We do basically the same with Aruba using Radius/LDAP. Two ssid¹s-> captive portal and WPA2, four identities -> student, staff, faculty and guest. Different rules and access based on ssid and identity. Geographically independent and scales across my campus thanks to vlan pools and VAP¹s.
Don Wright CIS - NTG Brown University On 9/18/09 6:02 PM, "Rigdon, Dennis" <[email protected]> wrote: > Given the fact that there is a broadcast payload, not only for each ESSID on > the wireless side, but also for the Ethernet broadcast domain, we¹ve taken > measures to segment wireless clients without increasing the number of ESSIDs. > We have an Aruba Wireless solution > We have only two ESSIDs one for Faculty/Staff/Students on WPA2 and one for > Wireless Guests open. We further segment the OKCU wireless users into > VLANS/Subnets based upon their function or discipline. We have separate > subnets for Business, Nursing, Art-Sci, Music both Faculty and Students. The > Aruba controller assigns a VLAN at authentication based upon AD Group > Membership the VLAN via RADIUS. > This allows the client to maintain their IP address as they move across the > campus. It also allows us to provide or restrict access to network resources > to logical groups of users already established in AD. > Guests client are divided into a pool of VLANs with limited bandwidth and WEB > traffic only. > > Dennis Rigdon, MCSE > Asst. Dir. Campus Technology - Network Services > Okla. City Univ. > 405-208-5849 > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Jamie Savage > Sent: Friday, September 18, 2009 2:33 PM > To: [email protected] > Subject: [WIRELESS-LAN] separating 'types' of users > > Hi, > We're entertaining the idea of providing separate wireless services to our > academic and admin communities. Currently, we have a single SSID that we > broadcast campus-wide that everyone uses. We could simply provide separate > SSIDs or perhaps provide separate SSIDs on separate channels (ie...RF > separation of services as well). I presume there are other methods in use out > there?? I'd be interested in hearing what others are doing in this regard. > > ..........thanks in advance..............J > > James Savage York University > Senior Communications Tech. 108 Steacie Building > [email protected] 4700 Keele Street > ph: 416-736-2100 ext. 22605 Toronto, Ontario > fax: 416-736-5830 M3J 1P3, CANADA ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
