RE: [WIRELESS-LAN] student residential routers?

[Adam T Ferrero]

Hector,

  We are in the same boat and want to eliminate the carrier drop down that the 
user has to select.  Not to mention all the obscure international carriers that 
we are missing.  Clearpass 6.5 has a couple non SMTP methods that we had 
trouble executing against a Verizon SMS gateway.  Clearpass 6.6.0 is adding 
SMPP support and we are hoping to get that to go.  Seems like an easier path 
for us.

  Adam Ferrero
  Temple University

Sent from my Verizon Wireless 4G LTE Tablet


 Original message 
From: Hector J Rios 
Date: 6/27/2016 15:20 (GMT-05:00)
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] student residential routers?

I did. But the issue with using SMTP is that the user must chose the provider.  
I don't like  that.

Thank you everyone else for your responses, especially when I completely forgot 
to change the subject of my original message.

H

On Jun 27, 2016, at 2:11 PM, Trenton Hurt 
> wrote:

Have you looked at sms over smtp

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/SMS-over-SMTP-in-CPPM/ta-p/192395



On Monday, June 27, 2016, Hector J Rios > 
wrote:
Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I'm interested in that option.

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

[Tim Tyler]

Dexter,

I think that is a good point.  There are going to be more and more devices
broadcasting their own SSID beside routers.   Printers, TV’s, etc.  This
topic is probably going to affect us all much more in the future.   I am
not worried in the short run, but I will be curious to see how this evolves
for us in the long run.   We also have a policy of not allowing student
routes, but I doubt I will do much enforcement.  I am hoping to educate
students that we can support almost all layer 2 devices.  But SSID
broadcasts are going to increase regardless.   And we are close to some
residential neighborhoods which we would never have control over anyways.

Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Dexter Caldwell
*Sent:* Monday, June 27, 2016 3:46 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] student residential routers?



We have a policy against it, but generally enforce it on an as-needed
basis.   We reserve and exercise the right to maintain the health of the
network, but we generally don’t actively constantly patrol to remove them
unless we have a problem.  There are so many printers and other devices
that are broadcasting wireless by default that it’s not very practical
anyway.





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
] *On Behalf Of *Tim Tyler
*Sent:* Friday, June 24, 2016 2:49 PM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] student residential routers?



Wireless-lan members,



Ok, I am curious as to what your opinions are on allowing students to have
their own wireless routers in residential buildings (dorms).   While we
have a policy that we don’t allow them, it is extremely difficult and
time-consuming to stop them.  The two main points seem to be:

Consumes more over-head of available frequency bandwidth.

Less secure.



The 5.0ghz radios have so many more channels now.  So is this bandwidth
consumption and efficiency still a major concern for many of you?   I know
this was most certainly a critical issue for the 2.4ghz radios with only 3
channels, but my stats are showing that 2/3rds of our clients now connect
to the 5.0ghz radio.   AC allows for much better density.  So is the
additional over-head of additional SSID broadcasts still a big issue?   If
so, are there any articles talking about this with regard to 5.0ghz
technology?



As far as security is concerned, it just seems to me that keeping the enemy
out of our networks was a lost cause a long time ago.  I don’t even trust
my fac/staff subnets let alone student ones.  I know that residential style
routers are not secure, but I have to wonder how significant this issue is.
  After all, one is only gaining access to the network.  Nothing sensitive
at this stage has been compromised yet.  I wonder if this is a marginal
issue given how often hackers gain access to computers inside networks
anyways.



I am really curious as to what many of you think about this.  Do you have
policy to not allow student routers?  Do you put in effort to suppress
student router deployment?



Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

[Dexter Caldwell]

We have a policy against it, but generally enforce it on an as-needed basis.   
We reserve and exercise the right to maintain the health of the network, but we 
generally don’t actively constantly patrol to remove them unless we have a 
problem.  There are so many printers and other devices that are broadcasting 
wireless by default that it’s not very practical anyway.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, June 24, 2016 2:49 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] student residential routers?

Wireless-lan members,

Ok, I am curious as to what your opinions are on allowing students to have 
their own wireless routers in residential buildings (dorms).   While we have a 
policy that we don’t allow them, it is extremely difficult and time-consuming 
to stop them.  The two main points seem to be:

Consumes more over-head of available frequency bandwidth.

Less secure.

