date:20170328

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

2017-03-28 Thread Cappalli, Tim (Aruba)

As of 10.12.3, it does not seem to be prompting users to store the certificate 
anymore. Still trying to track down what changed.



On 3/28/17, 3:27 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Julian Y Koh"  wrote:

Hey all,

My Google-fu is weak today.  Can anyone tell me where macOS Sierra 
(10.12.x) stores the certificate used for wireless 802.1X EAP-PEAP connections? 
 In older versions of the OS, these were stored nicely in the Keychain, but 
they don’t seem to be there anymore.

We’re in the process of renewing the certificate on our RADIUS server, and 
our fuzzy 3-year old memories are telling us that the Macs used to prompt 
people again to accept the new certificate, but that doesn’t seem to be 
happening now either.  So all in all I’m a little confused.  :)

Thanks in advance!

-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/discuss.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

macOS Sierra and 802.1X certificate storage/validation

2017-03-28 Thread Julian Y Koh

Hey all,

My Google-fu is weak today.  Can anyone tell me where macOS Sierra (10.12.x) 
stores the certificate used for wireless 802.1X EAP-PEAP connections?  In older 
versions of the OS, these were stored nicely in the Keychain, but they don’t 
seem to be there anymore.

We’re in the process of renewing the certificate on our RADIUS server, and our 
fuzzy 3-year old memories are telling us that the Macs used to prompt people 
again to accept the new certificate, but that doesn’t seem to be happening now 
either.  So all in all I’m a little confused.  :)

Thanks in advance!

-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Chris Adams (IT)

We handle our non-802.1x dorm devices using Aerohive's PPSK implementation. We 
allow 1 device per key and drop them in a VLAN that is not enforced by our NAC.

PPSK are handed our by our ITSD and the keys automatically roll each calendar 
year.

Thanks,

Chris Adams, CISSP

Director, Network & Telecom Services
Division of Information Technology
University of North Georgia
E-Mail: chris.ad...@ung.edu | Office: (706) 867-2891

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 11:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

+1 for PPSK. Hopefully it's an effective implementation on Cisco's part.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, March 28, 2017 11:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

I'm moving toward this too, although I'm going the PPSK route (once Cisco gets 
it out of beta).

In my opinion it just doesn't make sense to push more restrictive methods on 
residential/students. It's just a huge hassle they have to endure for 4 years 
and then they'll never deal with it again.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 7:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

+1 for PPSK. Hopefully it's an effective implementation on Cisco's part.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Tuesday, March 28, 2017 11:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

I'm moving toward this too, although I'm going the PPSK route (once Cisco gets 
it out of beta).

In my opinion it just doesn't make sense to push more restrictive methods on 
residential/students. It's just a huge hassle they have to endure for 4 years 
and then they'll never deal with it again.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 7:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Jeffrey D. Sessler

I'm moving toward this too, although I'm going the PPSK route (once Cisco gets 
it out of beta).

In my opinion it just doesn't make sense to push more restrictive methods on 
residential/students. It's just a huge hassle they have to endure for 4 years 
and then they'll never deal with it again.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 7:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Jeffrey D. Sessler

Define bad?

For example, most colleges go to extraordinary lengths to locate/deliver DMCA  
notices when there is no legal reason to do so.

Jeff

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Tuesday, March 28, 2017 7:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

How do you track them down when they do something bad?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 10:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that

Re: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Hunter Fuller

Your replies have addressed what I was asking wrt security concerns. Thanks
for the detail.

On Tue, Mar 28, 2017 at 9:34 AM Lee H Badman  wrote:

