>From the outset of our deployment, we designed our guest network to discourage the faculty/staff/students from using it. We did a number of things to ensure this:
1) Session timeout was 4 hours. After 4 hours, the user has to 'Agree' to our AUP again. This is enough time for a sales rep / presenter to do their thing, but makes it hard to use it as your only Internet access. 2) Access lists on our router allow only ports 80 and 442, plus DNS and DHCP. Also, the access lists BLOCK access to any Macalester service (email, Moodle, website, etc). We have had no push-back on this, with the exception of one request to make the session time longer because of a conference on campus. Tim Payne, CISSP, CISM, CCNA Network Administrator Macalester College On Tue, Sep 15, 2009 at 1:50 PM, Williams, Mr. Michael <[email protected]> wrote: > We purchased a Cisco WISM and the WCS software to form a centralized > wireless network. We are planning on putting it into production during the > next semester break. Most of our FAT APs (80+)have been upgraded and are > now controlled by the WISM. We currently only have one SSID (no > encryption) with all network traffic feeding into out Bluesocket > authentication gateway. We plan on setting up multiple networks, one for > encrypted access and another for guest access. > > The question I have is as follows: How do most folks handle guest > access? I want to create a guest VLAN and restricted access to the internet > only (DNS, HTTPS, HTTP), but is this the best way to approach this? > > > > My users just use their network credentials to access to wireless > network, I want to encourage (force) them to use the new encrypted network. > My intent is to configure the current SSID to require WPA/WPA2 and create a > new SSID for guest access, this should steer most folks towards the > encrypted network. > > > > Any lessons learned on guest access you would like to share? > > > > Thanks > > > > Mike > > > > v/r > > > > Michael M. Williams > > Network Systems Analyst > > Information Technology Services > > Tarleton State University > > 201st St. Felix Str. > > Box T-0220 > > Stephenville, TX > > Tel: (254) 968-1850 > > Fax: (254) 968-9393 > > [email protected] > > > > > > > > > > > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
