accounts. No restrictions for 
uog users and http/https only for guests.
eduroam: WPA2/Enterprise. Only certain ports are opened(such as http/https, 
VPN, secure email ports, etc). 

Our goal is to make uog-wifi guest only by end of this year. 

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS) University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca
www.uoguelph.ca/ccs

- Original Message -
From: "Bradley Williams" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, September 9, 2014 12:05:27 PM
Subject: Re: [WIRELESS-LAN] guest wireless




We have an webauth ssid that redirects to a server that can do 
self-provisioning and authentication of guest accounts(as long as they provide 
a phone number or email account to have it sent to). That provides them with 
internet access(no internal network access) and keeps us CALEA compliant. 




Bradley Williams 

Network Services 

Clemson Computing and Information Technology 





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Reboli
Sent: Tuesday, September 09, 2014 11:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] guest wireless 



I am looking for information on what people do with guest wireless. Do you have 
open wireless on your campus? Do you have a password that everyone knows? Do 
you create special passwords for groups? Any assistance would be helpful. 



Thank you 



m 



Description: MU Arches

Mark Reboli 

Network/Telcom Manager 

Misericordia University 

(570) 674-6753 



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Dennis Xu]

We have three SSIDs:

uog-wifi-secure: WPA2/Enterprise. No restrictions after authenticated. 
uog-wifi: web auth. A single portal for both uog users and guests. We use Cisco 
NAC guest servers to manage sponsors and guest accounts. No restrictions for 
uog users and http/https only for guests.
eduroam: WPA2/Enterprise. Only certain ports are opened(such as http/https, 
VPN, secure email ports, etc). 

Our goal is to make uog-wifi guest only by end of this year. 

---
Dennis Xu
Analyst 3, Network Infrastructure
Computing and Communications Services(CCS)
University of Guelph

519-824-4120 Ext 56217
d...@uoguelph.ca 
www.uoguelph.ca/ccs

- Original Message -
From: "Bradley Williams" 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, September 9, 2014 12:05:27 PM
Subject: Re: [WIRELESS-LAN] guest wireless




We have an webauth ssid that redirects to a server that can do 
self-provisioning and authentication of guest accounts(as long as they provide 
a phone number or email account to have it sent to). That provides them with 
internet access(no internal network access) and keeps us CALEA compliant. 




Bradley Williams 

Network Services 

Clemson Computing and Information Technology 





From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Reboli 
Sent: Tuesday, September 09, 2014 11:41 AM 
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: [WIRELESS-LAN] guest wireless 



I am looking for information on what people do with guest wireless. Do you have 
open wireless on your campus? Do you have a password that everyone knows? Do 
you create special passwords for groups? Any assistance would be helpful. 



Thank you 



m 



Description: MU Arches

Mark Reboli 

Network/Telcom Manager 

Misericordia University 

(570) 674-6753 



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/ . ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[McClintic, Thomas]

We have 1 802.1X SSID and 1 open web auth passthrough SSID.

Traffic on the authenticated SSID goes through our normal User VRF. Traffic on 
guest goes directly to an internet VRF which passes through our PAN. We do 
allow traffic to go out the internet and back, which we are flirting with 
disabling.

We throttle the speed of the open SSID to 1mbps up/down.

Our problem is that users find it easier to configure devices for the web auth 
so we try to time them out often, lower their speed, and maybe prevent them 
from reaching VPN (future). 

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Frank Sweetser
Sent: Tuesday, September 09, 2014 10:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] guest wireless

Our general policies are posted here:

https://urldefense.proofpoint.com/v1/url?u=http://www.wpi.edu/Academics/CCC/Netops/Wireless/Guest/&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0A&m=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0A&s=c96ff8e0f964342ef759d323c7d96cf860113ed8931ca16b2e6236d6248e1dce

We avoid doing completely open wifi, as we have decided not to become a hotspot 
for any neighbors or people wandering by.  To handle the request volume and 
keep the turnaround time low, we have a larger number of contacts throughout 
campus (including the majority of administrative assistants) set up to hand out 
guest passes, typically limited to one day.

We don't set concurrent limits on logins, so we don't do anything special for 
group accounts vs individual ones.

