subject:"RE\: \[WIRELESS\-LAN\] Handling Non 802.1x Devices on the Enterprise Network"

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

2015-09-01 Thread Case, Brandon J

We are doing pretty much the same thing as well, although without the DHCP 
tie-in.

We set up a separate SSID for gaming consoles/media devices in the residence 
halls and have students register them via one of ISE's portals. We did set up 
an authorization policy with a logical profile to prevent 1x-capable devices 
from using the SSID. They get stuck in a walled garden and can only see a page 
that essentially says they have to connect the device they're currently using 
to the 1x SSID (which is the same one we broadcast all over campus). The 
profiling component of ISE works pretty well most of the time but we have had a 
real headache dealing with XboxOne's since they are essentially Windows 8 
machines and we drop Windows 8 clients in the walled garden. I ended up writing 
a few custom rules in the profiler that catch most of them and we handle the 
rest on an individual basis.

The whole system has worked out pretty well considering the scope (about 12,000 
students in 15 residence halls). It hasn't been without its share of bumps but 
overall we're pleased with it.

Thanks,
--
Brandon Case
Senior Network Engineer
IT Infrastructure Services
Purdue University
ca...@purdue.edu
Office: (765) 49-67096
Mobile: (765) 421-6259
Fax:(765) 49-46620

PGP Fingerprint:
99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia
Sent: Tuesday, September 1, 2015 10:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise 
Network

+1. We're doing almost exactly the same.
On 9/1/2015 10:53 AM, Williams, Matthew wrote:
We have an SSID for these devices and we built a device registration page for 
our students to go to enter their wireless MAC address.  This page requires the 
students to login so we capture who owns the device in question.  This page has 
an API that ties into our DHCP system.  Several of the newer RADIUS products 
have this feature built in, but we're still riding an old system that couldn't 
do this.

Respectfully,

Matthew Williams
Manager, Network and Telecommunications Services
Kent State University
Office: (330) 672-7246
Mobile: (330) 469-0445

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Troy Lynn Wiseman
Sent: Tuesday, September 1, 2015 10:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

We are trying to figure out how to handle non 802.1x devices on our enterprise 
network.  We are a Cisco shop and currently are broadcasting 4 SSIDs including 
a guest SSID that is non 802.1x.  We are concerned with how to give access to 
non 802.1x devices in our residence halls.  We were wondering how others are 
tackling this issue.

TROY WISEMAN
Network Engineer II

INFORMATION TECHNOLOGY
MAIL CODE 4622
SOUTHERN ILLINOIS UNIVERSITY
625 WHAM DRIVE
CARBONDALE, ILLINOIS 62901

twise...@siu.edu<mailto:twise...@siu.edu>
P: (618) 453-6264
INFOTECH.SIU.EDU<http://infotech.siu.edu/>

[http://siu.edu/_common/images/SIUlogo.png]

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



--

Rick Coloccia, Jr.

Network Manager

State University of NY College at Geneseo

1 College Circle, 119 South Hall

Geneseo, NY 14454

V: 585-245-5577

F: 585-245-5579
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

2015-09-01 Thread Hinson, Matthew P

We used to use an open network with MAC filtering, but now we've moved to
Aerohive's PPSK. It's been working great so far.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Tuesday, September 1, 2015 11:05 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise
Network

We are doing pretty much the same thing as well, although without the DHCP
tie-in. 

We set up a separate SSID for gaming consoles/media devices in the residence
halls and have students register them via one of ISE's portals. We did set
up an authorization policy with a logical profile to prevent 1x-capable
devices from using the SSID. They get stuck in a walled garden and can only
see a page that essentially says they have to connect the device they're
currently using to the 1x SSID (which is the same one we broadcast all over
campus). The profiling component of ISE works pretty well most of the time
but we have had a real headache dealing with XboxOne's since they are
essentially Windows 8 machines and we drop Windows 8 clients in the walled
garden. I ended up writing a few custom rules in the profiler that catch
most of them and we handle the rest on an individual basis.

The whole system has worked out pretty well considering the scope (about
12,000 students in 15 residence halls). It hasn't been without its share of
bumps but overall we're pleased with it.

Thanks,

--

Brandon Case

Senior Network Engineer

IT Infrastructure Services

Purdue University

ca...@purdue.edu <mailto:ca...@purdue.edu> 

Office: (765) 49-67096

Mobile: (765) 421-6259

Fax:(765) 49-46620

PGP Fingerprint:

99CB 02D6 983C 1E2A 015F  205C C7AA E985 A11A 1251

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rick Coloccia
Sent: Tuesday, September 1, 2015 10:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise
Network

+1. We're doing almost exactly the same.

