What about purely public. Sounds like Zobel does not let strangers on during ball games, how about the rest of you? What about the neighbors that live across the street or next door?
I am really trying to find an acceptable middle ground. I do not want to go into the ISP business, but I want to share this resource with my community. --Michael T. Bendorf-- Technology Administrator A-C Central C.U.S.D. #262 217.476.3312 ext. 2019 Cellular: 217.306.6824 "I'm trying to teach myself to ask the same questions that you do during your lectures so that I do not need you any more." A good teacher is like a candle - it consumes itself to light the way for others. "The computer revolution hasn't started yet. Don't be misled by the enormous flow of money into bad defacto standards for unsophisticated buyers using poor adaptations of incomplete ideas." - Alan Kay On Thu, Oct 21, 2010 at 11:16 AM, Daniel Zobel <zob...@husd4.k12.il.us>wrote: > I haven't changed anything specifically in my AUP, but I probably should, > this was kind of the trial run to see if people used it and how it worked. > I only really have students on and they have all signed an AUP. I don't > have a user authentication trail, but I have their MAC address in the > wireless and can see them move around from AP to AP. The filter records > everything so I have a trail that way too and the filter is really locked > down. I had to open it a little because yahoo was fully blocked. They > can't do anything that I would block on the regular side, so webmail, > myspace and facebook are blocked. They can search and look up general > stuff. I have DHCP so I can see the name of the device so in our school I > could look through Skyward and have staff pick out the student who had the > device. If I found something funny I can block the MAC right on the > wireless and then they are done. I have not heard complaints about I can't > get to this site. I think most students think that they are being sneeky > because they are on the wireless. They aren't suppose to have the devices > out during the school day so there isn't much traffic. > > I have had our wireless up for 2 years and had students ask when is it > going to get opened up and I always told them I wasn't until I could control > it. What I want to do is connect everything via LDAP, but Ruckus hasn't > pushed out the eDir LDAP part. So if I switch to Windows I can have direct > user authentication and would bring students in under that, but still keep > them tunneled to the outside world. With staff I create a user on the > wireless and it manages the user by installing a program on the device to > set everything up from what SSID it uses to the group they are in. > > The stuff I am more worried about is the MI-Fi's that is see come up on the > wireless system and other things like that can allow others to access. Even > our iMacs can turn into a hot spot so I am happy with the guest part. > > Dan > > >>> "Michael T. Bendorf" <bendo...@a-ccentral.us> 10/21/2010 9:57 AM >>> > > Dan, that is awesome and exactly what I am planning to do over the next > couple weeks, but did you add any verbage to your AUP to address it. Also, > how do you handle abuse without an associated AAA trail? > > --Michael T. Bendorf-- > Technology Administrator > A-C Central C.U.S.D. #262 > Google Voice: 217.408.0043 > > "I'm trying to teach myself to ask the same questions that you do during > your lectures so that I do not need you any more." > > A good teacher is like a candle - it consumes itself to light the way for > others. > > "The computer revolution hasn't started yet. Don't be misled by the > enormous flow of money into bad defacto standards for unsophisticated buyers > using poor adaptations of incomplete ideas." > - Alan Kay > > > > On Thu, Oct 21, 2010 at 9:53 AM, Daniel Zobel <zob...@husd4.k12.il.us>wrote: > >> This is one on the things I love about my Ruckus system. It has a built >> I'm guest ssid that I put on it's own vlan and it auto tunnels to the >> outside. It has an aup that says you are under the schools agreement of the >> aup. I have to give rights to the tunnel to hit our webserver. With my >> filter, cynphonix, then it is set to even stricter settings then student >> filtering, but they can still do what they want for the basic stuff. I also >> put the filter on a time limit so the guest only works from 7:45 - 4:00 >> during the weekday. I also put a bandwidth limit that allows only a trickle >> up and down. The majority of people use it for their iPods. Some students >> bring in a laptop. It works really well. >> >> Dan >> >> Sent from my iPhone >> >> On Oct 21, 2010, at 9:35 AM, Ben Story <ben.st...