If you have residence halls, you may want to anticipate this and take it up
with you safety department. Ours did actual testing and confirmed Aruba’s
recommendations. Now it’s them saying what the standard is rather than us.
Chuck Enfield
Manager, Wireless Systems & Engineering
Let me guess: TVs and gaming devices for the living spaces, right?
We have an SSID for only those devices that appears only in the residence
buildings. Authenticated device registration for each MAC address is manual
while we implement something better. We *have* been denying registrations for
We are currently testing this with Active Directory fronted by
freeradius. There is a single ESSID. User logs in to the 802.1X
prompt, freeradius authenticates the user, then connects via LDAP to
the AD and looks at group membership. This determines the VLAN
override ID that is sent to our
Lee,
We have AVC working in PI 2.2.0 - our source is netflow from 2 x ASR-1006 edge
Routers only. I spent a lot time trying to get it to work from SUP2T to no
avail.
We are using Aruba controllers and airwave on our wireless side for this
function.
Chad
From: The EDUCAUSE Wireless Issues
Absolutely! Typically machine auth is done via eap-tls with a domain issued
cert, but in the end it's just another identity to key off of.
Sent from my Android device with K-9 Mail. Please excuse my brevity.
On September 1, 2015 5:57:31 PM EDT, "Coehoorn, Joel"
wrote:
We are predominately a Meru shop. We have a staff and a student SSID and a
Windows Radius server for authentication. To complicate this we have lab
laptops which both students and staff need to be able to log into. Currently we
have no way to prevent students from connecting to our staff
Could you do machine authentication for these devices, and put them into a
vlan dedicated to the labs?
Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *
The mission of York College is to transform lives through
Christ-centered education and
I don't recall any extra steps when adding it to our 2.2 server. The document
you have linked for the 5500 configuration is what I did. I had changed IPs
though, so I had to tear it down to build it back up.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
A few people have mentioned dropping user categories into different VLANs,
which is certainly one viable option. However, this may cause problems for the
multi user machines, as having the machine flip VLANs on login can be
disruptive.
As an alternative, you may be able to use the wireless
As I just shared with our SE...
After going to PI 2.2, we lost the ability to see AVC information in PI. It was
easy to setup in 1.4 after getting the assurance licenses we needed using this:
We do this with a single WPA2 Enterprise SSID using VLAN Override. Our
FreeRadius Servers authenticates against our campus-wide LDAP directory and
receives from LDAP not only a good or bad for the authentication but also a
VLAN to drop the person into. This VLAN value (soon to be changed to a
I can think of a few ways to do this. I have meru but am migrating away from
it.
1. Use different radius servers for different ssid's, and have each radius
server only authenticate members of it's respective group(which requires
explicit group membership, not just an active account existing
Yes, it sets a precedent that you are going to meet the students’ needs and
protect the university. If the parents and the students think it’s an issue,
why try and force the matter when it is easy enough to move the AP and let them
plug into the network through a port in the room.
If they
We are trying to figure out how to handle non 802.1x devices on our enterprise
network. We are a Cisco shop and currently are broadcasting 4 SSIDs including
a guest SSID that is non 802.1x. We are concerned with how to give access to
non 802.1x devices in our residence halls. We were
+1. We're doing almost exactly the same.
On 9/1/2015 10:53 AM, Williams, Matthew wrote:
We have an SSID for these devices and we built a device registration
page for our students to go to enter their wireless MAC address. This
page requires the students to login so we capture who owns the
We are doing pretty much the same thing as well, although without the DHCP
tie-in.
We set up a separate SSID for gaming consoles/media devices in the residence
halls and have students register them via one of ISE's portals. We did set up
an authorization policy with a logical profile to
We have an SSID for these devices and we built a device registration page for
our students to go to enter their wireless MAC address. This page requires the
students to login so we capture who owns the device in question. This page has
an API that ties into our DHCP system. Several of the
We used to use an open network with MAC filtering, but now we've moved to
Aerohive's PPSK. It's been working great so far.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J
Sent: Tuesday, September 1, 2015
We are using Cloudpath for all onboarding including MAC authentication.
On Tue, Sep 1, 2015 at 10:53 AM, Williams, Matthew
wrote:
> We have an SSID for these devices and we built a device registration page
> for our students to go to enter their wireless MAC address. This
The 9 foot requirement came from the student's dad who "works in the
industry and knows these things". I actually found the FCC 20 cm notice in
the Cisco AP materials also. Now I've got something to present if this
becomes a trend.
On Tue, Sep 1, 2015 at 10:12 AM, Chanowski, John
Hello Troy,
We did the same thing until this year. We just upgraded our Cloud Path
server and now have on-boarding. For devices students go to a website
and register the MAC address of the device and then connect to a SSID
using a preshared key.
We still have our guest SSID available but have
We are getting complaints about this from our business areas, Enrollment
Services etc. I was curious where the 9 feet from an AP recommendation came
from.
Bruce
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charlie
I wonder if the student in question carries a cell phone?
Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *
The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
I don’t know where the 9’ recommendation comes from but the installation guide
for Aruba’s 220 series access point (3x3x3,ac) contains the following RF
Radiation Exposure Statement: “This equipment complies with FCC RF radiation
exposure limits. This equipment should be installed and operated
24 matches
Mail list logo