All,
We don't currently provide wireless in our dorms, and our official policy is
to not allow students to bring their own wireless devices. We don't
actively enforce this policy though, and as long as the students' device
isn't causing problems, they typically don't hear from us. (We do
We don't have dorms, and don't generally permit random users to add their
own infrastructure to our network. BYO *endpoint* device is permitted on
our wireless network and a couple of specific wired locations, but we frown
on people unplugging college-provided machines to plug their own into
On 09/19/2011 11:04 AM, Ray DeJean wrote:
All,
We don't currently provide wireless in our dorms, and our official
policy is to not allow students to bring their own wireless devices. We
don't actively enforce this policy though, and as long as the students'
device isn't causing problems,
We do have dorms segregated on separate vlans behind a firewall from the
rest of the network. However, the Rogue DHCP server issue is one of the
main reasons we find out that a student is trying to run their own router.
We have a roguedhcp perl script that sends out dhcp requests every hour or
We at UC Hastings would like to create a new SSID that only allows
certain users with WPA-Enterprise authentication to access.
We currently have two SSIDs one which uses WPA-Enterprise with RADIUS
which checks against and Active Directory group and the other which uses
Web-Auth which checks
Depending on your switch vendor, you can setup DHCP Trust, which says only
certain ports can respond to DHCP requests.
Solved the rouge DHCP problem for us instantly. :) (Our access layer is Cisco
3750).
As for our wireless, we have Aruba deployed in our newer locations, and are in
progress on
On 19/09/2011 17:24, Urrea, Nick wrote:
We at UC Hastings would like to create a new SSID that only allows certain
users with WPA-Enterprise authentication to access.
We currently have two SSIDs one which uses WPA-Enterprise with RADIUS
which checks against and Active Directory group and the
At the risk of being seen as shameless in self-promotion, I just wrote a brief
piece about Extreme Networks Snap On WiFi (built on Motorola under the hood)
Altitude 4511. If you buy into the philosophy, and under the right conditions I
would, no additional wiring needed beyond the Cat 5 already
We have a new issue that popped up when we upgraded our radius backend for our
dot1x/peap from 2 microsoft widows 2003 IAS servers with Equifax certs to 3
microsoft windows 2008 NPS servers with geotrust certs.
What we have is issues with ipad/iphones that seem to only sometimes remember
the
Cisco shop yes we use a WISM2 with CAPWAP APs.
We are currently using IAS as our RADIUS server.
Can you have FreeRADIUS talk to AD or do you need another LDAP?
-Nick
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
On 19/09/2011 18:12, Urrea, Nick wrote:
Cisco shop yes we use a WISM2 with CAPWAP APs.
We are currently using IAS as our RADIUS server.
Can you have FreeRADIUS talk to AD or do you need another LDAP?
We also use AD as our primary credentials DB. FR can talk to AD by using
ntlm_auth (part of
Nick,
Most RADIUS servers will let you do that
(freeRADIUS, RADIATOR, ACS...)
If you want to separate users you can also
Use the same SSID that you use currently
And return an attribute item from AD that would
Set the VLAN per user or per group of users.
Philippe,
Nick, I've used both NPS (New RADIUS server from Microsoft) and IAS. What
you want to do is Extremely simple.
FYI:
Do NOT under any circumstances roll out a new SSID using WPA. Use WPA2.
I have 3 SSID's that go back to the same RADIUS server.
Is there anything special you want to do? Limit
We use the same certificate on two ACS servers for PEAP authentication to avoid
the certificate warning when user connects to the 2nd ACS server. We haven't
seen any issues with that.
---
Dennis Xu
Network Analyst, Computing and Communication Services
University of Guelph
5198244120 x 56217
2 cents from someone in a similar boat.
Unfortunately, some of our campuses have been unable to support ubiquitous
wireless in dorms due to cost.
In some cases they have only common areas covered.
That being the case , with wireless being the preferred access method along
with a lack of
I would like to limit the SSID so only a certain group can access it.
I want to use different QoS rates on different SSIDs so one network has
more bandwidth available to individual users than the other.
SSID for students 5 MB/s
SSID for staff/faculty 20 MB/s
-Nick
From: The EDUCAUSE
We're not using Cisco but what we do is evaluate the NAS Identifier (which is
the same as the SSID in our environment) along with AD group membership to
determine what wireless networks our users can connect to. We are using Windows
Network Policy Server and FreeRADIUS for our RADIUS servers.
That Altitude 4511 product looked interesting. I'm curious to know the
per-unit price on those, as quick google and amazon searches didn't bring
anything up in that regard. I'd also like to see one with a pass-through
port, so I can put one over an existing port in a student's room or
classroom
18 matches
Mail list logo