RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

If you have residence halls, you may want to anticipate this and take it up with you safety department. Ours did actual testing and confirmed Aruba’s recommendations. Now it’s them saying what the standard is rather than us. Chuck Enfield Manager, Wireless Systems & Engineering

RE: Handling Non 802.1x Devices on the Enterprise Network

Let me guess: TVs and gaming devices for the living spaces, right? We have an SSID for only those devices that appears only in the residence buildings. Authenticated device registration for each MAC address is manual while we implement something better. We *have* been denying registrations for

Re: [WIRELESS-LAN] Lab Computers and wireless

We are currently testing this with Active Directory fronted by freeradius. There is a single ESSID. User logs in to the 802.1X prompt, freeradius authenticates the user, then connects via LDAP to the AD and looks at group membership. This determines the VLAN override ID that is sent to our

RE: Cisco AVC reporting in PI 2.2

Lee, We have AVC working in PI 2.2.0 - our source is netflow from 2 x ASR-1006 edge Routers only. I spent a lot time trying to get it to work from SUP2T to no avail. We are using Aruba controllers and airwave on our wireless side for this function. Chad From: The EDUCAUSE Wireless Issues

Re: [WIRELESS-LAN] Lab Computers and wireless

Absolutely! Typically machine auth is done via eap-tls with a domain issued cert, but in the end it's just another identity to key off of. Sent from my Android device with K-9 Mail. Please excuse my brevity. On September 1, 2015 5:57:31 PM EDT, "Coehoorn, Joel" wrote:

Lab Computers and wireless

We are predominately a Meru shop. We have a staff and a student SSID and a Windows Radius server for authentication. To complicate this we have lab laptops which both students and staff need to be able to log into. Currently we have no way to prevent students from connecting to our staff

Re: [WIRELESS-LAN] Lab Computers and wireless

Could you do machine authentication for these devices, and put them into a vlan dedicated to the labs? Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu * The mission of York College is to transform lives through Christ-centered education and

RE: Cisco AVC reporting in PI 2.2

I don't recall any extra steps when adding it to our 2.2 server. The document you have linked for the 5500 configuration is what I did. I had changed IPs though, so I had to tear it down to build it back up. From: The EDUCAUSE Wireless Issues Constituent Group Listserv

Re: [WIRELESS-LAN] Lab Computers and wireless

A few people have mentioned dropping user categories into different VLANs, which is certainly one viable option. However, this may cause problems for the multi user machines, as having the machine flip VLANs on login can be disruptive. As an alternative, you may be able to use the wireless

Cisco AVC reporting in PI 2.2

As I just shared with our SE... After going to PI 2.2, we lost the ability to see AVC information in PI. It was easy to setup in 1.4 after getting the assurance licenses we needed using this:

RE: Lab Computers and wireless

We do this with a single WPA2 Enterprise SSID using VLAN Override. Our FreeRadius Servers authenticates against our campus-wide LDAP directory and receives from LDAP not only a good or bad for the authentication but also a VLAN to drop the person into. This VLAN value (soon to be changed to a

Re: [WIRELESS-LAN] Lab Computers and wireless

I can think of a few ways to do this. I have meru but am migrating away from it. 1. Use different radius servers for different ssid's, and have each radius server only authenticate members of it's respective group(which requires    explicit group membership, not just an active account existing

RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

Yes, it sets a precedent that you are going to meet the students’ needs and protect the university. If the parents and the students think it’s an issue, why try and force the matter when it is easy enough to move the AP and let them plug into the network through a port in the room. If they

Handling Non 802.1x Devices on the Enterprise Network

We are trying to figure out how to handle non 802.1x devices on our enterprise network. We are a Cisco shop and currently are broadcasting 4 SSIDs including a guest SSID that is non 802.1x. We are concerned with how to give access to non 802.1x devices in our residence halls. We were

Re: Handling Non 802.1x Devices on the Enterprise Network

+1. We're doing almost exactly the same. On 9/1/2015 10:53 AM, Williams, Matthew wrote: We have an SSID for these devices and we built a device registration page for our students to go to enter their wireless MAC address. This page requires the students to login so we capture who owns the

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

We are doing pretty much the same thing as well, although without the DHCP tie-in. We set up a separate SSID for gaming consoles/media devices in the residence halls and have students register them via one of ISE's portals. We did set up an authorization policy with a logical profile to

RE: Handling Non 802.1x Devices on the Enterprise Network

We have an SSID for these devices and we built a device registration page for our students to go to enter their wireless MAC address. This page requires the students to login so we capture who owns the device in question. This page has an API that ties into our DHCP system. Several of the

RE: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

We used to use an open network with MAC filtering, but now we've moved to Aerohive's PPSK. It's been working great so far. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Case, Brandon J Sent: Tuesday, September 1, 2015

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

We are using Cloudpath for all onboarding including MAC authentication. On Tue, Sep 1, 2015 at 10:53 AM, Williams, Matthew wrote: > We have an SSID for these devices and we built a device registration page > for our students to go to enter their wireless MAC address. This

Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

The 9 foot requirement came from the student's dad who "works in the industry and knows these things". I actually found the FCC 20 cm notice in the Cisco AP materials also. Now I've got something to present if this becomes a trend. On Tue, Sep 1, 2015 at 10:12 AM, Chanowski, John

Re: [WIRELESS-LAN] Handling Non 802.1x Devices on the Enterprise Network

Hello Troy, We did the same thing until this year. We just upgraded our Cloud Path server and now have on-boarding. For devices students go to a website and register the MAC address of the device and then connect to a SSID using a preshared key. We still have our guest SSID available but have

RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

We are getting complaints about this from our business areas, Enrollment Services etc. I was curious where the 9 feet from an AP recommendation came from. Bruce From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Charlie

Re: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

I wonder if the student in question carries a cell phone? Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu * The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to

RE: [WIRELESS-LAN] Parents sue school, say Wi-Fi signal making son sick.

I don’t know where the 9’ recommendation comes from but the installation guide for Aruba’s 220 series access point (3x3x3,ac) contains the following RF Radiation Exposure Statement: “This equipment complies with FCC RF radiation exposure limits. This equipment should be installed and operated