We have a guest SSID , that forces clients to click on our acceptable use policy before access is granted. We've also restricted the access of our guest SSID to off campus resources only. (If you have credentials we expect our clients to use them.) Finally we rate limit wireless clients associated to the Guest subnet in our packet shapers to manage bandwidth usage. Another cool feature that we've played with is the ability to extend the guest access functionality/web page click through to wired ports. Looks like you're on the right track so far.
-----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of WIRELESS-LAN automatic digest system Sent: Wednesday, September 16, 2009 12:00 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: WIRELESS-LAN Digest - 9 Sep 2009 to 15 Sep 2009 (#2009-173) There are 3 messages totalling 829 lines in this issue. Topics of the day: 1. Guest WLAN Configuration (3) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ---------------------------------------------------------------------- Date: Tue, 15 Sep 2009 13:50:03 -0500 From: "Williams, Mr. Michael" <mmwilli...@tarleton.edu> Subject: Guest WLAN Configuration --_000_BAEEEF00486084429FE7458B7FA114B30376FB34B6exchange02tar_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable We purchased a Cisco WISM and the WCS software to form a centralized = wireless network. We are planning on putting it into production during the= next semester break. Most of our FAT APs (80+)have been upgraded and are = now controlled by the WISM. We currently only have one SSID (no encryptio= n) with all network traffic feeding into out Bluesocket authentication gate= way. We plan on setting up multiple networks, one for encrypted access and= another for guest access. The question I have is as follows: How do most folks handle guest acces= s? I want to create a guest VLAN and restricted access to the internet onl= y (DNS, HTTPS, HTTP), but is this the best way to approach this? My users just use their network credentials to access to wireless netwo= rk, I want to encourage (force) them to use the new encrypted network. My = intent is to configure the current SSID to require WPA/WPA2 and create a n= ew SSID for guest access, this should steer most folks towards the encrypte= d network. Any lessons learned on guest access you would like to share? Thanks Mike v/r Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University 201st St. Felix Str. Box T-0220 Stephenville, TX Tel: (254) 968-1850 Fax: (254) 968-9393 mmwilli...@tarleton.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --_000_BAEEEF00486084429FE7458B7FA114B30376FB34B6exchange02tar_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro= soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40"; = xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/"; xmlns:rtc=3D"http://m= icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://= schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share= point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel= /2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd"; xmlns:ois= =3D"http://schemas.microsoft.com/sharepoint/soap/ois/"; xmlns:dir=3D"http://= schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3= .org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint= /dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"; xmlns:xsd=3D"http= ://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha= repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"= xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/"; xmlns:sps=3D"http://= schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001= /XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so= ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"; xmlns:udc= p2p=3D"http://schemas.microsoft.com/data/udc/parttopart"; xmlns:wf=3D"http:/= /schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche= mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi= crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat= s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf= ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c= om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa= ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web= partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20= 06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200= 6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli= deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal= Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:= st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal> We purchased a Cisco WI= SM and the WCS software to form a centralized wireless network. We are plann= ing on putting it into production during the next semester break. Most of ou= r FAT APs (80+)have been upgraded and are now controlled by the WISM. &= nbsp;We currently only have one SSID (no encryption) with all network traffic feedi= ng into out Bluesocket authentication gateway. We plan on setting up mul= tiple networks, one for encrypted access and another for guest access. <o:p= ></o:p></p> <p class=3DMsoNormal> The question I have is as follows: = How do most folks handle guest access? I want to create a guest VLAN and restricted access to the internet only (DNS, HTTPS, HTTP), but is this the = best way to approach this? <o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal> My users just use their network credentia= ls to access to wireless network, I want to encourage (force) them to use t= he new encrypted network. My intent is to configure the current SS= ID to require WPA/WPA2 and create a new SSID for guest access, this should ste= er most folks towards the encrypted network. <o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal> Any lessons learned on guest access you w= ould like to share? <o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal> Thanks<o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal>Mike<o:p></o:p></p> <p class=3DMsoNormal><o:p> </o:p></p> <p class=3DMsoNormal><i><span style=3D'font-family:"Arial","sans-serif"'>v/= r<o:p></o:p></span></i></p> <p class=3DMsoNormal><b><i><span style=3D'font-size:12.0pt;font-family:"Ari= al","sans-serif"; color:#5F497A'><o:p> </o:p></span></i></b></p> <p class=3DMsoNormal><b><i><span style=3D'font-size:12.0pt;font-family:"Ari= al","sans-serif"; color:#5F497A'>Michael M. Williams<o:p></o:p></span></i></b></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Network Systems Analyst<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Information Technology Services<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Tarleton State University<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>201st St. Felix Str.