> We don’t see a lot of bad coming out of the gadgets. If a laptop lands on
> that network- which is still security monitored- and does something bad,
> odds are extremely high that the device has also been used on the secure
> network because that’s where anything to do with campus is done. Our logs
> are rich, so it’s easy to correlate same device on multiple networks. If
> “bad” happens and we truly can’t find them period in logs for identity,
>  the degree of “bad” drives what happens next. But we have worked through
> every scenario we could think of and derived procedural answers that work
> for us.
>
>
>
> -Lee
>
>
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Bucklaew, Jerry
> *Sent:* Tuesday, March 28, 2017 10:22 AM
>
>
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication
>
>
>
> How do you track them down when they do something bad?
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Lee H Badman
> *Sent:* Tuesday, March 28, 2017 10:18 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication
>
>
>
> Absolutely no device restrictions. No preshare. Get on and go. But zero
> campus access, that requires using the authenticated network.
>
>
>
> *Lee Badman* | Network Architect
>
> Adjunct Instructor | CWNE #200
> Information Technology Services
> 206 Machinery Hall
> 120 Smith Drive
> Syracuse, New York 13244
>
> *t* 315.443.3003 <(315)%20443-3003>  * f* 315.443.4325 <(315)%20443-4325>
> *e* lhbad...@syr.edu *w* its.syr.edu
>
> *SYRACUSE UNIVERSITY*
> syr.edu
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Thomas Carter
> *Sent:* Tuesday, March 28, 2017 10:04 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication
>
>
>
> Is it restricted to only “gadgets and games”, or is it used for laptops as
> well? A majority of the services our students use are Internet facing also,
> so Internet-only access would still give them access to the services they
> need.
>
>
>
> I assume there is an authenticated SSID also?
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564 <(903)%20813-2564>
> www.austincollege.edu
>
> [image: image001.gif]
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> ] *On Behalf Of *Lee H Badman
> *Sent:* Tuesday, March 28, 2017 8:23 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Dorm Wireless Authentication
>
>
>
> After kicking tires on leading classification engines and weighing
> solution dollars and support costs, we opted to pilot a wide open "gadget
> and games" SSID in the dorms that only have Internet access for all the
> oddballs. With almost a full year in, it's been very well used and received
> and we've been able to answer all of our own security questions that anyone
> would be contemplating. I think we'll be moving forward with this model.
>
> Lee Badman (mobile)
>
>
> On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) <
> bosbo...@liberty.edu> wrote:
>
> Here is another vote for ClearPass with Aruba wireless.
>
>
>
> When an Apple TV is registered, it is also registered as an AirGroup
> personal device so the owner’s 802.1X Apple device can use AirPlay to
> display content on the device. We also use Aruba’s Dynamic Multicast
> Optimization to provide multicast IPTV over wireless.
>
>
>
>
>
> *Bruce Osborne*
>
> *Senior Network Engineer*
>
> *Network Operations - Wireless*
>
>  *(434) 592-4229 <(434)%20592-4229>*
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Robert Spellman [mailto:rsp...@bates.edu ]
> *Sent:* Monday, March 27, 2017 9:33 AM
> *Subject:* Re: Dorm Wireless Authentication
>
>
>
> We use Aruba Clearpass, and have two SSID's on campus, one which is
> 802.1X, and the other open, doing MAC based authentication.  Clearpass
> allows users to register their own devices for MAC authentication by
> logging into the Clearpass guest portal.  Students can register devices for
> a year, while guests can register devices for 2 days.
>
>
>
> Rob
>
>
>
> Robert Spellman
>
> Bates College
>
> Information and Library Services
>
>
>
> On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
>
> Good morning everyone,
>

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

You assume correctly, Tim.

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Cappalli, Tim (Aruba)
Sent: Tuesday, March 28, 2017 10:25 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Lee, so I assume you’re not supporting mDNS and DLNA based services?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
> 
on behalf of "Bucklaew, Jerry" >
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
>
Date: Tuesday, March 28, 2017 at 10:22 AM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
>
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

How do you track them down when they do something bad?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 10:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only “gadgets and games”, or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[ttp://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner’s 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba’s Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

We don't see a lot of bad coming out of the gadgets. If a laptop lands on that 
network- which is still security monitored- and does something bad, odds are 
extremely high that the device has also been used on the secure network because 
that's where anything to do with campus is done. Our logs are rich, so it's 
easy to correlate same device on multiple networks. If "bad" happens and we 
truly can't find them period in logs for identity,  the degree of "bad" drives 
what happens next. But we have worked through every scenario we could think of 
and derived procedural answers that work for us.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Tuesday, March 28, 2017 10:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

How do you track them down when they do something bad?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 10:18 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some

Re: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Cappalli, Tim (Aruba)

Lee, so I assume you’re not supporting mDNS and DLNA based services?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
 on behalf of "Bucklaew, Jerry" 

Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 

Date: Tuesday, March 28, 2017 at 10:22 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

How do you track them down when they do something bad?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only “gadgets and games”, or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[ttp://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner’s 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba’s Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Bucklaew, Jerry

How do you track them down when they do something bad?

