subject:"\[WIRELESS\-LAN\] One more round\- finer point on Open Networks in Dorm"

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

2016-05-17 Thread Jeremy Mooney

Android at least flags networks "No internet access detected, won't
automatically connect" if probes fail. This does happen on known/saved
networks if they fail long enough, but seems very quick for an
automatically found open network. I could see that behavior causing a
significant reduction in steady state DHCP usage if a portal is in place,
although could still result in bursts of many leases used one time whenever
large numbers of new devices arrive (beginning of terms, large guest
events). Although occasionally filling up due to guests for short intervals
may be not as big of a deal if all the usual devices already have leases
then (especially if most student/employee mobile devices are on a pool
behind 802.1x anyways and open is TVs and game consoles and such).

On Tue, May 17, 2016 at 6:27 AM, Osborne, Bruce W (Network Services) <
bosbo...@liberty.edu> wrote:

> I can only speak from our experience.
>
>
>
> We went from portal to no-portal and saw a large increase in dhcp lease
> usage.
>
>
>
> As best as we can determine, if there is not a portal, many mobile clients
> keep probing to verify that Internet access is still available. This lets
> the device inform the user there is a usable wireless Internet connection
> available.
>
>
>
> If there is a portal, they seem probe less aggressively.
>
>
>
> 
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Trent Hurt [mailto:trent.h...@louisville.edu]
> *Sent:* Monday, May 16, 2016 9:15 AM
>
> *Subject:* Re: One more round- finer point on Open Networks in Dorm
>
>
>
> I’m curious how a portal solves dhcp capacity issues.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Osborne, Bruce W
> (Network Services)
> *Sent:* Monday, May 16, 2016 7:51 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] One more round- finer point on Open
> Networks in Dorm
>
>
>
>
>
> Agreed.
>
>
>
> We had a wide open Guest network for a while until there were DHCP
> capacity issues. We then inserted a portal to fix that.
>
> 
>
>
>
> *Bruce Osborne*
>
> *Wireless Engineer*
>
> *IT Network Services - Wireless*
>
>
>
> *(434) 592-4229 <%28434%29%20592-4229>*
>
>
>
> *LIBERTY UNIVERSITY*
>
> *Training Champions for Christ since 1971*
>
>
>
> *From:* Brian Helman [mailto:bhel...@salemstate.edu
> <bhel...@salemstate.edu>]
> *Sent:* Friday, May 13, 2016 11:50 AM
> *Subject:* Re: One more round- finer point on Open Networks in Dorm
>
>
>
> Lee, I posed this question back at NERCOMP.  You may want to also know the
> answer to “who has done this and switched back to a non-open environment?”.
>
>
>
> -Brian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Lee H Badman
> *Sent:* Friday, May 13, 2016 9:02 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] One more round- finer point on Open Networks in
> Dorm
>
>
>
>
>
> I asked this back in February, and would like to go one more round with
> some specifics applied. Direct response off-list is OK if you prefer. Let
> me ask it two ways:
>
>
>
> ·Who runs a wide-open WLAN in their dorms? I’m talking no
> encryption, no portal, no nothing. Just get on and go, baby.
>
> ·Same question, but with simple PSK/WPA2 added.
>
>
>
> No ISE, no Clearpass, no MAC registrations. For those doing this, do you
> rate-limit? Restrict access only to Internet? Block WLAN clients from
> directly reaching each other? Any other restrictions/policy configs applied?
>
>
>
> Thanks,
>
>
>
> Lee Badman
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwMGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=TvAuSlsREJ9X4N_0i1peynRMWzLje-rUZgvK4XBcmBM=1zgjb1XO7lBZgQbZKKuvJWqf2FVPCmM4OFuPVX6nPX8=>.
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

2016-05-14 Thread Frank Sweetser

(I feel like any answers to this question should be told around a campfire at 
night with a flashlight under your chin...)


This was probably pushing ten years ago, but we once visited another 
institution that had a completely open policy.  It was not working out well 
for them.  They had three basic problems with it:


 - No per-user authentication or registration at all meant no way to track 
down the responsible party for a given machine.  (Other places have done log 
analysis to mitigate this, doing things like cross referencing domain and 
email logins to map username to IP addresses, but they didn't have any of that 
infrastructure set up.)


 - Their buildings were physically intermingled with unaffiliated residential 
areas.  This plus the complete lack of access control meant they had to budget 
resources, most notably upstream bandwidth and IP subnet sizes, to account for 
both their own population and any neighbors who figured out they could get 
free internet.


 - By setting the bar so low, they had a very uphill battle imposing any kind 
of controls at all on their user base.


The overall end result was lots of intermittent problems that led to lots of 
user complaints about unreliable wireless, no good way to track down the 
source(s) of the problems, and an administration resistant to implementing any 
substantial changes.


