We have:
- Open wireless SSID for onboarding only. SMS text message credentials. Soon to add .mobileconfig one click provisioning feature. - Single WPA2 enterprise SSID for student, staff, guests - Freeradius detects ldap attributes and steers user groups towards certain vlans which leads to specific access permissions (controlled by router acls and firewall rules). - eduroam - Freeradius again steers folks based upon role It has served us fairly well and I personally love not having an open network for anything besides onboarding (plus we think it meets HEOA compliance). The one click provisioning should alleviate the last of the usability complaints (hopefully). Adam Temple University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.