In addition, we are also in the process of rolling out eduroam campus wide.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 09/09/2014 11:40 AM, Mark Reboli wrote:
> I am looking for information on what people do with guest wireless.  
> Do you have open wireless on your campus?  Do you have a password that 
> everyone knows?  Do you create special passwords for groups?  Any 
> assistance would be helpful.
>
> Thank you
>
> m
>
> Description: MU Arches
>
> Mark Reboli
>
> Network/Telcom Manager
>
> Misericordia University
>
> (570) 674-6753
>
> ** Participation and subscription information for this 
> EDUCAUSE Constituent Group discussion list can be found at 
> https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0A&m=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0A&s=e5c6f89fb62653a0d95879fdd6086e0d68e9311f8aca8200b3ac774ae9621d9e.
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v1/url?u=http://www.educause.edu/groups/&k=yYSsEqip9%2FcIjLHUhVwIqA%3D%3D%0A&r=eHsexY0U6WY24UhDK4eLQbvXOPzMySRoCq87DX3WV5M%3D%0A&m=qwzpYaLupWPZPbEbZunzdvuj06nITcEsszfpVFAAi58%3D%0A&s=e5c6f89fb62653a0d95879fdd6086e0d68e9311f8aca8200b3ac774ae9621d9e.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Timothy Fairlie]

In certain buildings, we allow guest users to create a temporary account
(using an email address as the login ID) that expires in 24 hours
They do not have access to any of our internal sites, just Internet,

While they are given access immediately, we timeout any idle connections
after 10 minutes. Their temp password gets emailed to them, or they can
have it sent via SMS when they register

We use Aruba Clearpass

On Tue, Sep 9, 2014 at 11:40 AM, Mark Reboli 
wrote:

>  I am looking for information on what people do with guest wireless.  Do
> you have open wireless on your campus?  Do you have a password that
> everyone knows?  Do you create special passwords for groups?  Any
> assistance would be helpful.
>
>
>
> Thank you
>
>
>
> m
>
>
>
> [image: Description: MU Arches]
>
> Mark Reboli
>
> Network/Telcom Manager
>
> Misericordia University
>
> (570) 674-6753
>
>
>  ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] guest wireless

[Frank Sweetser]

Our general policies are posted here:

http://www.wpi.edu/Academics/CCC/Netops/Wireless/Guest/

We avoid doing completely open wifi, as we have decided not to become a 
hotspot for any neighbors or people wandering by.  To handle the request 
volume and keep the turnaround time low, we have a larger number of contacts 
throughout campus (including the majority of administrative assistants) set up 
to hand out guest passes, typically limited to one day.


We don't set concurrent limits on logins, so we don't do anything special for 
group accounts vs individual ones.


In addition, we are also in the process of rolling out eduroam campus wide.

Frank Sweetser fs at wpi.edu|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 09/09/2014 11:40 AM, Mark Reboli wrote:

I am looking for information on what people do with guest wireless.  Do you
have open wireless on your campus?  Do you have a password that everyone
knows?  Do you create special passwords for groups?  Any assistance would be
helpful.

Thank you

m

Description: MU Arches

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] guest wireless

[Danny Eaton]

Mark,

 

We have 3 campus wide broadcast SSID's.  Rice Owls (802.1X for campus
users), eduroam (802.1X for any participating institution) and Rice Visitor
(open SSID with a captive portal with splash page for Acceptable Use
Policy).  The Rice Owls and eduroam will put our local users into their
various MPLS VPN VRF's (staff/faculty, or students).  The eduroam SSID will
put authenticated users from other institutions into our Visitor VRF, as
does the open SSID Rice Visitor.  

 

We have all VRF's go through our IDS/IDP, and bittorrent (specifically) is
blocked for the Visitor VRF.  

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Reboli
Sent: Tuesday, September 09, 2014 10:41 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] guest wireless

 

I am looking for information on what people do with guest wireless.  Do you
have open wireless on your campus?  Do you have a password that everyone
knows?  Do you create special passwords for groups?  Any assistance would be
helpful.