The 5.0ghz radios have so many more channels now.  So is this bandwidth 
consumption and efficiency still a major concern for many of you?   I know this 
was most certainly a critical issue for the 2.4ghz radios with only 3 channels, 
but my stats are showing that 2/3rds of our clients now connect to the 5.0ghz 
radio.   AC allows for much better density.  So is the additional over-head of 
additional SSID broadcasts still a big issue?   If so, are there any articles 
talking about this with regard to 5.0ghz technology?

As far as security is concerned, it just seems to me that keeping the enemy out 
of our networks was a lost cause a long time ago.  I don’t even trust my 
fac/staff subnets let alone student ones.  I know that residential style 
routers are not secure, but I have to wonder how significant this issue is.   
After all, one is only gaining access to the network.  Nothing sensitive at 
this stage has been compromised yet.  I wonder if this is a marginal issue 
given how often hackers gain access to computers inside networks anyways.

I am really curious as to what many of you think about this.  Do you have 
policy to not allow student routers?  Do you put in effort to suppress student 
router deployment?

Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Hector J Rios]

I did. But the issue with using SMTP is that the user must chose the provider.  
I don't like  that.

Thank you everyone else for your responses, especially when I completely forgot 
to change the subject of my original message.

H

On Jun 27, 2016, at 2:11 PM, Trenton Hurt 
> wrote:

Have you looked at sms over smtp

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/SMS-over-SMTP-in-CPPM/ta-p/192395



On Monday, June 27, 2016, Hector J Rios > 
wrote:
Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I'm interested in that option.

Regards,

Hector Rios
Louisiana State University
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Philippe Hanset]

Hector, All,

Your question about SMS gateway and a previous thread about “less SSIDs” 
reminds me to inform this community about a pilot project
that we have implemented for eduroam connected schools.
The eduroam SSID doesn’t handle ALL guests, so we have created a pilot project 
to allow eduroam enabled schools
to independently handle their non-education guests onto the eduroam SSID using 
SMS and EAP-TLS certificate per guest device.
(it doesn’t break the eduroam trust fabric since each school opts-in). Similar 
initiatives are going on in other eduroam countries (Japan, Netherlands, …).

How to test this?
Go to www.eduroam.us and authenticate as Admin. Under “administration” pick 
“enable ANYROAM”.
This will allow your school to welcome guests onto your eduroam SSID with 
EAP-TLS certificates in the form "unique-h...@pilot.anyroam.net”
Since the REALM is always the same, you can assign these guests to any 
VLAN/subnet that you deem appropriate.

How to get an ANYROAM certificate/profile? go to http://anyroam.cloudpath.net. 
The certificate is good for one year so that guests don’t have to constantly 
have to be configured. You can test this briefly for yourself as an admin and 
turn it off when you desire. Be careful though, the profile will take over your 
existing eduroam config,
so you will have to delete the ANYROAM profile and re-install yours.
(you submit your phone number, you then get an SMS with a unique pwd, you then 
get automatically configured with an EAP-TLS-eduroam profile with an outer 
identity of the form unique-h...@pilot.anyroam.net)

We hope that the side effect of this service will be to easily handle secure 
guests access for schools with less SSIDs used, and also to promote the spread 
of the eduroam SSID beyond the campus.
(a coffee shop could now support the eduroam SSID and welcome students, 
faculty, staff, and users with ANYROAM identities). 
More features will come later on … stay tuned!

Let us know if you have questions,

Philippe

Philippe Hanset
www.eduroam.us
www.anyroam.net




> On Jun 27, 2016, at 2:28 PM, Hector J Rios  wrote:
> 
> Any recommendations on an SMS gateway service? We are implementing ClearPass 
> and we want our sponsors to have the ability to send credentials via text. I 
> know about leveraging SMTP, but I’m interested in that option. 
>  
> Regards, 
>  
> Hector Rios
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/ .
> 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Trenton Hurt]

Have you looked at sms over smtp

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/SMS-over-SMTP-in-CPPM/ta-p/192395



On Monday, June 27, 2016, Hector J Rios  wrote:

> Any recommendations on an SMS gateway service? We are implementing
> ClearPass and we want our sponsors to have the ability to send credentials
> via text. I know about leveraging SMTP, but I’m interested in that option.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Coehoorn, Joel]

We looked into Clickatel and really *really *liked it.

Unfortunately, our campus is pretty close to the middle of nowhere. Neither
AT, Sprint, nor T-Mobile have the coverage to reliably deliver texts, and
they comprise a fair number of our visitors. You NEED Verizon (or a
verizon-based mvno) out here. I'm still trying to figure out a good
reliable way to get keys to guests in the absence of conistent txt message
delivery.



