Easiest and most effective thing to block is your single sign-on page J.
* * *Tim Cappalli, *Network Engineer LTS | Brandeis University x67149 | (617) 701-7149 [email protected] *From:* Jeff Kell [mailto:[email protected]] *Sent:* Tuesday, June 04, 2013 8:29 PM *To:* The EDUCAUSE Wireless Issues Constituent Group Listserv *Cc:* Tim Cappalli *Subject:* Re: [WIRELESS-LAN] Non-802.1x devices on wireless... On 6/4/2013 8:20 PM, Tim Cappalli wrote: We restrict some services on open. Also, as part of the registration process, their device will be configured for eduroam and the open SSID will be removed from their network list. They could hop back on if they want. It's their choice. If you have an open SSID, just be sure to make the service "suck" just enough that anyone that can use the proper SSIDs, will want to use the proper SSIDs. You can restrict ports, protocols, bandwidth, whatever it takes; but it has to be just adequate to cover the "guest" demands and just inadequate enough to push your real users to your real SSID. If you don't impose some restrictions, they'll use the "easiest connection" everytime. Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