 

Thank you

 

m

 

Description: MU Arches

Mark Reboli

Network/Telcom Manager

Misericordia University

(570) 674-6753

 

!DSPAM:911,540f1f7a326953562010141! 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Wireless Questions

[David LaPorte]

We're using the Cisco Guest NAC Server to provide sponsored guest access
and it's worked fine for us.  It ships as an appliance.

http://www.cisco.com/en/US/products/ps10160/index.html

Dave

On 7/6/10 3:48 PM, Christian Heroux wrote:
> Hello,
> 
>  
> 
> Mcgill University  here in Montreal has a similar policy,
> 
> http://knowledgebase.mcgill.ca/display/2/articleDirect/index.asp?aid=2264&r=0.5351679
> 
> 
> https://search.mcgill.ca/fasttrack/?appl=guest
> 
>  
> 
> We would like to have similar solution but we do not want to develop the
> application our self. Have you come across a web applications that would
> do this?
> 
>  
> 
> Christian Heroux
> 
> University of Quebec
> 
> Montreal

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Christian.Heroux]

Hello,

 

Mcgill University  here in Montreal has a similar policy,

http://knowledgebase.mcgill.ca/display/2/articleDirect/index.asp?aid=2264&r=0.5351679

https://search.mcgill.ca/fasttrack/?appl=guest

 

We would like to have similar solution but we do not want to develop the 
application our self. Have you come across a web applications that would do 
this?

 

Christian Heroux

University of Quebec

Montreal

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of heath.barnhart
Sent: 6 juillet 2010 09:18
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

We do the same thing for the most part.

Heath

On 7/2/2010 8:09 AM, Daniel Eklund wrote: 

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  <mailto:tne...@uamail.albany.edu>  
wrote: 
> 

Are you providing free guest wireless access on your campus?

How are you dealing with CALEA if you are?

Do you use your edu address?

Thanks,

 

Thomas R. Neiss

Director of ITS Telecommunications

University at Albany

1400 Washington Ave

Albany, NY 1

(518) 437-3803

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 






-- 
Heath Barnhart, CCNA
Network Administrator
Information Systems and Services
Washburn University
Topeka, KS 66621

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

Re: [WIRELESS-LAN] Guest Wireless Questions

[heath.barnhart]

We do the same thing for the most part.

Heath

On 7/2/2010 8:09 AM, Daniel Eklund wrote:
We provide free guest access, but not open access.  Guests must be 
vouched for by a faculty or staff member and that person takes 
responsibility for the actions of the guest while they use the 
network.  We have a simple online process that the faculty or staff 
member uses to create a temporary ID and password for their guest.  
They can create as many IDs as they need and the ID can be requested 
to have a lifetime up to 1 week.  After that time the ID is deleted.


--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote:
>
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,
Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803
** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.





--
Heath Barnhart, CCNA
Network Administrator
Information Systems and Services
Washburn University
Topeka, KS 66621


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Winston Chow]

-Original Message-
From: Armstrong, Geoff 
Sent: Friday, July 02, 2010 12:18 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

Hi Tom,
 
We have an open unauthenticated SSID called ubcvisitor. Upon connecting, the 
guest is presented with a captive portal which displays our AUP and services 
they can access. The user must then enter an email address at the bottom of the 
disclaimer and hit accept in order to start their session. 
 
Outbound from the network we block all ports except for those used by these 
services; http, https, pops, imaps, smtps, pptp, l2tp, IPsec, ssh and ntp. 
 
On the wireless controllers this SSID is set to the lowest traffic priority 
setting (Bronze in Cisco WLC land).
 
We use publicly routable, commercial IP space. This makes it easier on us when 
it comes to logging and tracing. This also prohibits access to many services 
only available from our academic IP space which makes its use a deterrent to 
students, staff and faculty. 
 
We initially only intended to keep this network on for the 2010 Winter Olympics 
but due to popular demand we have turned it into a permanent fixture here at 
UBC. 
 
Geoff Armstrong
Network Support Analyst
Network Management Centre
University of British Columbia – Information Technology
(604) 822-1305
UBC Wireless
 
 
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Neiss, Tom
 Sent: Friday, July 02, 2010 5:02 AM
 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
 Subject: [WIRELESS-LAN] Guest Wireless Questions
 
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,
 
Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803
 
 
 
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Trent Fierro]

 

Thanks Tom. When I was at Cisco 6 years ago it was Communications Assistance, 
so glad to see that the acronym hasn’t changed…

We currently have one customer (U of San Diego) that charges for guest access 
and a couple more that are considering it due to budget cuts, loss of long 
distance revenue, etc.. USD wanted to keep the students off of the guest 
network, so payment solved that. Adding a landing page for guests now lets them 
track “real names” on the network because the guest needs to enter credit card 
info or a promo code that was given to them by a sponsor. The automation also 
made it easy for IT to support all of the summer time camp visitors (over 10K 
users).