Joel Coehoorn
Director of Information Technology
402.363.5603
*jcoeho...@york.edu *

The mission of York College is to transform lives through
Christ-centered education and to equip students for lifelong service to
God, family, and society

On Mon, Jun 27, 2016 at 1:55 PM, Lee H Badman  wrote:

> Twillio. Is reliable and affordable.
>
> Lee Badman
> Network Architect/Wireless TME
> Syracuse University
> 315.443.3003
>
>
> -Original Message-
> *From:* Hector J Rios [hr...@lsu.edu]
> *Received:* Monday, 27 Jun 2016, 14:29
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU [
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]
> *Subject:* Re: [WIRELESS-LAN] student residential routers?
>
> Any recommendations on an SMS gateway service? We are implementing
> ClearPass and we want our sponsors to have the ability to send credentials
> via text. I know about leveraging SMTP, but I’m interested in that option.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: student wifi and staff/Professor wifi

[Dexter Caldwell]

We mostly do limit SSIDS for similar reason as Bruce mentioned, , but we do 
actually have separate SSIDs for Employees and students.  This isn’t 
necessarily required to put users in a particular vlan, but it makes reporting 
easier.  Students register gaming devices on the Student SSID so we don’t have 
a separate one for that.  Gaming devices mostly get plugged in because they 
don’t support 802.1x.  We’ve been considering implementing a gaming SSID, but 
management of it (Ex, keeping students off) isn’t an easy thing for us.  We do 
have some special cases, but we limit where they are broadcast.

We use separate networks for employees and etudents so that we can manage, 
direct and secure student traffic separately from that of administrative 
traffic.


Dexter Caldwell
Dir. Systems & Networks
Information Technology Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldw...@furman.edu
office: 864-294-3566
facsimile: 864-294.3001


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Osborne, Bruce W 
(Network Services)
Sent: Tuesday, June 14, 2016 7:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] student wifi and staff/Professor wifi

It is not a good idea to use multiple SSIDs.


1.   Adding SSIDs adds AP beacon broadcasts, reducing the usable, limited 
RF spectrum.

2.   As an enterprise, you should be using a WPA2-Enterprise SSID using 
802.1X. You can then  apply different policies based on user groups, including 
bandwidth & access.

We have many user roles, including
Staff
IT Admin
Students
Student Workers
Many roles for partner organizations for who we provide various levels of 
network access.

The main reasons for additional SSIDs are for:

1.   Onboarding to the 802.1X SSID

2.   Non-802.1X capable devices (We register devices by username & mac 
address for bandwidth tracking purposes.)

3.   Network access for outside guests.


For 1 & 2, we use one open SSID. We also have a separate SSID for Guest access.

​

Bruce Osborne
Wireless Engineer
IT Network Services - Wireless

(434) 592-4229

LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Marcelo Maraboli [mailto:marcelo.marab...@uc.cl]
Sent: Monday, June 13, 2016 1:39 PM
Subject: student wifi and staff/Professor wifi

Hello all.

I am wondering how many of you have a split wifi network, a STUDENT SSID
and a Staff/Professor SSID and why ?

We would like to apply different limitations to each
- BW access to Internet
- security policy
- Ensure BW for teachers classrooms


Please help me find if this is a good or bad idea.


best regards,
--
Marcelo Maraboli Rosselott
Subdirector de Innovación Tecnológica
Dirección de Informática
Pontificia Universidad Católica de Chile
http://informatica.uc.cl/
--
Campus San Joaquín, Av. Vicuña Mackenna 4860, Macul
Santiago, Chile
Teléfono: (56) 22354 1341
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] student residential routers?

[Brad Weldon]

We are using Clickatell SMS Gateway with our ClearPass Guest installation
for a few months now. No problems. Integrated easily.

- - - - -
Brad Weldon
Network Engineer
George Fox University
- - - - -

On Mon, Jun 27, 2016 at 11:28 AM, Hector J Rios  wrote:

> Any recommendations on an SMS gateway service? We are implementing
> ClearPass and we want our sponsors to have the ability to send credentials
> via text. I know about leveraging SMTP, but I’m interested in that option.
>
>
>
> Regards,
>
>
>
> Hector Rios
>
> Louisiana State University
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] student residential routers?

[Hector J Rios]

Any recommendations on an SMS gateway service? We are implementing ClearPass 
and we want our sponsors to have the ability to send credentials via text. I 
know about leveraging SMTP, but I’m interested in that option.

Regards,

Hector Rios
Louisiana State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.