On 9/1/2015 10:53 AM, Williams, Matthew wrote:

We have an SSID for these devices and we built a device registration page
for our students to go to enter their wireless MAC address.  This page
requires the students to login so we capture who owns the device in
question.  This page has an API that ties into our DHCP system.  Several of
the newer RADIUS products have this feature built in, but we're still riding
an old system that couldn't do this. 

Respectfully, 

Matthew Williams

Manager, Network and Telecommunications Services

Kent State University

Office: (330) 672-7246

Mobile: (330) 469-0445 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Troy Lynn Wiseman
Sent: Tuesday, September 1, 2015 10:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
Subject: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise
Network

We are trying to figure out how to handle non 802.1x devices on our
enterprise network.  We are a Cisco shop and currently are broadcasting 4
SSIDs including a guest SSID that is non 802.1x.  We are concerned with how
to give access to non 802.1x devices in our residence halls.  We were
wondering how others are tackling this issue.  

TROY WISEMAN

Network Engineer II

INFORMATION TECHNOLOGY 
MAIL CODE 4622
SOUTHERN ILLINOIS UNIVERSITY
625 WHAM DRIVE
CARBONDALE, ILLINOIS 62901

 <mailto:twise...@siu.edu> twise...@siu.edu

P: (618) 453-6264

 <http://infotech.siu.edu/> INFOTECH.SIU.EDU

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

-- 
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

smime.p7s
Description: S/MIME cryptographic signature

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

2015-09-01 Thread Stuart, Nathan

We are using Cloudpath for all onboarding including MAC authentication.

On Tue, Sep 1, 2015 at 10:53 AM, Williams, Matthew 
wrote:

> We have an SSID for these devices and we built a device registration page
> for our students to go to enter their wireless MAC address.  This page
> requires the students to login so we capture who owns the device in
> question.  This page has an API that ties into our DHCP system.  Several of
> the newer RADIUS products have this feature built in, but we’re still
> riding an old system that couldn’t do this.
>
>
>
> Respectfully,
>
>
>
> Matthew Williams
>
> Manager, Network and Telecommunications Services
>
> Kent State University
>
> Office: (330) 672-7246
>
> Mobile: (330) 469-0445
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Troy Lynn Wiseman
> *Sent:* Tuesday, September 1, 2015 10:40 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise
> Network
>
>
>
> We are trying to figure out how to handle non 802.1x devices on our
> enterprise network.  We are a Cisco shop and currently are broadcasting 4
> SSIDs including a guest SSID that is non 802.1x.  We are concerned with how
> to give access to non 802.1x devices in our residence halls.  We were
> wondering how others are tackling this issue.
>
>
>
> TROY WISEMAN
>
> Network Engineer II
>
>
>
> INFORMATION TECHNOLOGY
> MAIL CODE 4622
> SOUTHERN ILLINOIS UNIVERSITY
> 625 WHAM DRIVE
> CARBONDALE, ILLINOIS 62901
>
>
>
> twise...@siu.edu
>
> P: (618) 453-6264
>
> INFOTECH.SIU.EDU 
>
>
>
> [image: http://siu.edu/_common/images/SIUlogo.png]
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>


-- 

*Nathan Stuart*

Director of Information Technology

252.334.2014  | 252.334.2071 (fax)

www.macuniversity.edu

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

2015-09-01 Thread Kevin McCormick


Hello Troy,

We did the same thing until this year. We just upgraded our Cloud Path 
server and now have on-boarding. For devices students go to a website 
and register the MAC address of the device and then connect to a SSID 
using a preshared key.
We still have our guest SSID available but have plans to stop using it 
later this fall. Guests can no on-board and use a secure and restricted 
SSID for 24 hours, longer if they are sponsored and use voucher code.
We still working out the kinks, but if you want more info feel free to 
contact us directly.


Kevin McCormick
Western Illinois University


On 9/1/2015 9:39 AM, Troy Lynn Wiseman wrote:


We are trying to figure out how to handle non 802.1x devices on our 
enterprise network.  We are a Cisco shop and currently are 
broadcasting 4 SSIDs including a guest SSID that is non 802.1x.  We 
are concerned with how to give access to non 802.1x devices in our 
residence halls.  We were wondering how others are tackling this issue.


TROY WISEMAN

Network Engineer II

INFORMATION TECHNOLOGY
MAIL CODE 4622
SOUTHERN ILLINOIS UNIVERSITY
625 WHAM DRIVE
CARBONDALE, ILLINOIS 62901

twise...@siu.edu 

P: (618) 453-6264

INFOTECH.SIU.EDU 

http://siu.edu/_common/images/SIUlogo.png

** Participation and subscription information for this 
EDUCAUSE Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.





**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

4 matches

Site Navigation

Mail list logo

Footer information