 

Peter, thanks for mentioning how you use authentication data/logs for CALEA.

 

Trent

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Neiss, Tom
Sent: Friday, July 02, 2010 9:12 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

Sorry it is the Communications Assistance for Law Enforcement Act.

tn

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Peter P Morrissey
Sent: Friday, July 02, 2010 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

The CA in CALEA stands for “Computer Access.” We interpret that to mean 
providing a way for them to tap into our network to access any network traffic. 
Our understanding is that if you do your best to provide that and cooperate, it 
isn’t a big deal. We also track IP to user mappings for lots of reasons, that 
we could certainly make available under the correct legal proceedings.

 

Peter Morrissey

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Trent Fierro
Sent: Friday, July 02, 2010 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

 

Trent

 

 

Trent Fierro
Dir of Marketing
408.748.0902  x116

www.avendasys.com

http://twitter.com/Avenda_Systems

 

Security without Boundaries

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote: 
> 

Are you providing free guest wireless access on your campus?

How are you dealing with CALEA if you are?

Do you use your edu address?

Thanks,

 

Thomas R. Neiss

Director of ITS Telecommunications

University at Albany

1400 Washington Ave

Albany, NY 1

(518) 437-3803

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Peter P Morrissey]

Oops. Good catch Tom. Thank you.
Substitute assistance for access in my last statement.
Pete


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Neiss, Tom
Sent: Friday, July 02, 2010 12:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

Sorry it is the Communications Assistance for Law Enforcement Act.
tn

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Peter P Morrissey
Sent: Friday, July 02, 2010 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

The CA in CALEA stands for “Computer Access.” We interpret that to mean 
providing a way for them to tap into our network to access any network traffic. 
Our understanding is that if you do your best to provide that and cooperate, it 
isn’t a big deal. We also track IP to user mappings for lots of reasons, that 
we could certainly make available under the correct legal proceedings.

Peter Morrissey


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Trent Fierro
Sent: Friday, July 02, 2010 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

Trent


Trent Fierro
Dir of Marketing
408.748.0902  x116
www.avendasys.com
http://twitter.com/Avenda_Systems

Security without Boundaries



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote:
>
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,

Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Neiss, Tom]

Sorry it is the Communications Assistance for Law Enforcement Act.
tn

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Peter P Morrissey
Sent: Friday, July 02, 2010 12:08 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

The CA in CALEA stands for “Computer Access.” We interpret that to mean 
providing a way for them to tap into our network to access any network traffic. 
Our understanding is that if you do your best to provide that and cooperate, it 
isn’t a big deal. We also track IP to user mappings for lots of reasons, that 
we could certainly make available under the correct legal proceedings.

Peter Morrissey


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Trent Fierro
Sent: Friday, July 02, 2010 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

Trent


Trent Fierro
Dir of Marketing
408.748.0902  x116
www.avendasys.com
http://twitter.com/Avenda_Systems

Security without Boundaries



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote:
>
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,

Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Peter P Morrissey]

At least not intentionally. : )
Peter Morrissey


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 9:47 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

We don't provide telephony services over our IP network

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Trent Fierro"  wrote:
>
>
Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

Trent


Trent Fierro
> Dir of Marketing
> 408.748.0902  x116
www.avendasys.com
http://twitter.com/Avenda_Systems

Security without Boundaries



>
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
> Sent: Friday, July 02, 2010 6:10 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.
>
> --
> Daniel Eklund
> Director, Networking
> Wayne State University
> 313-577-5558
>
>
> - "Tom Neiss"  wrote:
> >
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,

Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Peter P Morrissey]

The CA in CALEA stands for “Computer Access.” We interpret that to mean 
providing a way for them to tap into our network to access any network traffic. 
Our understanding is that if you do your best to provide that and cooperate, it 
isn’t a big deal. We also track IP to user mappings for lots of reasons, that 
we could certainly make available under the correct legal proceedings.

Peter Morrissey


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Trent Fierro
Sent: Friday, July 02, 2010 9:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

Trent


Trent Fierro
Dir of Marketing
408.748.0902  x116
www.avendasys.com
http://twitter.com/Avenda_Systems

Security without Boundaries



From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote:
>
Are you providing free guest wireless access on your campus?
How are you dealing with CALEA if you are?
Do you use your edu address?
Thanks,

Thomas R. Neiss
Director of ITS Telecommunications
University at Albany
1400 Washington Ave
Albany, NY 1
(518) 437-3803



** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Nik Kumar]

We also will be implementing this same type of service on our free guest access 
using Bradford network (Network Access Control) very soon.

