We have a separate address space (Class B private) for wireless. We also use IAS policies on 802.1x to place students in a separate subclass within it. The student wlan has an ACL that protects our AD domain resources from unprotected machines.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Entwistle, Bruce Sent: Wednesday, June 08, 2011 5:55 PM To: [email protected] Subject: [WIRELESS-LAN] Wireless design We will soon be migrating our wireless network from Cisco autonomous 1231 APs to a combination of Cisco 3502i along with some of the existing 1231 APs converted to lightweight. As we prepare for this we are looking at how to best architect the new network. The new network will cover the entire campus which consists of approx 50 buildings, with each building having its' own VLAN. The initial idea was to install the APs so the IP address of the AP would be a part of the local building VLAN. This is the IP the AP would use to talk back to the controller. For user connections there would be two VLANs created which would be accessed through a single SSID. The users would then be dynamically assigned to one of the two VLANs based on their logon credentials. Currently all users are placed on the same VLAN after authentication, as our current installation is not capable of dynamic VLAN assignment. There is currently only a single SSID in place. I would be interested to know what other have done and how successful it was. Thank you Bruce Entwistle Network Manager University of Redlands ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
