We are steering Android folks towards the "geteduroam" app from SURF
(https://www.geteduroam.app/). It takes your eduroam CAT profile so you can
add you on prem SSID and geteduroam app will configured both eduroam and your
local SSID on devices.
The app is nice (simple, pretty,
Once we got all our pipes bigger than most folks could use, we dropped all
the rate limiting games we were playing. It's simpler and easier to operate.
On the wired side, when we were increasing from 10 to 100 to gig we used to
wrongly think they're going to use it all up and our upstream
I love the geteduroam app! It is awesome, easy, pretty, and simple. We are
planning to leverage it for more of our onboarding.
We are open SSID with Aruba Clearpass captive portal, SMS texted credentials
for self service guests (via Twilio), and switch to WPA2 enterprise for actual
I can comment on a few of these.
6 to 8 was a major deal for us last year. We had to reconfigure just about
everything but I think it performs better.
Between AX and a desire to use some saved dollars to expand our coverage area
significantly, we are pushing a bunch of Aruba 535/555s
We have ~6k APs and place them on AP mgmt. subnets of /22. We tunnel all
traffic back to controllers so the broadcast isn't significant (no user
broadcast on the AP mgmt. vlan). The weakest devices we have are VoIP phones
where 200 broadcast packets per second can hurt them but broadcast
+1 Twilio is very nice to work with
Sent from my Verizon, Samsung Galaxy smartphone
Original message
From: Lee H Badman <00db5b77bd95-dmarc-requ...@listserv.educause.edu>
Date: 11/13/19 18:46 (GMT-05:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re:
We let folks captive portal to Clearpass on an open SSID and we Twilio SMS
text them a credential. Then they switch to the WPA2 SSID and the credential
is good for 5 days. It’s around 1,000 guests per day.
Adam
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
We also switched from hallway deployment to nearly every suite. It solved
our issues. We have about 6,000 beds.
Adam
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brad Weldon
Sent: Wednesday, October 11, 2017 12:17
Lee and friends,
We changed several things and are faring very well this move in. With just 6
thousand clients in residence halls we aren't at half way yet. We top around
12 - 14k devices there which should hit before the weekend ends.
- Aruba wireless with new controller code
We deployed Xfinity on Campus last summer for 6,000 residents. Our Comcast
estimate was max 3 - 5 Gbps additional internet load so we upgraded firewalls
to accommodate. Turns out between IPTV and natural growth it was only ~ 1 Gbps
more than the prior semester. Almost all of them stream
Count us as one of those institutions. We are replacing all my free open
source things (Freeradius, Packet Fence) with Aruba Clearpass and its been
working very well for us for a couple years. Our residence halls are entirely
self service with Aruba Onguard doing health checks for wireless
These have served us pretty well. We only have a mac auth SSID in our
residence halls. Occasionally it would be useful to have it everywhere but we
don't currently.
TUsecurewirelessWPA2 enterprise which gives different access levels
(staff, student, guest)
TUguestwireless Open for
We have an AP in nearly every suite. That is what made things work well for
us.
Adam
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Sullivan, Don
Sent: Friday, November 4, 2016 10:52 AM
To:
We are very happy with our Aruba Clearpass implementation. We brought it in
for host integrity checking in our residence halls and have continued to add
more services. It handled Meru and now Aruba wireless as well as our Avaya
wired infrastructure. It is feature rich and very flexible.
We are Aruba and happen to have Aruba direct 10G optics sort of
unintentionally. We've been using Approved Optics parts for Avaya, Palo Alto,
Intel, and Check Point for a couple years. Our savings is multiple six figures
at this point. No one ever complains about it and we are transparent
Hector,
We are in the same boat and want to eliminate the carrier drop down that the
user has to select. Not to mention all the obscure international carriers that
we are missing. Clearpass 6.5 has a couple non SMTP methods that we had
trouble executing against a Verizon SMS gateway.
We see about 1,000 guests per day typically. We never have advertised it but
the onboarding SSID is open and captive portal so people find it and self
service onboard (via SMS texted credentials and switching to our WPA2
enterprise SSID). Generally our environment is about 30,000
to be Meru but I know
Aruba does supports similar mechanisms). Everything is tunneled back encrypted
through the controller.
This has served us well for those students that enjoy a 45 minute commute
between campuses.
Adam
[Adam T Ferrero]
From: The EDUCAUSE Wireless Issues Constituent
Charles,
We use freeradius and Zenoss. There is a Zenoss zenpack that will generate
graphs for you (if you happen to use Zenoss for monitoring):
http://wiki.zenoss.org/ZenPack:FreeRADIUS. It leverages the freeradius status
module (not exactly independent I suppose).
Adam
are wireless, but we did enable 802.1x for all wired ports. It
was a tremendous effort for us, but has been running terribly well with just
about 1 access point per suite.
Reach out if you care for more details.
Adam
[Adam T Ferrero]
From: The EDUCAUSE Wireless Issues Constituent Group
We have 17k+ concurrent wireless clients and 100% are private IPs. We then
NAT at the firewall. We also purposefully block peer to peer with fairly good
success. But, when we get an infringement notice or virus report or a subpoena
for information we have had a challenge. We only get one
Here at Temple University we centralized computer labs. We used to have
countless small labs in each School or College scattered across our campuses.
We opened a 700 computer lab with all software and access for all majors and
shutdown nearly all of those smaller labs.
We have been operating the following for a couple years with reasonable
success.
Campus wide:
- TUguestwireless – open wireless for onboarding and self service
account creation via SMS text messaging – no internet access otherwise (via
Packet Fence). Will soon add one click
That is a fun exercise. Here we are for yesterday September 4th. We had
load issues last semester with the addition of tons of wireless, but we scaled
up to get ahead of it (all vmware). We seem to be purring along this semester
(at least AAA, NAC, wireless-wise). I have been wanting to
We have been using Packet Fence successfully since last summer. We reviewed
it and a few other commercial offerings. It is our first NAC implementation
and was prompted by the installation of 675 new wireless access points in our
Residence Halls. We wanted a way to enforce a few rules on
Fair enough regarding NAC. Our custom Get Connected process has been in
place for over a decade for wired Residence Hall connectivity. We have switch
ports on a fixed vlan and we have two IP subnets on that vlan (call them
registration and student). When the dhcp request comes across
26 matches
Mail list logo
