Re: [WIRELESS-LAN] Student devices
On May 3, 2013, at 08:52 , LaMarr Baucom gbau...@murraystate.edu wrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. We don't really make a distinction between student and other devices on our primary SSID, which uses WPA2-Enterprise authentication and encryption via 802.1X. Devices that do not support those standards generally end up using our guest wireless SSID, which is not encrypted but requires device registration via captive portal. -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Student devices
Same secure SSID, WPA2-AES. They can also use the open SSID if they choose. Starting in Fall 2013, everyone will be using eduroam. Tim ** Tim Cappalli*, *Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edu On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.eduwrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. Thanks, LaMarr Baucom Wireless Network Engineer Murray State University (270) 809-2299 lamarr.bau...@murraystate.edu MSU Information Systems staff will *never* ask for your password or other confidential information via email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Student devices
We have two main SSID's - 'Owls' (WPA2-Enterprise, AES, but splits users into 'staff' or 'student' MPLS VRF based on a radius return value and 'Visitor' which is active capture with an AUP for users to read/agree. We'll be adding eduroam at some point, but not as a replacement for any of the others. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, May 03, 2013 9:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices Same secure SSID, WPA2-AES. They can also use the open SSID if they choose. Starting in Fall 2013, everyone will be using eduroam. Tim Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 mailto:cappa...@brandeis.edu cappa...@brandeis.edu On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.edu wrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. Thanks, LaMarr Baucom Wireless Network Engineer Murray State University (270) 809-2299 tel:%28270%29%20809-2299 mailto:lamarr.bau...@murraystate.edu lamarr.bau...@murraystate.edu MSU Information Systems staff will never ask for your password or other confidential information via email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,5183c35512824623121385! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Student devices
We only have 500+ people to deal with, so we hand out Ruckus DPSK (PSK good for one MAC address only) for all devices, school owned and private. This has worked out well as we avoid Radius etc. in our small environment. All school devices on a single SSID/vlan, all private devices on another SSID/vlan. I have started reading up on Eduroam, but would like to hear some commentary as to why people are beginning to roll it out. Thanks, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, May 03, 2013 7:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices Same secure SSID, WPA2-AES. They can also use the open SSID if they choose. Starting in Fall 2013, everyone will be using eduroam. Tim Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edumailto:cappa...@brandeis.edu On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.edumailto:gbau...@murraystate.edu wrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. Thanks, LaMarr Baucom Wireless Network Engineer Murray State University (270) 809-2299tel:%28270%29%20809-2299 lamarr.bau...@murraystate.edumailto:lamarr.bau...@murraystate.edu MSU Information Systems staff will never ask for your password or other confidential information via email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Student devices
I know we're not .us, but we rolled out eduroam as our primary/only SSID so that our users were already set up for it whenever they went away to visit another institution, and didn't have to suffer whatever guest arrangements other places had. Not only that, it lifted some of the burden of giving visitors access. On an enterprise scale, there's not much option but to use WPA(2)-Enterprise with radius etc anyway, and having a local enterprise network gives you 2 different names for essentially the same thing which simply causes more hassle for the users and impacts their experience. We provide a captive portal SSID that contains setup instructions for our users, and now clients behave somewhat better WRT wireless configuration (.mobileconfig etc), it's easy to get a client set up OK. We've been providing eduroam for a long time (since 2007), it's well accepted by our users and they appreciate the ability to go away to a conference, or visit another library, open their laptop and be connected. -- ian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bob Williamson Sent: 03 May 2013 15:38 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices We only have 500+ people to deal with, so we hand out Ruckus DPSK (PSK good for one MAC address only) for all devices, school owned and private. This has worked out well as we avoid Radius etc. in our small environment. All school devices on a single SSID/vlan, all private devices on another SSID/vlan. I have started reading up on Eduroam, but would like to hear some commentary as to why people are beginning to roll it out. Thanks, Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.orghttp://www.aw.org/ D: 253.272.2216 | F: 253.572.3616 | bob_william...@aw.orgmailto:bob_william...@aw.org From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Cappalli Sent: Friday, May 03, 2013 7:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices Same secure SSID, WPA2-AES. They can also use the open SSID if they choose. Starting in Fall 2013, everyone will be using eduroam. Tim Tim Cappalli, Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 cappa...@brandeis.edumailto:cappa...@brandeis.edu On Fri, May 3, 2013 at 9:52 AM, LaMarr Baucom gbau...@murraystate.edumailto:gbau...@murraystate.edu wrote: I was curious how you all handle student devices on your campus side. Do you guys use a dedicated SSID? Is it open, encrypted, are you using 802.1x? Any other details would be greatly appreciated. Thanks, LaMarr Baucom Wireless Network Engineer Murray State University (270) 809-2299tel:%28270%29%20809-2299 lamarr.bau...@murraystate.edumailto:lamarr.bau...@murraystate.edu MSU Information Systems staff will never ask for your password or other confidential information via email. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Student devices
What we will have: UI-Wireless-Setup – Captive portal that redirects to Cloudpath XpressConnect setup scripts. eduroam – We are using this as our main WP2-Enterprise connection for everyone, and we don't differentiate between students and staff. attwifi (Coming soon) - For parents, guests, and prospective students, etc. (open to the public, don't have to pay a fee). Users will appear to be outside our campus border. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Adam T Ferrero a...@temple.edumailto:a...@temple.edu Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Date: Friday, May 3, 2013 11:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Student devices We have: - Open wireless SSID for onboarding only. SMS text message credentials. Soon to add .mobileconfig one click provisioning feature. - Single WPA2 enterprise SSID for student, staff, guests – Freeradius detects ldap attributes and steers user groups towards certain vlans which leads to specific access permissions (controlled by router acls and firewall rules). - eduroam – Freeradius again steers folks based upon role It has served us fairly well and I personally love not having an open network for anything besides onboarding (plus we think it meets HEOA compliance). The one click provisioning should alleviate the last of the usability complaints (hopefully). Adam Temple University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.