I work at a hospital, not a school, but we have a similar conundrum between being nice and being secure. What we have setup is a separate Guest SSID that is tunneled by the controllers to a small controller that sits in our DMZ. The guest hosts are given Internet access, but are segregated by the firewall to keep them from accessing any of our internal network nodes.
On Wed, Oct 20, 2010 at 5:33 PM, Michael T. Bendorf <bendo...@a-ccentral.us>wrote: > Now that my wireless is installed (last AP fired up this afternoon) I have > had requests for the password to get on. > I have not provided that to anyone, but rather explained that things were > not ready for public access yet... > > All of my district owned equipment has the PSK and can connect as though > they are hard wired...but I wonder what other districts do for public > access. For instance I had a student from the neighboring district want to > get online here to do some homework before practice (we co-op with this > other school.) I really felt bad saying not yet - but that is the truth of > it. > > We have an active directory and we push out browser proxy settings via GPO. > Everyone must firs sign our current AUP and then they must authenticate with > our CIPAFilter before egressing to the Internet. I want to provide "the > public" access to a filtered Internet experience. I do not want visiting > mobile devices to access anything other than the public Internet. This seems > pretty strightforward, but something I have not set up before. > > Even more than just the config of my HP ProCurve MSM APs/Controller my real > question is how do you address this from a policy point of view? Do you have > a separate document? Do you ask guests to sign something? Click on > something? Is it part of your general AUP? etc?.?.?. > > > --Michael T. Bendorf-- > Technology Administrator > A-C Central C.U.S.D. #262 > Google Voice: 217.408.0043 > > "I'm trying to teach myself to ask the same questions that you do during > your lectures so that I do not need you any more." > > A good teacher is like a candle - it consumes itself to light the way for > others. > > "The computer revolution hasn't started yet. Don't be misled by the > enormous flow of money into bad defacto standards for unsophisticated buyers > using poor adaptations of incomplete ideas." > - Alan Kay > > > | Subscription info at http://www.tech-geeks.org | > -- -- Ben Story CCSP, CCNA, CCNA Wireless, CCDA ben.st...@gmail.com "You cannot escape the responsibility of tomorrow by evading it today. -- Abraham Lincoln
| Subscription info at http://www.tech-geeks.org |