A staff member will have to vouch for a guest. We will also be limiting users 
to web browsing only.

 

 

Nik Kumar

University of the Pacific

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote: 
> 

Are you providing free guest wireless access on your campus?

How are you dealing with CALEA if you are?

Do you use your edu address?

Thanks,

 

Thomas R. Neiss

Director of ITS Telecommunications

University at Albany

1400 Washington Ave

Albany, NY 1

(518) 437-3803

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

Re: [WIRELESS-LAN] Guest Wireless Questions

[Daniel Eklund]

We don't provide telephony services over our IP network 

-- 
Daniel Eklund 
Director, Networking 
Wayne State University 
313-577-5558 


- "Trent Fierro"  wrote: 
> 
> 

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently. 



Trent 





Trent Fierro 
> Dir of Marketing 
> 408.748.0902 x116 

www.avendasys.com 

http://twitter.com/Avenda_Systems 



Security without Boundaries 







> 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund 
> Sent: Friday, July 02, 2010 6:10 AM 
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> Subject: Re: [WIRELESS-LAN] Guest Wireless Questions 




We provide free guest access, but not open access. Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network. We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest. They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week. After that time the ID is 
deleted. 
> 
> -- 
> Daniel Eklund 
> Director, Networking 
> Wayne State University 
> 313-577-5558 
> 
> 
> - "Tom Neiss"  wrote: 
> > 


Are you providing free guest wireless access on your campus? 


How are you dealing with CALEA if you are? 


Do you use your edu address? 


Thanks, 





Thomas R. Neiss 


Director of ITS Telecommunications 


University at Albany 


1400 Washington Ave 


Albany, NY 1 


(518) 437-3803 










** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. ** Participation and subscription 
information for this EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Trent Fierro]

Out of curiosity regarding CALEA, do you need to provide law enforcement with a 
way to view where a user goes on your network while using wireless? Or do you 
just need to provide login details? I know that for telephony that you need to 
provide a way to tap a line, etc. but haven’t paid much attention to CALEA 
requirements recently.

 

Trent

 

 

Trent Fierro
Dir of Marketing
408.748.0902  x116

www.avendasys.com

http://twitter.com/Avenda_Systems

 

Security without Boundaries

 

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Daniel Eklund
Sent: Friday, July 02, 2010 6:10 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Questions

 

We provide free guest access, but not open access.  Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network.  We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest.  They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week.  After that time the ID is 
deleted.

--
Daniel Eklund
Director, Networking
Wayne State University
313-577-5558


- "Tom Neiss"  wrote: 
> 

Are you providing free guest wireless access on your campus?

How are you dealing with CALEA if you are?

Do you use your edu address?

Thanks,

 

Thomas R. Neiss

Director of ITS Telecommunications

University at Albany

1400 Washington Ave

Albany, NY 1

(518) 437-3803

 

 

 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Questions

[Garry Peirce]

Hi Tom,

As we are a public institution, we feel it's desirable to provide a level of
public network access.

We have been trialing such an (unfunded) service for while now using
existing equipment/resources.

 

A Cisco shop, campus controllers have the open SSID tied to a mobility
tunnel configured to a central 'guest' controller where all traffic is
passed through  CIPA-compliant content filtering,  some specific filtering,
logging, and is bw-limited on a per-host basis.

As the traffic does utilize university resources, the service is at our
control to operate (filter/log/disable) as we feel necessary.

 

Being open, it is simpler for the community/conference attendees/contractors
to connect to which eliminates the need for maintaining special/one-off IDs
and as importantly helps dissuade such clients from acquiring access by
other means through local contacts.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Neiss, Tom
Sent: Friday, July 02, 2010 8:02 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Wireless Questions

 

Are you providing free guest wireless access on your campus?

How are you dealing with CALEA if you are?

Do you use your edu address?

