Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Chace, Daniel]

We replaced our SSID last year with eduroam as the primary, and it has been a 
success.  It helped that we rolled out TLS at the same time.
Users have been happy that they automatically connect when visiting campuses 
that participate.




-
Daniel Chace
Director, Network and System Infrastructure
Southern Illinois University Edwardsville
Information Technology Services
dch...@siue.edu




On Nov 10, 2016, at 10:04 PM, Becker, Jason 
> wrote:

We're getting ready to reduce the number of ssid that we have across Campus and 
one idea is to use edroam as our main 802.1x secure ssid.  Is anyone else doing 
this and if so how is it going?



Thanks,
Jason
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Jeremy Mooney]

We went that way. It was a relatively easy decision given our old radius
cert was expiring and everyone would need to reconfigure anyways. We just
used the opportunity to transition to eduroam instead.

We wanted to enforce proper username syntax (both for roaming, and to push
CAT so CAs get set up properly), but also allow domain-joined computers to
authenticate pre-login (on campus - it's not allowed roaming anyways).
That's primarily so non-cached-users can log in, but also useful for
management. Our solution was two profiles on Windows - an "eduroam" one
that's user-entered credentials for roaming, and a "Bethel eduroam" using
machine-credentials for local/default. We then allow windows host syntax
(but not windows user syntax) along with the usual user@realm on the radius
side. A nice side benefit is the network side doesn't have the user
identity, and the having to pull data from an unrelated system discourages
inappropriate user-ip data correlation.


On Thu, Nov 10, 2016 at 10:04 PM, Becker, Jason  wrote:

> We're getting ready to reduce the number of ssid that we have across
> Campus and one idea is to use edroam as our main 802.1x secure ssid.  Is
> anyone else doing this and if so how is it going?
>
>
>
>
> Thanks,
>
> Jason
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>


-- 
Jeremy Mooney
ITS - Bethel University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Tony Skalski]

We moved to just eduroam and a guest SSID this fall. We used the eduroam
CAT tools to get users onboard and those have worked well. And when a few
users with new Google Pixels (Android 7.1) could not use the CAT tool, the
issue was corrected within 2 days.

ajs

On Fri, Nov 11, 2016 at 10:22 AM, Hunter Fuller  wrote:

> We are moving in this direction. We will have eduroam and one wide-open
> ESSID for connection instructions and non-dot1X devices.
>
> On Thursday, November 10, 2016, Becker, Jason  wrote:
>
>> We're getting ready to reduce the number of ssid that we have across
>> Campus and one idea is to use edroam as our main 802.1x secure ssid.  Is
>> anyone else doing this and if so how is it going?
>>
>>
>>
>>
>> Thanks,
>>
>> Jason
>> ** Participation and subscription information for this EDUCAUSE
>> Constituent Group discussion list can be found at
>> http://www.educause.edu/groups/.
>>
>>
>
> --
>
> --
> Hunter Fuller
> Network Engineer
> VBRH Annex B-1
> +1 256 824 5331
>
> Office of Information Technology
> The University of Alabama in Huntsville
> Systems and Infrastructure
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>


-- 
Tony Skalski
Systems Administrator
a...@stolaf.edu
507-786-3227
St. Olaf College
Information Technology
1510 St. Olaf Avenue
Northfield, MN55057-1097

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Hunter Fuller]

We are moving in this direction. We will have eduroam and one wide-open
ESSID for connection instructions and non-dot1X devices.

On Thursday, November 10, 2016, Becker, Jason  wrote:

> We're getting ready to reduce the number of ssid that we have across
> Campus and one idea is to use edroam as our main 802.1x secure ssid.  Is
> anyone else doing this and if so how is it going?
>
>
>
>
> Thanks,
>
> Jason
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at http://www.educause.edu/
> groups/.
>
>

-- 

--
Hunter Fuller
Network Engineer
VBRH Annex B-1
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Frans Panken]

Using eduroam as a single SSID is a common approach in the Netherlands (and 
other countries in Europe). Using eduroam at your own institution significantly 
reduces the questions at the helpdesk when users are at a location where they 
offer eduroam. Various user groups (student/staff/extern) can easily be mapped 
on different VLANs as a result of RAIDUS attributes. All enterprise Wi-Fi 
solutions support that. A VLAN between two controllers of nearby sites is 
another way to resolve the sitution Jerry revers to. 
In the NL, we have a site that give people insight if there are problems with 
eduroam at other locations: 
https://www.eduroam.nl/netwerk-status/geen-storingen 

-Frans

On 11/11/2016, 14:03, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Manon Lessard"  wrote:

Hi

Jerry's comment reminds me: we have sites that are close to another 
university's and it has created weird things a few times where the STAs  will 
associate with the other U's Wi-Fi instead of ours and thus cannot access 
everything that's available on campus. We mitigated it by working with the 
other U to tweak coverage.


Manon Lessard
Technicienne en développement de systèmes 
CCNP, CWNA
Direction des technologies de l'information 
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada
418 656-2131, poste 12853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca
www.dti.ulaval.ca
Avis relatif à la confidentialité | Notice of Confidentiality 
 

**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] edroam as main 802.1x ssid

[Legge, Jeffry]

Do you use Cisco Wifi phones. If so do you plan on using the everything else 
SSID for wifi phones?

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Friday, November 11, 2016 7:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] edroam as main 802.1x ssid

On 11/10/2016 11:04 PM, Becker, Jason wrote:
> We're getting ready to reduce the number of ssid that we have across Campus 
> and one idea is to use edroam as our main
> 802.1x secure ssid.  Is anyone else doing this and if so how is it going?
>
>
>


We are attempting to get down to two, eduroam as the main ssid and one for 
everything else.   IT is going fine, adaption 
is slow just because we have a lot of people already configured for the other 
ssid.   The only issue I have heard of, is 
if you have other entities using eduroam that are close it causes issues, we do 
not.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] edroam as main 802.1x ssid

[Manon Lessard]

Hi

Jerry's comment reminds me: we have sites that are close to another 
university's and it has created weird things a few times where the STAs  will 
associate with the other U's Wi-Fi instead of ours and thus cannot access 
everything that's available on campus. We mitigated it by working with the 
other U to tweak coverage.


Manon Lessard
Technicienne en développement de systèmes 
CCNP, CWNA
Direction des technologies de l'information 
Pavillon Louis-Jacques-Casault
1055, avenue du Séminaire
Bureau 0403
Université Laval, Québec (Québec)
G1V 0A6, Canada
418 656-2131, poste 12853
Télécopieur : 418 656-7305
manon.less...@dti.ulaval.ca
www.dti.ulaval.ca
Avis relatif à la confidentialité | Notice of Confidentiality 
 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] edroam as main 802.1x ssid

[Bucklaew, Jerry]

On 11/10/2016 11:04 PM, Becker, Jason wrote:
> We're getting ready to reduce the number of ssid that we have across Campus 
> and one idea is to use edroam as our main
> 802.1x secure ssid.  Is anyone else doing this and if so how is it going?
>
>
>


We are attempting to get down to two, eduroam as the main ssid and one for 
everything else.   IT is going fine, adaption 
is slow just because we have a lot of people already configured for the other 
ssid.   The only issue I have heard of, is 
if you have other entities using eduroam that are close it causes issues, we do 
not.


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.