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

Absolutely no device restrictions. No preshare. Get on and go. But zero campus 
access, that requires using the authenticated network.

Lee Badman | Network Architect

Adjunct Instructor | CWNE #200
Information Technology Services
206 Machinery Hall
120 Smith Drive
Syracuse, New York 13244
t 315.443.3003   f 315.443.4325   e lhbad...@syr.edu w 
its.syr.edu
SYRACUSE UNIVERSITY
syr.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Thomas Carter
Sent: Tuesday, March 28, 2017 10:04 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

[https://docs.google.com/uc?export=download=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Thomas Carter

Is it restricted to only "gadgets and games", or is it used for laptops as 
well? A majority of the services our students use are Internet facing also, so 
Internet-only access would still give them access to the services they need.

I assume there is an authenticated SSID also?
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, March 28, 2017 8:23 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

[https://docs.google.com/uc?export=download=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

Hi Hunter,

I’d have to know what “security concerns” mean in this context, as that’s a 
pretty broad and variable phrase.

DMCA is no different than anywhere else on campus- we track down who offended 
(and we get very few to begin with). We have yet to have one that is 
untraceable, and have an acceptable (to our security officer and CIO) action 
plan if one ever was untraceable. I know this is vague, but easier to explain 
verbally rather than typing out a book. Same goes for Law Enforcement (who we 
have a great working relationship with in a number of directions).  Even on an 
open network, we have several ways of identifying either the person behind the 
device in our ecosystem, or minimally the device itself and using that to find 
the offender (in the worst cases) or simply blocking that device from further 
activity if it doesn’t rise to the level of absolutely needing to identify the 
user.

-Lee

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller
Sent: Tuesday, March 28, 2017 9:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Dorm Wireless Authentication

How do you handle security concerns, DMCA, and law enforcement requests for 
this ESSID?

On Tue, Mar 28, 2017 at 8:23 AM Lee H Badman 
> wrote:
After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:
Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner’s 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba’s Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

[https://docs.google.com/uc?export=download=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this

Re: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Hunter Fuller

How do you handle security concerns, DMCA, and law enforcement requests for
this ESSID?

On Tue, Mar 28, 2017 at 8:23 AM Lee H Badman  wrote:

After kicking tires on leading classification engines and weighing solution
dollars and support costs, we opted to pilot a wide open "gadget and games"
SSID in the dorms that only have Internet access for all the oddballs. With
almost a full year in, it's been very well used and received and we've been
able to answer all of our own security questions that anyone would be
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) <
bosbo...@liberty.edu> wrote:

Here is another vote for ClearPass with Aruba wireless.



When an Apple TV is registered, it is also registered as an AirGroup
personal device so the owner’s 802.1X Apple device can use AirPlay to
display content on the device. We also use Aruba’s Dynamic Multicast
Optimization to provide multicast IPTV over wireless.





*Bruce Osborne*

*Senior Network Engineer*

*Network Operations - Wireless*

 *(434) 592-4229 <(434)%20592-4229>*

*LIBERTY UNIVERSITY*

*Training Champions for Christ since 1971*



*From:* Robert Spellman [mailto:rsp...@bates.edu ]
*Sent:* Monday, March 27, 2017 9:33 AM
*Subject:* Re: Dorm Wireless Authentication



We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X,
and the other open, doing MAC based authentication.  Clearpass allows users
to register their own devices for MAC authentication by logging into the
Clearpass guest portal.  Students can register devices for a year, while
guests can register devices for 2 days.



Rob



Robert Spellman

Bates College

Information and Library Services



On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil  wrote:

Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently
we mainly just cover some of the common areas and students for the most
part bring in their own routers. As most folks can appreciate, this has
caused years of technical problems and is also not seen as great customer
service.

