We use our open SSID for clients to register non-802.1X devices or provision 802.1X with Cloudpath XpressConnect. Unregistered devices are captured using a combination of DHCP & DNS redirection. With our Aruba wireless, we redirect all DNS traffic to our captive portal DNS server, only allowing the outside access needed to provision the clients. You need a user account to register devices.
For Registered non-802.1X devices, we block our website & our Blackboard servers, since non-802.1X devices should not need those. Our current Guest wireless has a policy accept portal page and bandwidth speed restrictions to encourage the use of other SSIDS, Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 From: Jeff Kell [mailto:[email protected]] Sent: Tuesday, June 4, 2013 8:29 PM Subject: Re: Non-802.1x devices on wireless... On 6/4/2013 8:20 PM, Tim Cappalli wrote: We restrict some services on open. Also, as part of the registration process, their device will be configured for eduroam and the open SSID will be removed from their network list. They could hop back on if they want. It's their choice. If you have an open SSID, just be sure to make the service "suck" just enough that anyone that can use the proper SSIDs, will want to use the proper SSIDs. You can restrict ports, protocols, bandwidth, whatever it takes; but it has to be just adequate to cover the "guest" demands and just inadequate enough to push your real users to your real SSID. If you don't impose some restrictions, they'll use the "easiest connection" everytime. Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
