What about purely public. Sounds like Zobel does not let strangers on
during ball games, how about the rest of you? What about the neighbors
that live across the street or next door?
I am really trying to find an acceptable middle ground. I do not want
to go into the ISP business, but I want to share this resource with my
community.
--Michael T. Bendorf--
Technology Administrator
A-C Central C.U.S.D. #262
217.476.3312 ext. 2019
Cellular: 217.306.6824
"I'm trying to teach myself to ask the same questions that you do
during your lectures so that I do not need you any more."
A good teacher is like a candle - it consumes itself to light the way
for others.
"The computer revolution hasn't started yet. Don't be misled by the
enormous flow of money into bad defacto standards for unsophisticated
buyers using poor adaptations of incomplete ideas."
- Alan Kay
On Thu, Oct 21, 2010 at 11:16 AM, Daniel Zobel <zob...@husd4.k12.il.us
<mailto:zob...@husd4.k12.il.us>> wrote:
I haven't changed anything specifically in my AUP, but I probably
should, this was kind of the trial run to see if people used it
and how it worked. I only really have students on and they have
all signed an AUP. I don't have a user authentication trail, but
I have their MAC address in the wireless and can see them move
around from AP to AP. The filter records everything so I have a
trail that way too and the filter is really locked down. I had to
open it a little because yahoo was fully blocked. They can't do
anything that I would block on the regular side, so webmail,
myspace and facebook are blocked. They can search and look up
general stuff. I have DHCP so I can see the name of the device so
in our school I could look through Skyward and have staff pick out
the student who had the device. If I found something funny I can
block the MAC right on the wireless and then they are done. I
have not heard complaints about I can't get to this site. I think
most students think that they are being sneeky because they are on
the wireless. They aren't suppose to have the devices out during
the school day so there isn't much traffic.
I have had our wireless up for 2 years and had students ask when
is it going to get opened up and I always told them I wasn't until
I could control it. What I want to do is connect everything via
LDAP, but Ruckus hasn't pushed out the eDir LDAP part. So if I
switch to Windows I can have direct user authentication and would
bring students in under that, but still keep them tunneled to the
outside world. With staff I create a user on the wireless and it
manages the user by installing a program on the device to set
everything up from what SSID it uses to the group they are in.
The stuff I am more worried about is the MI-Fi's that is see come
up on the wireless system and other things like that can allow
others to access. Even our iMacs can turn into a hot spot so I am
happy with the guest part.
Dan
>>> "Michael T. Bendorf" <bendo...@a-ccentral.us
<mailto:bendo...@a-ccentral.us>> 10/21/2010 9:57 AM >>>
Dan, that is awesome and exactly what I am planning to do over the
next couple weeks, but did you add any verbage to your AUP to
address it. Also, how do you handle abuse without an associated
AAA trail?
--Michael T. Bendorf--
Technology Administrator
A-C Central C.U.S.D. #262
Google Voice: 217.408.0043
"I'm trying to teach myself to ask the same questions that you do
during your lectures so that I do not need you any more."
A good teacher is like a candle - it consumes itself to light the
way for others.
"The computer revolution hasn't started yet. Don't be misled by
the enormous flow of money into bad defacto standards for
unsophisticated buyers using poor adaptations of incomplete ideas."
- Alan Kay
On Thu, Oct 21, 2010 at 9:53 AM, Daniel Zobel
<zob...@husd4.k12.il.us <mailto:zob...@husd4.k12.il.us>> wrote:
This is one on the things I love about my Ruckus system. It
has a built I'm guest ssid that I put on it's own vlan and it
auto tunnels to the outside. It has an aup that says you are
under the schools agreement of the aup. I have to give rights
to the tunnel to hit our webserver. With my filter, cynphonix,
then it is set to even stricter settings then student
filtering, but they can still do what they want for the basic
stuff. I also put the filter on a time limit so the guest only
works from 7:45 - 4:00 during the weekday. I also put a
bandwidth limit that allows only a trickle up and down. The
majority of people use it for their iPods. Some students bring
in a laptop. It works really well.
Dan
Sent from my iPhone
On Oct 21, 2010, at 9:35 AM, Ben Story <ben.st...@gmail.com
<mailto:ben.st...@gmail.com>> wrote:
In the Cisco controllers there is the concept of a lobby
ambassador role. This person is given access to the
controllers and is allowed to create a temporary username and
password for the guest network. the guest is then prompted by
a capture portal for those credentials along with the AUP. In
this scenario, the school secretary or someone like that
would have to give the person access. Not great for sporting
events, but during the day it would work well and keep the
kids off the guest network.
On Thu, Oct 21, 2010 at 9:16 AM, Michael T. Bendorf
<bendo...@a-ccentral.us <mailto:bendo...@a-ccentral.us>> wrote:
right - sure - just MAY - but I agree that it is expected
and frankly: we want to offer it.
I just want to document it and have policy to point to:
right now our AUP is written in language that assumes the
user is logging into AD with assigned credentials.
Public access does away with most of Authentication,
Authorization, and Accounting (AAA.) It also seems to
open a door for students to jump over to the public side
with whatever device they have brought in to get online
without leaving an obvious trail. The content would still
be filtered, but the AAA is gone...
--Michael T. Bendorf--
Technology Administrator
A-C Central C.U.S.D. #262
Google Voice: 217.408.0043
"I'm trying to teach myself to ask the same questions
that you do during your lectures so that I do not need
you any more."
A good teacher is like a candle - it consumes itself to
light the way for others.
"The computer revolution hasn't started yet. Don't be
misled by the enormous flow of money into bad defacto
standards for unsophisticated buyers using poor
adaptations of incomplete ideas."
