That is an interesting question. I believe (perhaps wrongly) that rate limiting
increases Wi-Fi inefficiency as you are then forcing the client to stay on the
medium longer to transmit/receive data?
We used to rate limit back in the day, but then removed all limits when we went
to 802.11ac and
Once we got all our pipes bigger than most folks could use, we dropped all
the rate limiting games we were playing. It's simpler and easier to operate.
On the wired side, when we were increasing from 10 to 100 to gig we used to
wrongly think they're going to use it all up and our upstream
To answer some of the previous questions.
We have been doing TLS since around 2011. For years we used Active Directory.
We switched to a cloud based PKI a couple years ago and haven't looked back.
Super easy.
SecureW2 is as fast as they come getting you updates, and communicates issues
So we currently impose 20mbps limits for our guest users. We essentially found
this to be a safe threshold for our users, and still provides a decent
experience for our guest. However, We do not limit our lpv environments.
This is mainly to deter our students from utilizing our secure ssid
We are still in the adoption stage of our EAP-TLS w/ onboarding. We use
Clearpass Onboarding. I have not found an issue with the system, but users are
often frustrated with the steps required.
This is not a fault of Clearpass, I believe; but has led us to seek other
options to improve adoption
AND ANOTHER THING!...
For those using Cloudpath ES or Secure W2, are you on-prem or cloud-based, why,
and any regrets about the option you went with?
Thanks,
Lee
From: Lee H Badman
Sent: Tuesday, April 13, 2021 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: 802.1X, onboarders,
Couple of technical comments:
1. Unless the rate-limiting was somehow incorporated into the WiFi AP and
doing funny WiFi / L4 protocol trickery for the enforcement mechanism to
achieve rate limiting, the transmit rate from the AP to the Client should
be as fast as the negotiated/determined WiFi
We impose a 5mbps limit for our guest users with a 24 hour expiration time for
guest accounts. We use a captive portal for guest registration. Students can
self-register personal devices to operate without limits or daily expiration
using a university credential via a private portal.
We have
Three or four years ago we removed all filters, captive portals for terms of
service, and bandwidth restrictions from our guest network. It’s now a wide
open SSID that goes straight out to the Internet, but needs to traverse the
same set of security tools to reach campus resources as any other
Hi Curtis,
Last month, we removed the “per IP” rate limit on guest Wi-Fi, but we kept an
aggregate rate limit on guest internet traffic.
We have a captive portal that collects and confirms contact information before
allowing guest Wi-Fi access.
Guest Wi-Fi authorization is cleared at 3am each
Hello all,
We ran into a Microsoft wireless supplicant bug and we're wondering if any
other academic institution have experienced the same issue.
We have windows 10 laptops that are joined to an AD domain and their wireless
profile is pushed thru GPO. We're doing Computer authentication for
Thanks for the responses to my last email on onboarders. FWIW, after various
discussions with a number of people, I find myself with a few more questions:
* For your onboarder of choice (focusing on CAT Tool, Cloudpath ES, and
Secure W2) how responsive is the provider to support issues and
In the past we had packet shapers that limited flows to 10mbps each in the
residential areas and wifi. At some point we raised the limit to 100mbps and
didn't see any obvious flows causing any issues. Eventually we upgraded our
internet connections past 1gbps and outgrew the packet shaper
13 matches
Mail list logo