@gmail.com> wrote: >> >> In the Cisco controllers there is the concept of a lobby ambassador >> role. This person is given access to the controllers and is allowed to >> create a temporary username and password for the guest network. the guest is >> then prompted by a capture portal for those credentials along with the AUP. >> In this scenario, the school secretary or someone like that would have to >> give the person access. Not great for sporting events, but during the day it >> would work well and keep the kids off the guest network. >> >> On Thu, Oct 21, 2010 at 9:16 AM, Michael T. Bendorf <<bendo...@a-ccentral.us> >> bendo...@a-ccentral.us> wrote: >> >>> right - sure - just MAY - but I agree that it is expected and frankly: we >>> want to offer it. >>> I just want to document it and have policy to point to: right now our AUP >>> is written in language that assumes the user is logging into AD with >>> assigned credentials. >>> Public access does away with most of Authentication, Authorization, and >>> Accounting (AAA.) It also seems to open a door for students to jump over to >>> the public side with whatever device they have brought in to get online >>> without leaving an obvious trail. The content would still be filtered, but >>> the AAA is gone... >>> >>> >>> --Michael T. Bendorf-- >>> Technology Administrator >>> A-C Central C.U.S.D. #262 >>> Google Voice: 217.408.0043 >>> >>> "I'm trying to teach myself to ask the same questions that you do during >>> your lectures so that I do not need you any more." >>> >>> A good teacher is like a candle - it consumes itself to light the way for >>> others. >>> >>> "The computer revolution hasn't started yet. Don't be misled by the >>> enormous flow of money into bad defacto standards for unsophisticated buyers >>> using poor adaptations of incomplete ideas." >>> - Alan Kay >>> >>> >>> >>> On Thu, Oct 21, 2010 at 9:11 AM, Bob Morse < <bmo...@d168.org> >>> bmo...@d168.org> wrote: >>> >>>> The new e-rate rules do not mandate that if our Internet access is paid >>>> for >>>> by e-rate that we MUST give access to the public. >>>> >>>> -----Original Message----- >>>> From: <tech-geeks-boun...@tech-geeks.org> >>>> tech-geeks-boun...@tech-geeks.org >>>> [mailto: <tech-geeks-boun...@tech-geeks.org> >>>> tech-geeks-boun...@tech-geeks.org] On Behalf Of JimHays >>>> Sent: Thursday, October 21, 2010 8:52 AM >>>> To: Tech-Geeks Mailing List >>>> Subject: Re: [tech-geeks] Public Wireless access policy >>>> >>>> At some point we need to understand and realize that we are not in a >>>> corporation but we are a public service institution paid for by public >>>> money. With the proliferation of wireless devices - and wait until >>>> Christmas this year when almost EVERYONE will have either a smartphone >>>> or some kind of wireless Internet device - the public will expect to >>>> have access when they attend school events. We can't just hid behind >>>> our conservative, staff-only, policies. We need to adjust with the >>>> times and give the public what is expected. Even USAC realizes this now >>>> with their new rule changes which allow public access to school networks >>>> paid for by E-Rate funds. (Be sure you understand those rules before >>>> giving public access to E-Rate funded Internet. At this time we don't >>>> use E-Rate to pay for our Internet so we are not governed by those rules >>>> even though our public access does fall under the new rules' scope.) >>>> >>>> Heath Henderson wrote: >>>> > We have a similar stance but have to allow people such as tri county >>>> special ed doing IEP work and visiting student teachers etc on at some >>>> > Point. I don't like it but really what is stopping them from jacking >>>> into >>>> a port on the network and getting physical access that way. Lesser of >>>> the >>>> unhook of a cable is easier for me to deal with. >>>> > >>>> > -Heath Henderson >>>> > >>>> > On Oct 21, 2010, at 7:17 AM, Dan Ragen < <dera...