Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm
Android at least flags networks "No internet access detected, won't automatically connect" if probes fail. This does happen on known/saved networks if they fail long enough, but seems very quick for an automatically found open network. I could see that behavior causing a significant reduction in steady state DHCP usage if a portal is in place, although could still result in bursts of many leases used one time whenever large numbers of new devices arrive (beginning of terms, large guest events). Although occasionally filling up due to guests for short intervals may be not as big of a deal if all the usual devices already have leases then (especially if most student/employee mobile devices are on a pool behind 802.1x anyways and open is TVs and game consoles and such). On Tue, May 17, 2016 at 6:27 AM, Osborne, Bruce W (Network Services) < bosbo...@liberty.edu> wrote: > I can only speak from our experience. > > > > We went from portal to no-portal and saw a large increase in dhcp lease > usage. > > > > As best as we can determine, if there is not a portal, many mobile clients > keep probing to verify that Internet access is still available. This lets > the device inform the user there is a usable wireless Internet connection > available. > > > > If there is a portal, they seem probe less aggressively. > > > > > > > > *Bruce Osborne* > > *Wireless Engineer* > > *IT Network Services - Wireless* > > > > *(434) 592-4229 <%28434%29%20592-4229>* > > > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Trent Hurt [mailto:trent.h...@louisville.edu] > *Sent:* Monday, May 16, 2016 9:15 AM > > *Subject:* Re: One more round- finer point on Open Networks in Dorm > > > > I’m curious how a portal solves dhcp capacity issues. > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Osborne, Bruce W > (Network Services) > *Sent:* Monday, May 16, 2016 7:51 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] One more round- finer point on Open > Networks in Dorm > > > > > > Agreed. > > > > We had a wide open Guest network for a while until there were DHCP > capacity issues. We then inserted a portal to fix that. > > > > > > *Bruce Osborne* > > *Wireless Engineer* > > *IT Network Services - Wireless* > > > > *(434) 592-4229 <%28434%29%20592-4229>* > > > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Brian Helman [mailto:bhel...@salemstate.edu > <bhel...@salemstate.edu>] > *Sent:* Friday, May 13, 2016 11:50 AM > *Subject:* Re: One more round- finer point on Open Networks in Dorm > > > > Lee, I posed this question back at NERCOMP. You may want to also know the > answer to “who has done this and switched back to a non-open environment?”. > > > > -Brian > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ > mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Lee H Badman > *Sent:* Friday, May 13, 2016 9:02 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] One more round- finer point on Open Networks in > Dorm > > > > > > I asked this back in February, and would like to go one more round with > some specifics applied. Direct response off-list is OK if you prefer. Let > me ask it two ways: > > > > ·Who runs a wide-open WLAN in their dorms? I’m talking no > encryption, no portal, no nothing. Just get on and go, baby. > > ·Same question, but with simple PSK/WPA2 added. > > > > No ISE, no Clearpass, no MAC registrations. For those doing this, do you > rate-limit? Restrict access only to Internet? Block WLAN clients from > directly reaching each other? Any other restrictions/policy configs applied? > > > > Thanks, > > > > Lee Badman > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/ > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=TvAuSlsREJ9X4N_0i1peynRMWzLje-rUZgvK4XBcmBM=1zgjb1XO7lBZgQbZKKuvJWqf2FVPCmM4OFuPVX6nPX8=>. > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can
Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm
(I feel like any answers to this question should be told around a campfire at night with a flashlight under your chin...) This was probably pushing ten years ago, but we once visited another institution that had a completely open policy. It was not working out well for them. They had three basic problems with it: - No per-user authentication or registration at all meant no way to track down the responsible party for a given machine. (Other places have done log analysis to mitigate this, doing things like cross referencing domain and email logins to map username to IP addresses, but they didn't have any of that infrastructure set up.) - Their buildings were physically intermingled with unaffiliated residential areas. This plus the complete lack of access control meant they had to budget resources, most notably upstream bandwidth and IP subnet sizes, to account for both their own population and any neighbors who figured out they could get free internet. - By setting the bar so low, they had a very uphill battle imposing any kind of controls at all on their user base. The overall end result was lots of intermittent problems that led to lots of user complaints about unreliable wireless, no good way to track down the source(s) of the problems, and an administration resistant to implementing any substantial changes. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 5/13/2016 9:02 AM, Lee H Badman wrote: I asked this back in February, and would like to go one more round with some specifics applied. Direct response off-list is OK if you prefer. Let me ask it two ways: * Who runs a wide-open WLAN in their dorms? I’m talking no encryption, no portal, no nothing. Just get on and go, baby. * Same question, but with simple PSK/WPA2 added. No ISE, no Clearpass, no MAC registrations. For those doing this, do you rate-limit? Restrict access only to Internet? Block WLAN clients from directly reaching each other? Any other restrictions/policy configs applied? Thanks, Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm
Can you explain why you made the switch? Thomas Carter Network & Operations Manager Austin College From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey Sent: Friday, May 13, 2016 1:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm Westmont was wide open and is now non-open in the dorms. There are selected placed on campus and selected times on campus when wireless is opened up. John On Fri, May 13, 2016 at 8:50 AM, Brian Helman <bhel...@salemstate.edu<mailto:bhel...@salemstate.edu>> wrote: Lee, I posed this question back at NERCOMP. You may want to also know the answer to “who has done this and switched back to a non-open environment?”. -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Lee H Badman Sent: Friday, May 13, 2016 9:02 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm I asked this back in February, and would like to go one more round with some specifics applied. Direct response off-list is OK if you prefer. Let me ask it two ways: • Who runs a wide-open WLAN in their dorms? I’m talking no encryption, no portal, no nothing. Just get on and go, baby. • Same question, but with simple PSK/WPA2 added. No ISE, no Clearpass, no MAC registrations. For those doing this, do you rate-limit? Restrict access only to Internet? Block WLAN clients from directly reaching each other? Any other restrictions/policy configs applied? Thanks, Lee Badman ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm
We (Smith College) run the same 3 SSID's in dorms and across campus: Eduroam; a RegisteredDevices Mac-auth config for wireless printers, apple TV's and such; and "Connect2Smith", a WPA2 config for on-boarding, guests, and anyone who is too lazy/incompetent to use the others. None are rate-limited or restricted in any way, but if you need to connect to wireless printers, apple TV's, and such, you need to be fully authenticated on either Eduroam or RegisteredDevices so Aruba can match you up and route your traffic appropriately. - Eric On Fri, May 13, 2016 at 9:02 AM, Lee H Badmanwrote: > > I asked this back in February, and would like to go one more round with > some specifics applied. Direct response off-list is OK if you prefer. Let > me ask it two ways: > > >- Who runs a wide-open WLAN in their dorms? I’m talking no encryption, >no portal, no nothing. Just get on and go, baby. >- Same question, but with simple PSK/WPA2 added. > > > No ISE, no Clearpass, no MAC registrations. For those doing this, do you > rate-limit? Restrict access only to Internet? Block WLAN clients from > directly reaching each other? Any other restrictions/policy configs applied? > > Thanks, > > Lee Badman > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm
Westmont was wide open and is now non-open in the dorms. There are selected placed on campus and selected times on campus when wireless is opened up. John On Fri, May 13, 2016 at 8:50 AM, Brian Helman <bhel...@salemstate.edu> wrote: > Lee, I posed this question back at NERCOMP. You may want to also know the > answer to “who has done this and switched back to a non-open environment?”. > > > > -Brian > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman > *Sent:* Friday, May 13, 2016 9:02 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] One more round- finer point on Open Networks in > Dorm > > > > > > I asked this back in February, and would like to go one more round with > some specifics applied. Direct response off-list is OK if you prefer. Let > me ask it two ways: > > > > · Who runs a wide-open WLAN in their dorms? I’m talking no > encryption, no portal, no nothing. Just get on and go, baby. > > · Same question, but with simple PSK/WPA2 added. > > > > No ISE, no Clearpass, no MAC registrations. For those doing this, do you > rate-limit? Restrict access only to Internet? Block WLAN clients from > directly reaching each other? Any other restrictions/policy configs applied? > > > > Thanks, > > > > Lee Badman > > > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.