Thanks,

 

Thomas R. Neiss

Director of ITS Telecommunications

University at Albany

1400 Washington Ave

Albany, NY 1

(518) 437-3803

 

 

 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Wireless Questions

[Daniel Eklund]

We provide free guest access, but not open access. Guests must be vouched for 
by a faculty or staff member and that person takes responsibility for the 
actions of the guest while they use the network. We have a simple online 
process that the faculty or staff member uses to create a temporary ID and 
password for their guest. They can create as many IDs as they need and the ID 
can be requested to have a lifetime up to 1 week. After that time the ID is 
deleted. 

-- 
Daniel Eklund 
Director, Networking 
Wayne State University 
313-577-5558 


- "Tom Neiss"  wrote: 
> 
Are you providing free guest wireless access on your campus? 
How are you dealing with CALEA if you are? 
Do you use your edu address? 
Thanks, 

Thomas R. Neiss 
Director of ITS Telecommunications 
University at Albany 
1400 Washington Ave 
Albany, NY 1 
(518) 437-3803 


** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/. 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Access

[Randall C Grimshaw]

It is a home grown system.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Tupker, Mike
Sent: Thursday, July 16, 2009 9:21 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Access

Just out of curiosity what are you using for a captive portal and to do the 
guest accounts?

Mike Tupker
Systems Administrator
Mount Mercy College

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Randall C Grimshaw
Sent: Thursday, July 16, 2009 8:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Access

In addition to our 802.1x network, we provide an open network SSID guarded by a 
captive portal gateway. Any member of the campus community can sponsor a guest 
account on the captive portal. This resource has limited ports and bandwidth.

Randy


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Rick Coloccia 
[coloc...@geneseo.edu]
Sent: Thursday, July 16, 2009 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Wireless Access

I've been asked to open our wireless network up and provide guest access
of some sort.  Would you mind sharing what offerings each of your
institutions provide in terms of guest wireless access, please?
Thanks!
-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Access

[Tom Parenti]

We use an open SSID with the Aruba captive portal. Guests are on a VLAN
that terminates on the firewall and that VLAN only allows internet
access. Our group creates the user accounts but I believe there is a
guest provisioning account you can set up and give to another group or
individual and they can log on and create the accounts. 

 

Tom

 



Tom Parenti

Network Administrator

Johnson & Wales University

8 Abbott Park Place

Providence, RI  02903

(401) 598-1557

 

 



From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf
of Rick Coloccia
Sent: Thu 7/16/2009 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Wireless Access

I've been asked to open our wireless network up and provide guest access
of some sort.  Would you mind sharing what offerings each of your
institutions provide in terms of guest wireless access, please?
Thanks!
-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest Wireless Access

[Oliver Gorwits]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Randall C Grimshaw wrote:
> In addition to our 802.1x network, we provide an open network
> SSID guarded by a captive portal gateway. Any member of the
> campus community can sponsor a guest account on the captive
> portal. This resource has limited ports and bandwidth.

Same here. The solution was created in house about four years ago,
because no product provided the devolved account management we
required. It's straightforward Apache2/Linux/Perl stuff.

User docs, if you are interested:
http://www.oucs.ox.ac.uk/network/wireless/services/owl/visitor/

HTH,

- --
Oliver Gorwits, Network and Telecommunications Group,
Oxford University Computing Services
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpgbRoACgkQ2NPq7pwWBt7GOgCgpsjNg5sPx7oUgno9GqUpSP21
mnsAn0BV1TLxtTRJuXMjo6K1RYE2zi8f
=3tJB
-END PGP SIGNATURE-

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Access

[Tupker, Mike]

Just out of curiosity what are you using for a captive portal and to do the 
guest accounts?

Mike Tupker
Systems Administrator
Mount Mercy College

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Randall C Grimshaw
Sent: Thursday, July 16, 2009 8:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Guest Wireless Access

In addition to our 802.1x network, we provide an open network SSID guarded by a 
captive portal gateway. Any member of the campus community can sponsor a guest 
account on the captive portal. This resource has limited ports and bandwidth.

Randy


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Rick Coloccia 
[coloc...@geneseo.edu]
Sent: Thursday, July 16, 2009 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Wireless Access

I've been asked to open our wireless network up and provide guest access
of some sort.  Would you mind sharing what offerings each of your
institutions provide in terms of guest wireless access, please?
Thanks!
-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest Wireless Access

[Randall C Grimshaw]

In addition to our 802.1x network, we provide an open network SSID guarded by a 
captive portal gateway. Any member of the campus community can sponsor a guest 
account on the captive portal. This resource has limited ports and bandwidth.