<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Box T-0220<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Stephenville, TX<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Tel: (254) 968-1850<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>Fax: (254) 968-9393<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'>mmwilli...@tarleton.edu<o:p></o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><span style=3D'font-size:12.0pt;font-family:"Arial","s= ans-serif"'><o:p> </o:p></span></p> <p class=3DMsoNormal><o:p> </o:p></p> </div> </body> </html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. <p> --_000_BAEEEF00486084429FE7458B7FA114B30376FB34B6exchange02tar_-- ------------------------------ Date: Tue, 15 Sep 2009 14:14:07 -0500 From: Justin Hao <j...@tamu.edu> Subject: Re: Guest WLAN Configuration <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Howdy,<br> <br> We sell the encrypted (wpa/wpa2) network to our users as being safer, faster, and less hassle (configuring it in windows/etc to auto-login etc.). Our guest ssid forces users to a web portal where they still have to login manually with an pre-assigned guest id/password before having access to the network. We don't allow our regular users to authenticate using the guest ssid at all anymore except in special situations. We currently avoid any type of wide open guest access because that limits our ability to track security concerns and address user complaints/troubleshooting.<br> <br> Also, depending on how your users are accustomed to authenticating against wireless (your bluesocket solution is a NAC/web portal right?), a transition period (and possibly a new ssid indicating wpa required) would probably be best for you (and your helpdesk's sanity) so you don't have every user suddenly asking for help setting up wpa or asking why the wireless isn't working. We also provide our users reference pages for configuring wpa across a variety of OSes/platforms and you may want to considering getting similar documentation available to your users and support staff before asking them to setup wpa on their own.<br> <br> Our own ssid configuration consists of 3 primary ssids, our wpa secure, a guest ssid with web authentication, and a wide open "help" ssid that only allows access to a website help destination with general wireless information and documentation on how to configure wpa/wpa2.<br> <pre class="moz-signature" cols="72">-- Justin Hao Network Engineer Texas A&M University Networking and Information Security <a class="moz-txt-link-abbreviated" href="mailto:j...@tamu.edu";>j...@tamu.edu</a> (979)862-2162</pre> <br> PS - I would avoid supporting TKIP from the get-go if you're going to establish WPA/WPA2 policies, most non-archaic wireless drivers/clients should support wpa-aes at the very least and tkip should be considered compromised similar to wep.<br> <br> Williams, Mr. Michael wrote: <blockquote cite="mid:baeeef00486084429fe7458b7fa114b30376fb3...@exchange02.tarleton.edu" type="cite"> <meta http-equiv="Content-Type" content="text/html; "> <meta name="Generator" content="Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1" /> </o:shapelayout></xml><![endif]--> <div class="Section1"> <p class="MsoNormal"> We purchased a Cisco WISM and the WCS software to form a centralized wireless network. We are planning on putting it into production during the next semester break. Most of our FAT APs (80+)have been upgraded and are now controlled by the WISM. We currently only have one SSID (no encryption) with all network traffic feeding into out Bluesocket authentication gateway. We plan on setting up multiple networks, one for encrypted access and another for guest access. <o:p></o:p></p> <p class="MsoNormal"> The question I have is as follows: How do most folks handle guest access? I want to create a guest VLAN and restricted access to the internet only (DNS, HTTPS, HTTP), but is this the best way to approach this? <o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"> My users just use their network credentials to access to wireless network, I want to encourage (force) them to use the new encrypted network. My intent is to configure the current SSID to require WPA/WPA2 and create a new SSID for guest access, this should steer most folks towards the encrypted network. <o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"> Any lessons learned on guest access you would like to share? <o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"> Thanks<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Mike<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><i><span style="font-family: "Arial","sans-serif";">v/r<o:p></o:p></span></i></p> <p class="MsoNormal"><b><i><span style="font-size: 12pt; font-family: "Arial","sans-serif"; color: rgb(95, 73, 122);"><o:p> </o:p></span></i></b></p> <p class="MsoNormal"><b><i><span style="font-size: 12pt; font-family: "Arial","sans-serif"; color: rgb(95, 73, 122);">Michael M. Williams<o:p></o:p></span></i></b></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Network Systems Analyst<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Information Technology Services<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Tarleton State University<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">201st St. Felix Str.<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Box T-0220<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Stephenville, TX<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Tel: (254) 968-1850<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";">Fax: (254) 968-9393<o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><a class="moz-txt-link-abbreviated" href="mailto:mmwilli...@tarleton.edu";>mmwilli...