Frank Sweetser fs at wpi.edu|  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |   - HL Mencken

On 5/13/2016 9:02 AM, Lee H Badman wrote:


I asked this back in February, and would like to go one more round with some
specifics applied. Direct response off-list is OK if you prefer. Let me ask it
two ways:


  * Who runs a wide-open WLAN in their dorms? I’m talking no encryption, no
portal, no nothing. Just get on and go, baby.
  * Same question, but with simple PSK/WPA2 added.


No ISE, no Clearpass, no MAC registrations. For those doing this, do you
rate-limit? Restrict access only to Internet? Block WLAN clients from directly
reaching each other? Any other restrictions/policy configs applied?

Thanks,

Lee Badman

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

2016-05-13 Thread Thomas Carter

Can you explain why you made the switch?

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of John Rodkey
Sent: Friday, May 13, 2016 1:45 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

Westmont was wide open and is now non-open in the dorms.  There are selected 
placed on campus and selected times on campus when wireless is opened up.
John

On Fri, May 13, 2016 at 8:50 AM, Brian Helman 
<bhel...@salemstate.edu<mailto:bhel...@salemstate.edu>> wrote:
Lee, I posed this question back at NERCOMP.  You may want to also know the 
answer to “who has done this and switched back to a non-open environment?”.

-Brian

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>]
 On Behalf Of Lee H Badman
Sent: Friday, May 13, 2016 9:02 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

I asked this back in February, and would like to go one more round with some 
specifics applied. Direct response off-list is OK if you prefer. Let me ask it 
two ways:

• Who runs a wide-open WLAN in their dorms? I’m talking no encryption, 
no portal, no nothing. Just get on and go, baby.
• Same question, but with simple PSK/WPA2 added.

No ISE, no Clearpass, no MAC registrations. For those doing this, do you 
rate-limit? Restrict access only to Internet? Block WLAN clients from directly 
reaching each other? Any other restrictions/policy configs applied?

Thanks,

Lee Badman

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

2016-05-13 Thread Eric Brewer

We (Smith College) run the same 3 SSID's in dorms and across campus:
Eduroam; a RegisteredDevices Mac-auth config for wireless printers, apple
TV's and such; and "Connect2Smith", a WPA2 config for on-boarding, guests,
and anyone who is too lazy/incompetent to use the others.  None are
rate-limited or restricted in any way, but if you need to connect to
wireless printers, apple TV's, and such, you need to be fully authenticated
on either Eduroam or RegisteredDevices so Aruba can match you up and route
your traffic appropriately.

- Eric

On Fri, May 13, 2016 at 9:02 AM, Lee H Badman  wrote:

>
> I asked this back in February, and would like to go one more round with
> some specifics applied. Direct response off-list is OK if you prefer. Let
> me ask it two ways:
>
>
>- Who runs a wide-open WLAN in their dorms? I’m talking no encryption,
>no portal, no nothing. Just get on and go, baby.
>- Same question, but with simple PSK/WPA2 added.
>
>
> No ISE, no Clearpass, no MAC registrations. For those doing this, do you
> rate-limit? Restrict access only to Internet? Block WLAN clients from
> directly reaching each other? Any other restrictions/policy configs applied?
>
> Thanks,
>
> Lee Badman
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

2016-05-13 Thread John Rodkey

Westmont was wide open and is now non-open in the dorms.  There are
selected placed on campus and selected times on campus when wireless is
opened up.

John

On Fri, May 13, 2016 at 8:50 AM, Brian Helman <bhel...@salemstate.edu>
wrote:

> Lee, I posed this question back at NERCOMP.  You may want to also know the
> answer to “who has done this and switched back to a non-open environment?”.
>
>
>
> -Brian
>
>
>
> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman
> *Sent:* Friday, May 13, 2016 9:02 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] One more round- finer point on Open Networks in
> Dorm
>
>
>
>
>
> I asked this back in February, and would like to go one more round with
> some specifics applied. Direct response off-list is OK if you prefer. Let
> me ask it two ways:
>
>
>
> · Who runs a wide-open WLAN in their dorms? I’m talking no
> encryption, no portal, no nothing. Just get on and go, baby.
>
> · Same question, but with simple PSK/WPA2 added.
>
>
>
> No ISE, no Clearpass, no MAC registrations. For those doing this, do you
> rate-limit? Restrict access only to Internet? Block WLAN clients from
> directly reaching each other? Any other restrictions/policy configs applied?
>
>
>
> Thanks,
>
>
>
> Lee Badman
>
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

RE: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

Re: [WIRELESS-LAN] One more round- finer point on Open Networks in Dorm

5 matches

Site Navigation

Mail list logo

Footer information