Randy


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Rick Coloccia 
[coloc...@geneseo.edu]
Sent: Thursday, July 16, 2009 2:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest Wireless Access

I've been asked to open our wireless network up and provide guest access
of some sort.  Would you mind sharing what offerings each of your
institutions provide in terms of guest wireless access, please?
Thanks!
-Rick

--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Guest wireless access at University Conference Centers

[Tom Magrini]

Hi John,

We have a self-service web site where faculty and staff can sponsor guests.
We collect the name of the sponsor, dates of the visit, the guest's name and
local contact info (phone).  The contact info is collected in case we see
that the guest's laptop is compromised.  We do not retain this info after
the guest account expires.

Tom Magrini
Assistant Director, Network Services
University Information Technology Services
The University of Arizona
[EMAIL PROTECTED]





-Original Message-
From: John Center [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 14, 2007 6:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Guest wireless access at University Conference
Centers

Hi,

We're planning to offer guest wireless access at our Conference Center. 
  Several questions have come up as to how much information we need to 
collect from guests, and how long we would need to retain the 
information.  We were wondering what other schools are doing in this 
regard.  Any information you would share with us would be greatly 
appreciated.

Thanks.

-John

-- 
John Center
Assistant Director
Network/Communications
Office for University Information Technologies
Villanova University

**
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest wireless access at University Conference Centers

[Ryan Lininger]

At Denison University we permit guest access to the wireless network 
through an open ssid and captive portal that guest accounts can log 
into.  Guest accounts are limited in their access to the usual gambit 
(http, https, vpn, IMAP, POP3, etc.).  We tend to be pretty open with 
the services we permit access to.  Guest accounts are created by any 
employee, staff, student, library circulation desk, alumni affairs, etc. 
(we call them sponsors).  The sponsor is supposed to enter the guests 
name when they create the account and the sponsor, name entered, and 
guest account created are all linked together in a record which we keep 
record of for around a year.  Sponsors are limited in the number of 
guest accounts they can create depending on the demand they have.  For 
example, students can only create a few accounts (for parents, etc.) 
while employees with alumni affairs can create many (for alumni, 
speakers, etc.).  Accounts are active for a period of time between 1 and 
14 days that is specified by the sponsor.  The date the account becomes 
active can also be specific by the sponsor (default is "today").  If a 
longer time is needed then they have to contact the help desk to create 
a special account.


Our guest accounts go a little further and let guests log into our lab 
computers, register computers with our NAC system for wired access, 
etc..  This really helps with week long conferences over the summer that 
stay in the dorms and use lab equipment.  One account does it all for 
the visitor and the sponsor (not computing services) can create all the 
accounts necessary in advance of the event.


People on campus weren't sure about the system when it was proposed but 
they have been really happy with it now that it has been implemented.


Good Luck,
Ryan.


John Center wrote:

Hi,

We're planning to offer guest wireless access at our Conference 
Center.  Several questions have come up as to how much information we 
need to collect from guests, and how long we would need to retain the 
information.  We were wondering what other schools are doing in this 
regard.  Any information you would share with us would be greatly 
appreciated.


Thanks.

-John



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Guest wireless access at University Conference Centers

[Ken Connell]

Here at Ryerson University we have GUEST SSID with captive portal along with a 
username/password which changes daily and is available to faculty/staff from 
our helpdesk.
Special GUEST accounts can also be created to be valid for days or weeks if 
need be.

Those accounts are then limited to web access only.

Ken Connell
Intermediate Network Engineer
Computer & Communication Services
Ryerson University
350 Victoria St
RM AB50
Toronto, Ont
M5B 2K3
416-979-5000 x6709

- Original Message -
From: John Center <[EMAIL PROTECTED]>
Date: Friday, September 14, 2007 9:20 am
Subject: [WIRELESS-LAN] Guest wireless access at University Conference Centers
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU


> Hi,
> 
> We're planning to offer guest wireless access at our Conference 
> Center. 
>   Several questions have come up as to how much information we need to 
> 
> collect from guests, and how long we would need to retain the 
> information.  We were wondering what other schools are doing in this 
> regard.  Any information you would share with us would be greatly 
> appreciated.
> 
> Thanks.
> 
>   -John
> 
> -- 
> John Center
> Assistant Director
> Network/Communications
> Office for University Information Technologies
> Villanova University
> 
> **
> Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.