On our main campus wifi, we have people authenticate using 802.1x radius
authentication using their university username and password. We have some
concerns about doing this in the dormitories however. We know that students
bring all sorts of consumer grade devices that require network access into
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices
will not work with username and password authentication and we are not
looking to Mac exclude these devices on the network, given the overhead of
setting this up. So we are looking possibly at doing WPA Personal with a
passphrase that would be given to students.

What are others doing? Has this come up as an issue for any of you?

Best,

Chris


-- 

CHRIS BREZIL
*ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS*
INFORMATION TECHNOLOGY 

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu

 |  212.229.5300
x4512 <(212)%20229-5300>

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] Dorm Wireless Authentication

2017-03-28 Thread Lee H Badman

After kicking tires on leading classification engines and weighing solution 
dollars and support costs, we opted to pilot a wide open "gadget and games" 
SSID in the dorms that only have Internet access for all the oddballs. With 
almost a full year in, it's been very well used and received and we've been 
able to answer all of our own security questions that anyone would be 
contemplating. I think we'll be moving forward with this model.

Lee Badman (mobile)

On Mar 28, 2017, at 7:48 AM, Osborne, Bruce W (Network Operations) 
> wrote:

Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner's 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba's Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.

Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

[https://docs.google.com/uc?export=download=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: Dorm Wireless Authentication

2017-03-28 Thread Osborne, Bruce W (Network Operations)

Here is another vote for ClearPass with Aruba wireless.

When an Apple TV is registered, it is also registered as an AirGroup personal 
device so the owner’s 802.1X Apple device can use AirPlay to display content on 
the device. We also use Aruba’s Dynamic Multicast Optimization to provide 
multicast IPTV over wireless.


Bruce Osborne
Senior Network Engineer
Network Operations - Wireless
 (434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971

From: Robert Spellman [mailto:rsp...@bates.edu]
Sent: Monday, March 27, 2017 9:33 AM
Subject: Re: Dorm Wireless Authentication

We use Aruba Clearpass, and have two SSID's on campus, one which is 802.1X, and 
the other open, doing MAC based authentication.  Clearpass allows users to 
register their own devices for MAC authentication by logging into the Clearpass 
guest portal.  Students can register devices for a year, while guests can 
register devices for 2 days.

Rob

Robert Spellman
Bates College
Information and Library Services

On Mon, Mar 27, 2017 at 9:16 AM, Chris Brezil 
> wrote:
Good morning everyone,

We are planning a larger scale roll out of wireless in our dorms. Currently we 
mainly just cover some of the common areas and students for the most part bring 
in their own routers. As most folks can appreciate, this has caused years of 
technical problems and is also not seen as great customer service.

On our main campus wifi, we have people authenticate using 802.1x radius 
authentication using their university username and password. We have some 
concerns about doing this in the dormitories however. We know that students 
bring all sorts of consumer grade devices that require network access into 
their rooms, such as Apple TV, Amazon Echos, etc. Many of these devices will 
not work with username and password authentication and we are not looking to 
Mac exclude these devices on the network, given the overhead of setting this 
up. So we are looking possibly at doing WPA Personal with a passphrase that 
would be given to students.

What are others doing? Has this come up as an issue for any of you?
Best,
Chris

--

CHRIS BREZIL
ASSISTANT VICE PRESIDENT, ENTERPRISE OPERATIONS
INFORMATION TECHNOLOGY

71 FIFTH AVENUE, 9th FLOOR, NEW YORK, NY 10003
brez...@newschool.edu
  |  212.229.5300 x4512

[https://docs.google.com/uc?export=download=0Bz9BzY1rvKW_bDQ4SU1RUmpfMTQ=0Bz9BzY1rvKW_cWtOekJTQ2RIdFFhQ3h1T0h3a3p3Vk9KT2pVPQ]
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

macOS Sierra and 802.1X certificate storage/validation

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

Re: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

Re: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

RE: [WIRELESS-LAN] Dorm Wireless Authentication

Re: [WIRELESS-LAN] Dorm Wireless Authentication

Re: [WIRELESS-LAN] Dorm Wireless Authentication

RE: Dorm Wireless Authentication

17 matches

Site Navigation

Mail list logo

Footer information