Mike, I'm not sure what your goal is.... are you offering the webpage bypass for devices that cannot display the page (Mobile devices/cellphones), or are you just offering ANY faculty and staff device the option of bypassing the webpage? (IE laptops)
but I can offer this: You can have 1 SSID performing 802.1x. That SSID can put users on different VLANs based on group membership. You could theorectially have faculty and staff dropped on a different VLAN that does not even terminate on the bluesocket device, and students put on a 2nd VLAN that does terminate on the bluesocket device. My point would be, with 802.1x and WPA2, you would not need a web-authentication portal, since you will always know what user is associated based on the RADIUS logs / WCS Display. I wouldn't even think that you would need to have the students on the the bluesocket. Now, if you use the bluesocket for anything more than as a authentication gateway (remediation, access control, etc.... ) then this might not apply so much to you. On Fri, Jun 26, 2009 at 5:03 PM, Williams, Mr. Michael < [email protected]> wrote: > > > We are currently in the process of setting up our WISM and WCS server and > plan on putting it into production in the fall. We also have 86 autonomous > APs which will be converted over to Light AP. We currently have a > Bluesocket device which is used as an authentication gateway. Bluesocket > allows me to store MAC address (mostly IPhones) for facility and staff > member which allows them to bypass the web login page. I would like to > continue this using the WISM and WCS. We currently do not use encryption on > our network, but plan on enforcing WPA/WPA2 (using Cisco RADIUS SE) for all > SSIDs, except for our visitors and other guests. > > > > We would like to continue using web authentication bypass for facility > and staff but require them to use WPA/WPA2 and their domain credentials. The > question I have is as follows. How can I accomplish this? Do I need to > create a separate SSID that restricts access via ones MAC? Or is there > another method that would work? > > > > Thanks > > > > Mike > > > > > > *v/r* > > * * > > *Michael M. Williams* > > Network Systems Analyst > > Information Technology Services > > Tarleton State University > > Box T-0220 > > Stephenville, TX > > Tel: (254) 968-1850 > > Fax: (254) 968-9393 > > [email protected] > > > > > > > > > > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
