We have two main services for staff and students: a wpa2/wpa service (802.1x mschap v2 etc), and a web portal service. Staff and students can log into either service, but the web portal essentially only allows http, https, dns and dhcp ports through. The wpa/wpa2 service allows everything which is mandated by the eduroam (http://www.eduroam.org/) educational roaming service. There are per user bandwidth restrictions enforced on both services, with the web portal a lot more restrictive. Experienced has shown that 85% of users use the web portal service, and only 15 % the secure wpa2 service. The common complaint is that the instructions to join the wpa2 service are too complicated/too long to follow, which I'm just seeking to solve with some software from a third party vendor.
For guests we offer a web portal based service, and various IT staff, IT Helpdesks, receptionists and secretaries on our campus can all issue time limited accounts for this service. They can choose from a drop down list of pre-configured "time periods" the longest of which being 1 month. Anything over a month we consider a visitor should register as a visiting academic and pay to use our services. The guest service has generally worked quite well, with the biggest complaint being that we are quite restrictive with what people can access on the service. Many Thanks Peter Peter Methven. MBCS, BENG (Hons) Network Specialist Computer Centre (The Allen McTernan Building) Heriot-Watt University Edinburgh EH14 4AS Telephone: +44 (0)131 4513516 / 07774 427548 Email [email protected] <mailto:[email protected]> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Williams, Mr. Michael Sent: 15 September 2009 19:50 To: [email protected] Subject: [WIRELESS-LAN] Guest WLAN Configuration We purchased a Cisco WISM and the WCS software to form a centralized wireless network. We are planning on putting it into production during the next semester break. Most of our FAT APs (80+)have been upgraded and are now controlled by the WISM. We currently only have one SSID (no encryption) with all network traffic feeding into out Bluesocket authentication gateway. We plan on setting up multiple networks, one for encrypted access and another for guest access. The question I have is as follows: How do most folks handle guest access? I want to create a guest VLAN and restricted access to the internet only (DNS, HTTPS, HTTP), but is this the best way to approach this? My users just use their network credentials to access to wireless network, I want to encourage (force) them to use the new encrypted network. My intent is to configure the current SSID to require WPA/WPA2 and create a new SSID for guest access, this should steer most folks towards the encrypted network. Any lessons learned on guest access you would like to share? Thanks Mike v/r Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University 201st St. Felix Str. Box T-0220 Stephenville, TX Tel: (254) 968-1850 Fax: (254) 968-9393 [email protected] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Heriot-Watt University is a Scottish charity registered under charity number SC000278. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
