Have any others followed this model? It's intriguing. Additional cases/anecdotes would help, as we're looking at models too...
Thanks.
--
------------------------------------------------------------ Gary Dobbins, CISSP -- [EMAIL PROTECTED] Director, Information Security University of Notre Dame, Office of Information Technologies Voice: 574.631.5554 ------------------------------------------------------------
Daniel Medina wrote:
It might be worth looking into whether you really need to perform network registration. The "free love" model is working on our 200+ node wireless network.
"Free Love" and Secured Services http://www.educause.edu/asp/doclib/abstract.asp?ID=ERM0266
(Just another take on network registration)
On Wed, Dec 03, 2003 at 05:10:40PM -0600, Martin Jr., D. Michael wrote:
I was wondering what type of network registration for student wireless users various individuals are using out there.
I have looked at BlueSocket and Vernier (and the HP authentication box which is really a Vernier box with an HP logo). This looks very interesting but very expensive on a deployment scale (for a really good implementation and good bandwidth it appears you would need several boxes).
I have looked at 802.1x but both or campus and, more importantly our students, are not really ready for the necessary supplicants. 802.1x seems to be a logical next step for us but I am still stuck with some hubs out there in my infrastructure and no RADIUS server as of yet. Not to mention, all the variations with client configurations and possible needs to purchase 802.1x authentication clients.
For our setting (a small 4-year Liberal Arts institution with 3,000 students, hubs, and minimal Internet bandwidth) it seems that MAC-based RADIUS authentication is the way to go for us for now (then maybe EAP later). But here is the problem:
---We just implemented an in-house developed Network Registration process for our wired connection in our residence halls. These application seems to be the logical point to feed a RADIUS server with MAC-addresses. BUT, as I see it, we will have to have one VLAN/SSID for registration (and that is all) and another VLAN/SSID for network access that is MAC authenticated. This is doable but difficult for our clients/students. Is there anyway to automate this process?
(Just a quick note: Our students are having problems with the wired network registration as it is. We are pretty much a "Cisco shop", although we are branching out.)
Suggestions? Comments?
Thanks,
Michael Martin University of Montevallo
-- Dan Medina
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
