Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

In the case of this service, there is nothing to install. It’s DNS based, so the clients by virtue of being on your network and using the DNS you hand out are protected. There is an optional client - for the traveling/at home part. I expect a lot of our users will install it, especially given

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Thus spake Jeffrey D. Sessler (j...@scrippscollege.edu) on Tue, Mar 01, 2016 at 07:04:11PM +: > Dale, > > For the malware blacklist, I’s suggest taking a look at OpenDNS Umbrella. I > asked about it here about a year back, and we implemented about three months > ago. You send all your

RE: Self-registered MAC device bypass- worth the headaches?

I believe that is a bit out of date! We use Aerohive and their PPSK option extensively. We love the feature. The total number of PPSK’s that each access point can store is around 5000 at this time. For our environment, that is more than enough. Aerohive is a great company and their kit is

RE: Self-registered MAC device bypass- worth the headaches?

Not sure how up to date this is… http://2.bp.blogspot.com/-XhUW84JOJj4/TdZdX3YbIJI/AAA/BpQ7LDfc5Yo/s1600/comparison%2Bbetween%2BPPSK.jpg From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Chuck Enfield Sent: Tuesday,

RE: [WIRELESS-LAN] Throughput Caps on Wireless

For faculty and staff, wireless connections are limited only by the technology in use. We don’t cap the number of connections. For students, we don’t cap the number of sessions, but we do cap throughput at 30 mbps. We do limit Netflix sessions for everyone to 5 mbps, which Netflix says is

Re: [WIRELESS-LAN] Throughput Caps on Wireless

When I read that someone is implementing caps, I tend to think it’s somewhat driven by poor planning. If you’re following your trends, and requesting funding based on those trends, then you are unlikely to need caps. Well, unless those that deal with budget don’t listen, which I’ll chalk up to

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

I’m curious how PPSK scales. What are the limits on the number and span of a PPSK? From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Tuesday, March 01, 2016 12:02 PM To:

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

This may be getting a bit off topic for the wireless discussion, but we use the "Security Risk" category of web filtering on our Fortigate firewall (http://www.fortiguard.com/webfilter). It works very well; it even alerted a faculty member to a hijack of their personal web site when they

Throughput Caps on Wireless

I wanted to start a thread based on a link that was shared on the netman list this morning. This article from EdTech Magazine highlights several University networks and implementations specifically

RE: Self-registered MAC device bypass- worth the headaches?

We haven't had an Echo show up, at least as far as I know. Our how-tos are on our Jenzabar-driven portal, so they aren't exactly normal files I can email. I have a printable handout that we leave in all residence hall rooms at the beginning of fall semester, but it is light on illustrations

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Dale, For the malware blacklist, I’s suggest taking a look at OpenDNS Umbrella. I asked about it here about a year back, and we implemented about three months ago. You send all your client DNS requests through OpenDNS (directly, or have your DNS servers forward to OpenDNS), and they block

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Interesting discussion- so on the free and open WLAN, do you send them off to only the Internet, and deny important apps on campus? Do you require VPN or 2-factor for bursar account access etc from that network? -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

There are of course lots of vendors selling lots of products to solve lots of "problems". I will also echo everything that Jeff has said below. We read what our requirements were and the educause community at the time was quite active on this front, leading to the excellent summary on their

RE: Self-registered MAC device bypass- worth the headaches?

I meant on a label on the device itself. Thomas Carter Network & Operations Manager Austin College From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W (Network Services) Sent: Tuesday, March 1, 2016 11:58 AM

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Not really. That why I qualified it as a small school perspective. The on-boarding cost is mostly inconvenience for users and some help desk time. Unfortunately, that can’t be translated into dollars that can be shifted to bandwidth. And we currently use free, open source solutions for wireless

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Lee, that’s the magic question. Again, if you have something like PPSK, then your authorized campus community will get a particular service with very little work (equivalent to on-boarding at home). How those users are then grouped (or not grouped) is up to you. For everyone else (including

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Because devices *work *with PPSK. That's too often not the case for 802.1x, and unfortunately this seems to be getting worse rather than better. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu * The mission of York College is to transform

RE: Self-registered MAC device bypass- worth the headaches?

Why “reinvent the wheel” with PPSK when 802.1X uses the existing personal user credentials? ​ Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Coehoorn, Joel [mailto:jcoeho...@york.edu] Sent:

RE: Self-registered MAC device bypass- worth the headaches?

We register as part of a plan to manage the ever growing Internet bandwidth requirements by having heavy users help finance the needs. ​ Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Jeffrey

RE: Self-registered MAC device bypass- worth the headaches?

Who keeps the original boxes? ​ Bruce Osborne Wireless Engineer IT Network Services - Wireless (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Thomas Carter [mailto:tcar...@austincollege.edu] Sent: Tuesday, March 1, 2016 10:01 AM Subject: Re:

RE: Self-registered MAC device bypass- worth the headaches?

