Re: [External] Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi
a little late but +1 to Felix's point. We came to the same conclusion roughly 2 year ago. We decided on a guest experience where general users have to confirm their registered identity on an open SSID. Bandwidth and services are restricted for guests so we built a portal for students to self register devices and receive improved services. This is clearpass over aruba wireless and works very well. Nayef Z. Smith | Emory LITS Network Monitoring and Tools | Suite 1495 | 1762 Clifton Road | Atlanta GA 30322 | Voice: 404-727-6019 From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Felix Windt Sent: Monday, February 24, 2020 4:47 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [External] Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi Just for argument’s sake: why? Your users do not care about their WiFi access being authenticated. They don’t care about it being encrypted. From your user’s perspective, you’re about to make the wireless system behave worse. Do you have an underlying reason that makes driving traffic towards the authenticated, encrypted wireless network a requirement, or is it for its own sake? If it’s the latter, you’ll have a lot of unhappy users on your hand, without a good reason to explain to them why that change was made. thx, felix From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Mangaiah Chowdary Garikapati Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Monday, February 24, 2020 at 4:40 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi Main goal is to put registration in front of unsecured Guest Wireless to help drive more traffic towards an authenticated secured campus wireless but students bring personal devices which may not be compatible with the registration / authentication process which is why we are enabling MAC bypass process on Guest wireless through Mydevices portal but encountering issues to make them work like before with casting / mirroring working. Thank you, Mangaiah Chowdary Garikapati Project Manager PMO | Division of Information Technology 3100 Sycamore Road | DeKalb, IL 60115 mgarikapa...@niu.edu<mailto:mgarikapa...@niu.edu> [125-signature] From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Rob Harris Sent: Monday, February 24, 2020 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi May I ask what your goals are in this change? (to echo the other responses, Aruba Clearpass is a great choice for this, we use it and it does everything we need it to). [The Culinary Institute of America] Robert Harris Manager – Telecom, Networks, & AV Services Culinary Institute of America 1946 Campus Drive Hyde Park, NY 845-451-1681 www.ciachef.edu<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ciachef.edu%2F=02%7C01%7Cfelix.windt%40DARTMOUTH.EDU%7Ccd0827d46bdb465890e008d7b97228b4%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C637181772284481517=oTVeti4avHXb%2BqrZa%2Fasj%2F9VgI5w1FZ6HdRIlhj2h80%3D=0> Food is Life Create and Savor Yours.™ Please consider the environment before printing this e-mail. From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mangaiah Chowdary Garikapati Sent: Monday, February 24, 2020 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi Hello, At NIU, we are currently undergoing a project to move away from open access Guest Wireless to a registration based Guest Wireless using Cisco ISE and we are having following issues and any help or suggestions on these are much appreciated. 1. In the new system, devices are not able to see each other for casting purposes, is there any option we need to select to enable various casting and mirroring capabilities in the new registration based Guest Wireless? 2. We are also using ‘Mydevices’ portal to add devices which doesn’t have capabilities to register / authenticate (e.g. Chromecast, Roku etc.) but this is looking like a hit and miss where some devices connect immediately and some take at least an hour to two to be recognized and allowed to connect to the AP. Any suggestions why this could be happening? Thank you, Mangaiah Chowdary Garikapati Project Manager PMO | Division of Information Technology 3100 Sycamore Road | DeKalb, IL 60115 mgarikapa...@niu.edu<mailto:mgarikapa...@niu.edu> [125-signature] ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email add
Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi
Just for argument’s sake: why? Your users do not care about their WiFi access being authenticated. They don’t care about it being encrypted. From your user’s perspective, you’re about to make the wireless system behave worse. Do you have an underlying reason that makes driving traffic towards the authenticated, encrypted wireless network a requirement, or is it for its own sake? If it’s the latter, you’ll have a lot of unhappy users on your hand, without a good reason to explain to them why that change was made. thx, felix From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Mangaiah Chowdary Garikapati Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv Date: Monday, February 24, 2020 at 4:40 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" Subject: Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi Main goal is to put registration in front of unsecured Guest Wireless to help drive more traffic towards an authenticated secured campus wireless but students bring personal devices which may not be compatible with the registration / authentication process which is why we are enabling MAC bypass process on Guest wireless through Mydevices portal but encountering issues to make them work like before with casting / mirroring working. Thank you, Mangaiah Chowdary Garikapati Project Manager PMO | Division of Information Technology 3100 Sycamore Road | DeKalb, IL 60115 mgarikapa...@niu.edu<mailto:mgarikapa...@niu.edu> [125-signature] From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Rob Harris Sent: Monday, February 24, 2020 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi May I ask what your goals are in this change? (to echo the other responses, Aruba Clearpass is a great choice for this, we use it and it does everything we need it to). [The Culinary Institute of America] Robert Harris Manager – Telecom, Networks, & AV Services Culinary Institute of America 1946 Campus Drive Hyde Park, NY 845-451-1681 www.ciachef.edu<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ciachef.edu%2F=02%7C01%7Cfelix.windt%40DARTMOUTH.EDU%7Ccd0827d46bdb465890e008d7b97228b4%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C637181772284481517=oTVeti4avHXb%2BqrZa%2Fasj%2F9VgI5w1FZ6HdRIlhj2h80%3D=0> Food is Life Create and Savor Yours.™ Please consider the environment before printing this e-mail. From: The EDUCAUSE Wireless Issues Community Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> On Behalf Of Mangaiah Chowdary Garikapati Sent: Monday, February 24, 2020 11:32 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi Hello, At NIU, we are currently undergoing a project to move away from open access Guest Wireless to a registration based Guest Wireless using Cisco ISE and we are having following issues and any help or suggestions on these are much appreciated. 1. In the new system, devices are not able to see each other for casting purposes, is there any option we need to select to enable various casting and mirroring capabilities in the new registration based Guest Wireless? 2. We are also using ‘Mydevices’ portal to add devices which doesn’t have capabilities to register / authenticate (e.g. Chromecast, Roku etc.) but this is looking like a hit and miss where some devices connect immediately and some take at least an hour to two to be recognized and allowed to connect to the AP. Any suggestions why this could be happening? Thank you, Mangaiah Chowdary Garikapati Project Manager PMO | Division of Information Technology 3100 Sycamore Road | DeKalb, IL 60115 mgarikapa...@niu.edu<mailto:mgarikapa...@niu.edu> [125-signature] ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cfelix.windt%40DARTMOUTH.EDU%7Ccd0827d46bdb465890e008d7b97228b4%7C995b093648d640e5a31ebf689ec9446f%7C0%7C0%7C637181772284491509=aEEPECKulbP5qcUa5nZa9rT63kvqs8laveIZRWC67cI%3D=0> ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity=02%7C01%7Cfelix.win
Re: [WIRELESS-LAN] Implementing registration based Guest Wi-Fi
Vendors handle this very differently, but in general they tend to "block" inter-device communications in order to protect the wireless network experience from chatty protocols like mDNS. Aruba's Clearpass for example uses the concept of AirGroups, where every user's devices can see each other and hence allow casting. You still need to register them (by recording their mac address) and put them on an open SSID, But they can still communicate between different SSIDs. We have no issues with the big three (Google, Apple, Amazon) and most other IoT devices. Good luck. You're gonna need it.. On Mon, Feb 24, 2020 at 11:41 AM Mangaiah Chowdary Garikapati < mgarikapa...@niu.edu> wrote: > Hello, > > > > At NIU, we are currently undergoing a project to move away from open > access Guest Wireless to a registration based Guest Wireless using Cisco > ISE and we are having following issues and any help or suggestions on these > are much appreciated. > > > >1. In the new system, devices are not able to see each other for >casting purposes, is there any option we need to select to enable various >casting and mirroring capabilities in the new registration based Guest >Wireless? >2. We are also using ‘Mydevices’ portal to add devices which doesn’t >have capabilities to register / authenticate (e.g. Chromecast, Roku etc.) >but this is looking like a hit and miss where some devices connect >immediately and some take at least an hour to two to be recognized and >allowed to connect to the AP. Any suggestions why this could be happening? > > > > Thank you, > > *Mangaiah Chowdary Garikapati* > > Project Manager > > PMO | Division of Information Technology > > 3100 Sycamore Road | DeKalb, IL 60115 > > mgarikapa...@niu.edu > > [image: 125-signature] > > > > ** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > -- °(((=((===°°°((( ** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