@gmail.com> >>>> dera...@gmail.com> wrote: >>>> > >>>> > >>>> >> While I don't have a District wide or School wide wireless system the >>>> >> access points i do have a re for >>>> >> District personnel only. I think that you may run into trouble >>>> >> letting others in. Think of it this way, Would you let >>>> >> some one in on one of your desktops? I usually take a very >>>> >> conservative approach to this type of situation. >>>> >> >>>> >> >>>> >> On Wed, Oct 20, 2010 at 5:33 PM, Michael T. Bendorf >>>> >> < <bendo...@a-ccentral.us>bendo...@a-ccentral.us> wrote: >>>> >> >>>> >>> Now that my wireless is installed (last AP fired up this afternoon) >>>> I >>>> have >>>> >>> had requests for the password to get on. >>>> >>> I have not provided that to anyone, but rather explained that things >>>> were >>>> >>> not ready for public access yet... >>>> >>> All of my district owned equipment has the PSK and can connect as >>>> though >>>> >>> they are hard wired...but I wonder what other districts do for >>>> public >>>> >>> access. For instance I had a student from the neighboring district >>>> want >>>> to >>>> >>> get online here to do some homework before practice (we co-op with >>>> this >>>> >>> other school.) I really felt bad saying not yet - but that is the >>>> truth >>>> of >>>> >>> it. >>>> >>> We have an active directory and we push out browser proxy settings >>>> via >>>> GPO. >>>> >>> Everyone must firs sign our current AUP and then they must >>>> authenticate >>>> with >>>> >>> our CIPAFilter before egressing to the Internet. I want to provide >>>> "the >>>> >>> public" access to a filtered Internet experience. I do not want >>>> visiting >>>> >>> mobile devices to access anything other than the public Internet. >>>> This >>>> seems >>>> >>> pretty strightforward, but something I have not set up before. >>>> >>> Even more than just the config of my HP ProCurve MSM APs/Controller >>>> my >>>> real >>>> >>> question is how do you address this from a policy point of view? Do >>>> you >>>> have >>>> >>> a separate document? Do you ask guests to sign something? Click on >>>> >>> something? Is it part of your general AUP? etc?.?.?. >>>> >>> >>>> >>> --Michael T. Bendorf-- >>>> >>> Technology Administrator >>>> >>> A-C Central C.U.S.D. #262 >>>> >>> Google Voice: 217.408.0043 >>>> >>> "I'm trying to teach myself to ask the same questions that you do >>>> during >>>> >>> your lectures so that I do not need you any more." >>>> >>> >>>> >>> A good teacher is like a candle - it consumes itself to light the >>>> way >>>> for >>>> >>> others. >>>> >>> >>>> >>> "The computer revolution hasn't started yet. Don't be misled by the >>>> enormous >>>> >>> flow of money into bad defacto standards for unsophisticated buyers >>>> using >>>> >>> poor adaptations of incomplete ideas." >>>> >>> - Alan Kay >>>> >>> >>>> >>> | Subscription info at <http://www.tech-geeks.org> >>>> http://www.tech-geeks.org | >>>> >>> >>>> >>> >>>> >> >>>> >> -- >>>> >> Daniel E. Ragen >>>> >> District Technology Coordinator >>>> >> Dupo CUSD 196 >>>> >> 600 Louisa Ave >>>> >> Dupo, IL 62239 >>>> >> Phone - 618-286-3214 x2141 >>>> >> <dra...@dupo.stclair.k12.il.us>dra...@dupo.stclair.k12.il.us >>>> >> >>>> >> ''Life's tough ... it's even tougher if you're stupid." >>>> >> - John Wayne >>>> >> | Subscription info at <http://www.tech-geeks.org> >>>> http://www.tech-geeks.org | >>>> >> >>>> > | Subscription info at <http://www.tech-geeks.org> >>>> http://www.tech-geeks.org | >>>> > >>>> >>>> | Subscription info at <http://www.tech-geeks.org> >>>> http://www.tech-geeks.org | >>>> >>>> >>>> | Subscription info at <http://www.tech-geeks.org> >>>> http://www.tech-geeks.org | >>>> >>> >>> >>> | Subscription info at <http://www.tech-geeks.org> >>> http://www.tech-geeks.org | >>> >> >> >> >> -- >> -- >> Ben Story >> CCSP, CCNA, CCNA Wireless, CCDA >> <ben.st...@gmail.com>ben.st...@gmail.com >> >> "You cannot escape the responsibility of tomorrow by evading it today. -- >> Abraham Lincoln >> >> | Subscription info at http://www.tech-geeks.org | >> >> >> | Subscription info at http://www.tech-geeks.org | >> > > > | Subscription info at http://www.tech-geeks.org | >
| Subscription info at http://www.tech-geeks.org |
