That setup is similar to what we're doing - if any of our @rice.edu users join the eduroam, we then assign them in either the 'staff/faculty' or 'student' role/VLAN group which maps to a specific MPLS/VPN. If someone from @*.edu joins, they get assigned to our 'visitor' role/VLAN group which also maps to our visitor MPLS/VPN.
We've been considering this problem as part of our eduroam deployment (we're still in the configuring and testing stage, no services offered yet), and we decided one of our goals would be that instead of trying to force students to pick the right one, that we would instead configure the network side so that our users didn't have to care. Remember that the identity provided for eduroam has the university name as the realm. Our plan is to take any users that identify with our realm of wpi..edu to the eduroam SSID, and send back a RADIUS attribute that drops them on the same VLAN as our primary university SSID. (In our case we're also keying off of the client MAC address and correlating with our IPAM registration database, but that's an optional extra step.) That way any of our users can connect to either the university SSID or eduroam and get exactly the same connectivity, while any external eduroam guests get dropped onto our guest VLAN. Simple, clean, and completely transparent to our users. Frank Sweetser fs at wpi.edu | For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 03/10/2014 11:51 AM, Linchuan Yang wrote: > Dear All > > Good morning. We noticed that most our iphone clients connect to the "eduroam" > SSID automatically when they step into the campus (not our normal SSID > for students, faculty, and staff). And the encryption and security > settings are same between these two SSIDs. These clients have to > manually change the wireless configuration on the iphones, and they can connect to our normal SSID. > > We are using Cisco WLCs, and other devices (e.g. laptops, Android, > etc.) do not have this problem. > > Do you have the similar issue with your wireless network? Is there any > connection strategies of iphone? > > Thank you, and have a nice day. > > Yours, > > Linchuan Yang (Antony) > > Wireless Networking Analyst > Network Assessment and Integration, > IITS-Concordia University > Tel: (514)848-2424 ext. 7664 > > ********** Participation and subscription information for this > EDUCAUSE Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. !DSPAM:911,531de9ef44331645698605! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