- Alan Kay
On Thu, Oct 21, 2010 at 9:11 AM, Bob Morse
<bmo...@d168.org <mailto:bmo...@d168.org>> wrote:
The new e-rate rules do not mandate that if our
Internet access is paid for
by e-rate that we MUST give access to the public.
-----Original Message-----
From: tech-geeks-boun...@tech-geeks.org
<mailto:tech-geeks-boun...@tech-geeks.org>
[mailto:tech-geeks-boun...@tech-geeks.org
<mailto:tech-geeks-boun...@tech-geeks.org>] On Behalf
Of JimHays
Sent: Thursday, October 21, 2010 8:52 AM
To: Tech-Geeks Mailing List
Subject: Re: [tech-geeks] Public Wireless access policy
At some point we need to understand and realize that
we are not in a
corporation but we are a public service institution
paid for by public
money. With the proliferation of wireless devices -
and wait until
Christmas this year when almost EVERYONE will have
either a smartphone
or some kind of wireless Internet device - the public
will expect to
have access when they attend school events. We can't
just hid behind
our conservative, staff-only, policies. We need to
adjust with the
times and give the public what is expected. Even USAC
realizes this now
with their new rule changes which allow public access
to school networks
paid for by E-Rate funds. (Be sure you understand
those rules before
giving public access to E-Rate funded Internet. At
this time we don't
use E-Rate to pay for our Internet so we are not
governed by those rules
even though our public access does fall under the new
rules' scope.)
Heath Henderson wrote:
> We have a similar stance but have to allow people
such as tri county
special ed doing IEP work and visiting student
teachers etc on at some
> Point. I don't like it but really what is stopping
them from jacking into
a port on the network and getting physical access
that way. Lesser of the
unhook of a cable is easier for me to deal with.
>
> -Heath Henderson
>
> On Oct 21, 2010, at 7:17 AM, Dan Ragen
<dera...@gmail.com <mailto:dera...@gmail.com>> wrote:
>
>
>> While I don't have a District wide or School wide
wireless system the
>> access points i do have a re for
>> District personnel only. I think that you may run
into trouble
>> letting others in. Think of it this way, Would you let
>> some one in on one of your desktops? I usually
take a very
>> conservative approach to this type of situation.
>>
>>
>> On Wed, Oct 20, 2010 at 5:33 PM, Michael T. Bendorf
>> <bendo...@a-ccentral.us
<mailto:bendo...@a-ccentral.us>> wrote:
>>
>>> Now that my wireless is installed (last AP fired
up this afternoon) I
have
>>> had requests for the password to get on.
>>> I have not provided that to anyone, but rather
explained that things
were
>>> not ready for public access yet...
>>> All of my district owned equipment has the PSK
and can connect as though
>>> they are hard wired...but I wonder what other
districts do for public
>>> access. For instance I had a student from the
neighboring district want
to
>>> get online here to do some homework before
practice (we co-op with this
>>> other school.) I really felt bad saying not yet -
but that is the truth
of
>>> it.
>>> We have an active directory and we push out
browser proxy settings via
GPO.
>>> Everyone must firs sign our current AUP and then
they must authenticate
with
>>> our CIPAFilter before egressing to the Internet.
I want to provide "the
>>> public" access to a filtered Internet experience.
I do not want visiting
>>> mobile devices to access anything other than the
public Internet. This
seems
>>> pretty strightforward, but something I have not
set up before.
>>> Even more than just the config of my HP ProCurve
MSM APs/Controller my
real
>>> question is how do you address this from a policy
point of view? Do you
have
>>> a separate document? Do you ask guests to sign
something? Click on
>>> something? Is it part of your general AUP? etc?.?.?.
>>>
>>> --Michael T. Bendorf--
>>> Technology Administrator
>>> A-C Central C.U.S.D. #262
>>> Google Voice: 217.408.0043
>>> "I'm trying to teach myself to ask the same
questions that you do during
>>> your lectures so that I do not need you any more."
>>>
>>> A good teacher is like a candle - it consumes
itself to light the way
for
>>> others.
>>>
>>> "The computer revolution hasn't started yet.
Don't be misled by the
enormous
>>> flow of money into bad defacto standards for
unsophisticated buyers
using
>>> poor adaptations of incomplete ideas."
>>> - Alan Kay
>>>
>>> | Subscription info at http://www.tech-geeks.org |
>>>
>>>
>>
>> --
>> Daniel E. Ragen
>> District Technology Coordinator
>> Dupo CUSD 196
>> 600 Louisa Ave
>> Dupo, IL 62239
>> Phone - 618-286-3214 x2141
>> dra...@dupo.stclair.k12.il.us
<mailto:dra...@dupo.stclair.k12.il.us>
>>
>> ''Life's tough ... it's even tougher if you're
stupid."
>> - John Wayne
>> | Subscription info at http://www.tech-geeks.org |
>>
> | Subscription info at http://www.tech-geeks.org |
>
| Subscription info at http://www.tech-geeks.org |
| Subscription info at http://www.tech-geeks.org |
| Subscription info at http://www.tech-geeks.org |
--
--
Ben Story
CCSP, CCNA, CCNA Wireless, CCDA
ben.st...@gmail.com <mailto:ben.st...@gmail.com>
"You cannot escape the responsibility of tomorrow by evading
it today. -- Abraham Lincoln
| Subscription info at http://www.tech-geeks.org |
| Subscription info at http://www.tech-geeks.org |
| Subscription info at http://www.tech-geeks.org |
------------------------------------------------------------------------
| Subscription info at http://www.tech-geeks.org |