We have users self-register non-802.1X capable devices such a s game consoles, Apple TVs, etc. We use syslog from our ClearPass RADIUS server to map username to ip address so we can manage Internet bandwidth and either cap speeds for heavy users or let them purchase additional Internet

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Mike, What is the view of your legal department with a federated identity like eduroam or an guest identity in the cloud like ANYROAM. These systems provide a point of contact in case of abuse and can in the end find the responsible user. Would that be satisfactory? Yesterday I announced on

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

If you get rid of the cost of on-boarding or all the other barriers to getting someone on WiFi, then could you put that money into more bandwidth? DMCA – Read this, it’s enlightening as to the real obligations e.g. That you don’t have to know who is responsible for a particular device.

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

I think your legal needs to revisit their position. There are a number of great articles about the EDU requirements of DMCA. A university is every bit the ISP, and in fact, there is no legal obligation under the DMCA for student enforcement as you are but the transit for their data. Most all

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Talk to your campus legal office before opening your wifi to the world. We asked ours about this and were strongly advised against it. Contracting with a local telecom company to provide free wifi would be better. A college or university is not an ISP like a Verizon or AT or Comcast is. If

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Ruckus supports a PPSK variant, as well. I'm just gonna put this out there. I have this idea in my head for an ideal wifi service. It starts with personal pre-shared key (PPSK), but it's something I don't believe is possible yet with any vendor. Step one is to create a unique key prefix for each

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

I struggle with this all the time, and I have a distinct feeling that we’ve got it wrong. Who made the decision to limit the campus WiFi to the campus community only? That’s really a Sr. Leadership question and not IT, and would it simplify the operation of the network if it was more open? Is

RE: Self-registered MAC device bypass- worth the headaches?

There's also chatter on Amazon forums that there might be eventually an Alexa skill to make the Echo speak its mac. Lee, if you have an open ssid, and have the ip address the device got from it, maybe a script that queries your dhcp through a web page could be an idea? Manon Lessard

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Matt, Bill and others, You’d indicated that you have instructions for most common devices, is this something that you can share. Like others, we have a manual registration process (built on ClearPass), but it does require the MAC in order to complete the registration. The Amazon Echo is now

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

We keep the registration barrier up here for two main reasons. First is that without some kind of authentication, you can too easily become the free neighborhood ISP. We already have complaints now and then from students living two or three doors down from our buildings that the -80 signal

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Fair questions. Main thing is to only allow games, etc- disallow smart devices that ought to be using secure network. And... To make sure that only legit campus users are adding the devices because we bleed out into lots of neighborhoods. Not PPSK option outside of Aerohive. Lee On Mar 1,

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

My biggest issue is to avoid being the ISP for the neighborhood around the school and a place where everyone comes and camps at the library or student center for free wifi. If it’s as simple as a PSK, that will get out to the community at large Thomas Carter Network & Operations Manager Austin

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Playing devils advocate, I have to ask the opposite, which is why put up a barrier in the first place to the student on-boarding their device(s)? Is there sufficient history to suggest that having to register/on-board the device has a positive impact on the operation of the network? Should the

RE: Self-registered MAC device bypass- worth the headaches?

Yep, but it feels like we're always playing catch up. Especially in spring after everyone brings back their latest Christmas gift. BTW, the instructions for the Echo are "contact Amazon support and they will email you the MAC". Thomas Carter Network & Operations Manager Austin College From:

RE: Self-registered MAC device bypass- worth the headaches?

Our helpdesk folks sat down and wrote up documents on how to find the MAC addresses for as many devices as they could. We haven't done any instructions for the Amazon Echoes yet. We hit the most common devices and are waiting to see what tickets we get for devices that we missed so we can

RE: Self-registered MAC device bypass- worth the headaches?

This is something we struggle with, especially being a small school. Keeping up with the latest Chromecast/Roku/Amazon Echo, etc devices is near impossible. A big thank you to product designers who put the MAC on a label on the outside. Thomas Carter Network & Operations Manager Austin College

Re: Self-registered MAC device bypass- worth the headaches?

Thanks, Bill. How do you deal with Amazon Echo, specifically? For that matter, is that how-to available to share? I've seen other schools' guides, but none that include latest round of devices. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Hi, We captive portal, and have the portal pull the mac out of the adjacency table on the router for the IP that the device spoke to the portal with (and then populate db etc.). -- ian Sent from my phone, please excuse brevity and/or misspelling. From: Seward,

Re: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

On 03/01/2016 09:11 AM, Lee H Badman wrote: Hi Everyone, Not looking for a lot of input on all of the things you CAN do- just asking a focused question for those that are doing it. We're piloting the ability for students to self-register games, TVs, Roku, etc. but am astounded at how hard

RE: [WIRELESS-LAN] Self-registered MAC device bypass- worth the headaches?

Lee, We leverage our Guest wifi network for mac registration via Clearpass. We do this for the obvious reason to support devices that don’t support 802.1x. The process is easy enough, but we are lacking in the communication of this service. We are learning that many students are just going

Self-registered MAC device bypass- worth the headaches?

Hi Everyone, Not looking for a lot of input on all of the things you CAN do- just asking a focused question for those that are doing it. We're piloting the ability for students to self-register games, TVs, Roku, etc. but am astounded at how hard some devices are to find MAC addresses for from

RE: Aruba Contact

Aruba can be very responsive. Contact be off-list if you still have issues and I can get the information to the necessary people within Aruba. Although HP bought Aruba, it is my understanding that Aruba’s team is in charge of all HP enterprise networking. ​ Bruce Osborne Wireless