It is amazing how many times this question pops up! (Public) Universities are supposed to do public service, which should by all means include net access to all visitors. Question of how much you should spend it completely separate from that. Ideally, you would only protect your network from guests and provide best-effort 'be-a-good-net-citizen" towards the rest of internet. Limiting BW they consume is an OK measure, too. I don't see a point of limiting applications. We get too concerned about security, CALEA, etc.? How does Panera Bread or all those hotels you get free access deal with it? They probably don't! We monitor and occasionally take an action. It wold be good to have separate IP space for guests, but that is individually depending on University. If you're deploying dark fiber networks, you pay $10-20 per meg per month for Internet access. So, for <$200/mo you can provide nice access for all guests. That's a price of one good desktop PC per year! What we want is to discourage regular users bypassing regular network. So, you block access to your e-mail servers and other useful app servers and they probably won't even consider using it. Especially if you have BW control!
We're a large university with close to 2000 concurrent wireless users at peak times, generating around 60 Mbps of traffic. So for those few guests, 10 M or less should be sufficient. If you have a access control box (Vernier and such) available that is very nice to use, otherwise routers can provide plenty of BW control (e.g. ISDN quality per user). It is really a cheap solution, it you just for a second forget all probably-will-never-happen security incidents. Security incidents on wireless are not even a percent of work created for security groups. They continue to deal with worms, virus infections, RIAA and such, and that is where money gets spent. Assuming you use VLAN/SSID solution and existing wireless nad wired infrastructure, cost is really minimal. So, free your mind! And serve better your community AND guests! Regards, -Predrag P.S. U. of TN is considering this model for guest access. Currently, we allow folks associated with university to sponsor/register guests. And guests get the same treatment as regular users (i.e. no app/BW control). P.P.S. Do you thing that free/anonimous access at Panera and hotels will disappear with CALEA? I don't! Too many people and businesses like it! --------------------------------------------------------------------- Predrag Radulovic Phone: (865) 974-0301 IT Administrator III OIT - Network Services Fax: (865) 974-3531 108 James D Hoskins Library 1400 Cumberland Ave University of Tennessee, E-mail: [EMAIL PROTECTED] Knoxville, TN 37996-4005 http://www.predrag.us --------------------------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