@tarleton.edu</a><o:p></o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><span style="font-size: 12pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p> <p class="MsoNormal"><o:p> </o:p></p> </div> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at <a class="moz-txt-link-freetext" href="http://www.educause.edu/groups/";>http://www.educause.edu/groups/</a>. <p></p> </blockquote> <br> <pre class="moz-signature" cols="72">-- Justin Hao Network Engineer Texas A&M University Networking and Information Security <a class="moz-txt-link-abbreviated" href="mailto:j...@tamu.edu";>j...@tamu.edu</a> (979)862-2162</pre> </body> </html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. <p> ------------------------------ Date: Tue, 15 Sep 2009 14:34:07 -0500 From: "Cantu, George" <gca...@uiwtx.edu> Subject: Re: Guest WLAN Configuration --_000_9046A185751F594BA872592AEFFF33AE5994C8B966MAILCMS1aduiw_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable For guest access, we installed a wlc-4402 in our DMZ and use the guest ssid= to allow 'guests' to access the internet. We allowed our HD to create acc= ounts using the lobby ambassador account. Users seeking guest access simpl= y visit our HD where they in turn create the accounts for a set limited tim= e. All of our other users use the ssid's we created for network access usi= ng both WEP and WPA via Web Authentication against our Radius servers. Thank You, George A Cantu 210.829.6002 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIREL= ess-...@listserv.educause.edu] On Behalf Of Williams, Mr. Michael Sent: Tuesday, September 15, 2009 1:50 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Guest WLAN Configuration We purchased a Cisco WISM and the WCS software to form a centralized = wireless network. We are planning on putting it into production during the= next semester break. Most of our FAT APs (80+)have been upgraded and are = now controlled by the WISM. We currently only have one SSID (no encryptio= n) with all network traffic feeding into out Bluesocket authentication gate= way. We plan on setting up multiple networks, one for encrypted access and= another for guest access. The question I have is as follows: How do most folks handle guest acces= s? I want to create a guest VLAN and restricted access to the internet onl= y (DNS, HTTPS, HTTP), but is this the best way to approach this? My users just use their network credentials to access to wireless netwo= rk, I want to encourage (force) them to use the new encrypted network. My = intent is to configure the current SSID to require WPA/WPA2 and create a n= ew SSID for guest access, this should steer most folks towards the encrypte= d network. Any lessons learned on guest access you would like to share? Thanks Mike v/r Michael M. Williams Network Systems Analyst Information Technology Services Tarleton State University 201st St. Felix Str. Box T-0220 Stephenville, TX Tel: (254) 968-1850 Fax: (254) 968-9393 mmwilli...@tarleton.edu ********** Participation and subscription information for this EDUCAUSE Con= stituent Group discussion list can be found at http://www.educause.edu/grou= ps/. ________________________________ This email and any files transmitted with it may be confidential or contain= privileged information and are intended solely for the use of the individu= al or entity to which they are addressed. If you are not the intended recip= ient, please be advised that you have received this email in error and that= any use, dissemination, forwarding, printing, or copying of this email and= any attachments is strictly prohibited. If you have received this email in= error, please immediately delete the email and any attachments from your s= ystem and notify the sender. Any other use of this e-mail is prohibited. Th= ank you for your compliance. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. --_000_9046A185751F594BA872592AEFFF33AE5994C8B966MAILCMS1aduiw_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m= icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office= :access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"= uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof= t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co= m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee= t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns= :odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro= soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40"; = xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/"; xmlns:rtc=3D"http://m= icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://= schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share= point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel= /2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd"; xmlns:ois= =3D"http://schemas.microsoft.com/sharepoint/soap/ois/"; xmlns:dir=3D"http://= schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3= .org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint= /dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"; xmlns:xsd=3D"http= ://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha= repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"= xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/"; xmlns:sps=3D"http://= schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001= /XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so= ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"; xmlns:udc= p2p=3D"http://schemas.microsoft.com/data/udc/parttopart"; xmlns:wf=3D"http:/= /schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche= mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi= crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat= s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf= ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c= om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa= ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web= partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/20= 06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/200= 6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/Sli= deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPortal= Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:= st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= > <meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)"> <style> <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4;} @font-face {font-family:Magneto; panose-1:4 3 8 5 5 8 2 2 13 2;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} p {mso-style-priority:99; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman","serif";} span.EmailStyle17 {mso-style-type:personal; font-family:"Calibri","sans-serif"; color:windowtext;} span.EmailStyle19 {mso-style-type:personal-reply; font-family:"Calibri","sans-serif"; color:#1F497D;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"Section1"> <p class=3D"MsoNormal"><span style=3D"color:#1F497D">For guest access, we i= nstalled a wlc-4402 in our DMZ and use the guest ssid to allow ‘guest= s’ to access the internet. We allowed our HD to create accounts= using the lobby ambassador account. Users seeking guest access simply visit our HD where they in turn create the accounts for a se= t limited time. All of our other users use the ssid’s we create= d for network access using both WEP and WPA via Web Authentication against = our Radius servers. <o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa= n></p> <div> <p class=3D"MsoNormal"><span style=3D"color:#1F497D">Thank You,<o:p></o:p><= /span></p> <p class=3D"MsoNormal"><span style=3D"font-family:Magneto;color:#1F497D"><o= :p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-family:Magneto;color:#1F497D">Ge= orge A Cantu<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:#1F497D">210.829.6002<o:p></o:p= ></span></p> </div> <p class=3D"MsoNormal"><span style=3D"color:#1F497D"><o:p> </o:p></spa= n></p> <div> <div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in = 0in 0in"> <p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:"= ;Tahoma","sans-serif"">From:</span></b><span style=3D"font-s= ize:10.0pt;font-family:"Tahoma","sans-serif""> The EDUC= AUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listse= RV.EDUCAUSE.EDU] <b>On Behalf Of </b>Williams, Mr. Michael<br> <b>Sent:</b> Tuesday, September 15, 2009 1:50 PM<br> <b>To:</b> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<br> <b>Subject:</b> [WIRELESS-LAN] Guest WLAN Configuration<o:p></o:p></span></= p> </div> </div> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"> We purchased a Cisco = WISM and the WCS software to form a centralized wireless network. We = are planning on putting it into production during the next semester break.&= nbsp; Most of our FAT APs (80+)have been upgraded and are now controlle= d by the WISM. We currently only have one SSID (no encryption) w= ith all network traffic feeding into out Bluesocket authentication gateway.= We plan on setting up multiple networks, one for encrypted access an= d another for guest access. <o:p></o:p></p> <p class=3D"MsoNormal"> The question I have is as follows: = ; How do most folks handle guest access? I want to create a guest VLA= N and restricted access to the internet only (DNS, HTTPS, HTTP), but is thi= s the best way to approach this? <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"> My users just use their network credent= ials to access to wireless network, I want to encourage (force) them = to use the new encrypted network. My intent is to configure the curre= nt SSID to require WPA/WPA2 and create a new SSID for guest access, this should steer most folks towards the encrypted network. = <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"> Any lessons learned on guest access you= would like to share? <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"> Thanks<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Mike<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><i><span style=3D"font-family:"Arial",&quo= t;sans-serif"">v/r<o:p></o:p></span></i></p> <p class=3D"MsoNormal"><b><i><span style=3D"font-size:12.0pt;font-family:&q= uot;Arial","sans-serif"; color:#5F497A"><o:p> </o:p></span></i></b></p> <p class=3D"MsoNormal"><b><i><span style=3D"font-size:12.0pt;font-family:&q= uot;Arial","sans-serif"; color:#5F497A">Michael M. Williams<o:p></o:p></span></i></b></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Network Systems Analyst<o:p></o:p></span>= </p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Information Technology Services<o:p></o:p= ></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Tarleton State University<o:p></o:p></spa= n></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">201st St. Felix Str.<o:p></o:p></span></p= > <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Box T-0220<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Stephenville, TX<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Tel: (254) 968-1850<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">Fax: (254) 968-9393<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif"">mmwilli...@tarleton.edu<o:p></o:p></span>= </p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ar= ial","sans-serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif"">********** Participation and subscri= ption information for this EDUCAUSE Constituent Group discussion list can b= e found at http://www.educause.edu/groups/. <o:p></o:p></span></p> </div> <br> <hr> <font face=3D"Arial" color=3D"Gray" size=3D"1">This email and any files tra= nsmitted with it may be confidential or contain privileged information and = are intended solely for the use of the individual or entity to which they a= re addressed. If you are not the intended recipient, please be advised that you have received this email in error an= d that any use, dissemination, forwarding, printing, or copying of this ema= il and any attachments is strictly prohibited. If you have received this em= ail in error, please immediately delete the email and any attachments from your system and notify the sende= r. Any other use of this e-mail is prohibited. Thank you for your complianc= e.<br> </font> </body> </html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. <p> --_000_9046A185751F594BA872592AEFFF33AE5994C8B966MAILCMS1aduiw_-- ------------------------------ End of WIRELESS-LAN Digest - 9 Sep 2009 to 15 Sep 2009 (#2009-173) ****************************************************************** ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
